From patchwork Mon Oct 11 16:24:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550501 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6D16C433EF for ; Mon, 11 Oct 2021 16:26:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8C52C60E8B for ; Mon, 11 Oct 2021 16:26:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231976AbhJKQ2X (ORCPT ); Mon, 11 Oct 2021 12:28:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43944 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231972AbhJKQ2X (ORCPT ); Mon, 11 Oct 2021 12:28:23 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D39FC061570 for ; Mon, 11 Oct 2021 09:26:23 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id a25so54087124edx.8 for ; Mon, 11 Oct 2021 09:26:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=AX5qh+ur3qJAl3DtWyHZtpg/G37EwbOeU+AeMnO9V0o=; b=pnOd0iVbfnT8nhNQs9vBRuzGaJ3FrU7uD2qrFOijhj30Sw1QD+l+6aKFigJ6dVQORR xlxKaVps4fjqSmqDuhS08E5KgChDQ2Ju8zt95gFpP6aNM9cCxe6lB3e+MhAftMdv/suk 1S28MmTQALbSUW5k8TUeZ5/qAjjwon/tH5hdOJGRCIG7x/aIe1PN0ZLdnd1ezQeNo1yf AxAv6Uj2i/yIPa8t1VHAPzkV2bKXBXLPkjBUBk79ZildkpB9BPlcBZXM6ce1Cq87+XyW GiiWyJndlfRISSavXTvl9OoWeR6uvJMJ85HHjXLu0N2afpRlf17IlShOtI1PSPDiMv0u 1S0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AX5qh+ur3qJAl3DtWyHZtpg/G37EwbOeU+AeMnO9V0o=; b=gY6ktqYidUkDOYs9wuGo62j1xyA1s0UQbuGWPNET+bqW5ookErATD1/tzTUIbBZjM5 MVj1jV8eQkCQ/3xytARhyPK4mNm14CpuE5e0IAybkBvqxt/KkbGqMmgze/YnyubzVfN0 Tf2btyvwsqFP+QXDfcNCKQUtGJ0ecukT6vwEcLZVzJIjZQK4+xZ+H1JNeylN8QH074LL vgrNb8SkqeN/KnkQOAqg9bNMj6QS5h6jBA/rKIH5h0RaSX0Vw0KR781pQaHJkVBE2eAq 53k2Pc9pJ35GnC3kWRPmcwdQxF1p4abWVAP0SEMdHvbrneagl2GLVbLt+uP2YPuz5dQR krow== X-Gm-Message-State: AOAM530DjQYSMo78gZgQGM/4ok61bUMM8AnBs/4V87pYKf61pIKaEIi1 wYtgkhcOEbM1uhEBNsdNbjMVIWoV1e0= X-Google-Smtp-Source: ABdhPJyhnF/VpKlPkuH47BsqxMpDnJWFaO26J75XkalgE4l3rU6aVmcaQbxA0ss/IN9YiG1ADc5yfA== X-Received: by 2002:a05:6402:2805:: with SMTP id h5mr38363456ede.169.1633969581824; Mon, 11 Oct 2021 09:26:21 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:21 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 01/35] cifuzz: enable report-unreproducible-crashes Date: Mon, 11 Oct 2021 18:24:59 +0200 Message-Id: <20211011162533.53404-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Fail and report unreproducible fuzzing crashes and leaks. Such failures are probably related to some global state not properly reset in the fuzzer and can cause OSS-Fuzz to report flaky issues. Suggested-by: Evgeny Vereshchagin Signed-off-by: Christian Göttsche --- .github/workflows/cifuzz.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 5c2233a2..b28eb71a 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -30,6 +30,7 @@ jobs: oss-fuzz-project-name: 'selinux' fuzz-seconds: 180 dry-run: false + report-unreproducible-crashes: true sanitizer: ${{ matrix.sanitizer }} - name: Upload Crash uses: actions/upload-artifact@v1 From patchwork Mon Oct 11 16:25:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550507 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22D7BC433FE for ; Mon, 11 Oct 2021 16:26:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 07F4060EE5 for ; Mon, 11 Oct 2021 16:26:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231972AbhJKQ2Y (ORCPT ); Mon, 11 Oct 2021 12:28:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231985AbhJKQ2X (ORCPT ); Mon, 11 Oct 2021 12:28:23 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACE3FC06161C for ; Mon, 11 Oct 2021 09:26:23 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id y12so57077914eda.4 for ; Mon, 11 Oct 2021 09:26:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=eLGqKUjK5nSjB1Rtz/tWvBO4jtl/hk0LYWvknVN6Q7A=; b=VaGA4P1WTnxrdkdc4Yf6EhbRM61NT0xTMPYUCsJ4QyskZkOvBOF7P2V0OZu6sRJ1Zy ILMzdYw7dvyeBEezfuqp7aJ6kvD9MxBFj5RK5mUEtvIokudXbj2dR97JxGFQIL0lnGu5 7lSoSonQtCqPjG8LXliqG13SwLVbWEhLEizlC4oRPijEnuQEdm8H1N8TwzxOXDUObBqg Zv9hSOI8WB+ZzMPIiy7osEhXLSt9RsKIoX1Em8Ev1DBUZdQ+cQhucRULnVW/XpfPuTIr oOMw8HMltruWnygPdxb4TXPUwSdt5hJ/WP4m5KdibiMzL7r5kqUJakRT/MjrfeQmJWmY yR7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eLGqKUjK5nSjB1Rtz/tWvBO4jtl/hk0LYWvknVN6Q7A=; b=oRjpnOvgfIkoDKKo2RVsts5JZAXvfP4haNwqADUKFF/y7HhGxMJOLv/3vz8+pdfDKI WaXMb2YDNnpsr5v4az8Q1MlW+siZyrnXzDDGsnUGDyE8j2H5JUGDyNfHWIR1VO5S2er2 MVN3bRbYgVesOYKi5y0W4aYg1XgwcZb2jX5APRyZs2W6nh2H08ovceEk+w+jJ1xQ/4AG 58RchoYdkKo1sqH/rMOY1re5RQB8SlbhyXT+/9RDbJMI0AtHVdXtfQWDl6+JT+WNTgyG FB+q6L7Sxkv4DdJnklhuGIwEsisjryWEL3xZKFG9el/u6fToI0RP8Grtg7mu8lZXBWvo dAxA== X-Gm-Message-State: AOAM531tj/+6HHqXP7aArqC+z92OS6BArtnMfCKVOZsc2jQLOo/nyF8M 9E6CmUtb2TrPCOnLux4QykgeIV3EWcU= X-Google-Smtp-Source: ABdhPJwWLxlUjhN30GKhS3SvwZ8UOnVn5PJz0SbeZnMdyfExI86D5Ah91OKaVdt3a/DCST+le32FAg== X-Received: by 2002:a17:906:608e:: with SMTP id t14mr26408141ejj.441.1633969582309; Mon, 11 Oct 2021 09:26:22 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:22 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 02/35] cifuzz: use the default runtime of 600 seconds Date: Mon, 11 Oct 2021 18:25:00 +0200 Message-Id: <20211011162533.53404-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The default runtime for CIFuzz is 600 seconds; use it. Since GitHub pull-requests are not the main contribution workflow the number of runs should be manageable. [1]: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ Signed-off-by: Christian Göttsche --- .github/workflows/cifuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index b28eb71a..92523db4 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -28,7 +28,7 @@ jobs: uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master with: oss-fuzz-project-name: 'selinux' - fuzz-seconds: 180 + fuzz-seconds: 600 dry-run: false report-unreproducible-crashes: true sanitizer: ${{ matrix.sanitizer }} From patchwork Mon Oct 11 16:25:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA08CC4332F for ; Mon, 11 Oct 2021 16:26:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A348D60EE5 for ; Mon, 11 Oct 2021 16:26:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231985AbhJKQ2Z (ORCPT ); Mon, 11 Oct 2021 12:28:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43950 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232035AbhJKQ2Y (ORCPT ); Mon, 11 Oct 2021 12:28:24 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 40A4DC061570 for ; Mon, 11 Oct 2021 09:26:24 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id p13so70634391edw.0 for ; Mon, 11 Oct 2021 09:26:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=IgE5SYce2CwKG9puNgGnknytYYE1jm0LddDlDYEBKPw=; b=dCwqjlI7HC+RMqSQEY1kqAznPW2WCE7cBFVz8/Vap28x/oXQi6BdXX061HfBwRaSFu hmR7We8PctSHlX308fmIV7JTuuoezvE9zyfNPDV0baKZm80roNicpHVw04qqq1bNV2GD uYY1aYkCHVAP/LQ/jfjt0VthSUFooBZ/G2ZjxNR1P9+yvl1sAHRmfVUUgkDitSy8mDga EIUTz6G6UtzjOJMnQnWvYRdC3DXx2AwbqvW1pWq++JINT4m0gwN274qpnBQz4O5ndZ+e HTwPIUhs+mTlHKYb9QxMbXH8hq0uQQ2exQ2jUGgkhww5GJA7TsN4DEE6ND+QyTFXwmkz Qa2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IgE5SYce2CwKG9puNgGnknytYYE1jm0LddDlDYEBKPw=; b=p/cVhARlNlt1E3EIRace++60drzNRHT5hUBSf8xjCoj34Iv7iWTWi4jI9h+BeXwf2z uIfWZgHwo5AQS1x8aCyeZVClceqcIHppVb6zYOJDVLUs7oylf6UlokJxmfYf5C9UdZLg ygbOzA8yeH/1idsZ44/9xy/VHfB7G4mDNOyOCISIp3KPjTwqFFWzl1GI/cl08T44jGF8 3Kn2iq2yRuzwPANydtxm991XfQDCFTJao2DPzjugkiag0LZJwugW5SuCVMPkwPJkJYFj cASQQ4Oj9KiOtWCs3J5nqdydzOHaeKMsVSswlIMrIHdyKHLF5GtUnf5+Rz5GektxHHcP hp9Q== X-Gm-Message-State: AOAM532wOFSq4bv63YZpV2FgcHt2Tg/IAvot/iTShXXImv6R58eo7cMN v8SaAQZnU4rhvgA60M+uUlbl10jEejA= X-Google-Smtp-Source: ABdhPJyek6mCx6rPnszyoiWG6aKniXVrrHGC+GvQtU/X80in06NiFOYQ+7+AkU/aq4FDHiWsv07zbg== X-Received: by 2002:a05:6402:1296:: with SMTP id w22mr20252044edv.390.1633969582788; Mon, 11 Oct 2021 09:26:22 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:22 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 03/35] libsepol/fuzz: silence secilc-fuzzer Date: Mon, 11 Oct 2021 18:25:01 +0200 Message-Id: <20211011162533.53404-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Do not output CIL log messages while fuzzing, since their amount are huge, e.g. for neverallow or typebounds violations. Signed-off-by: Christian Göttsche --- libsepol/fuzz/secilc-fuzzer.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libsepol/fuzz/secilc-fuzzer.c b/libsepol/fuzz/secilc-fuzzer.c index 255b3241..9a1a16de 100644 --- a/libsepol/fuzz/secilc-fuzzer.c +++ b/libsepol/fuzz/secilc-fuzzer.c @@ -8,6 +8,10 @@ #include #include +static void log_handler(__attribute__((unused)) int lvl, __attribute__((unused)) const char *msg) { + /* be quiet */ +} + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { enum cil_log_level log_level = CIL_ERR; struct sepol_policy_file *pf = NULL; @@ -24,6 +28,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { sepol_policydb_t *pdb = NULL; cil_set_log_level(log_level); + cil_set_log_handler(log_handler); cil_db_init(&db); cil_set_disable_dontaudit(db, disable_dontaudit); From patchwork Mon Oct 11 16:25:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550509 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C85F5C433F5 for ; Mon, 11 Oct 2021 16:26:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ADF4C60E8B for ; Mon, 11 Oct 2021 16:26:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232042AbhJKQ2Z (ORCPT ); Mon, 11 Oct 2021 12:28:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232016AbhJKQ2Z (ORCPT ); Mon, 11 Oct 2021 12:28:25 -0400 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C136CC06161C for ; Mon, 11 Oct 2021 09:26:24 -0700 (PDT) Received: by mail-ed1-x52a.google.com with SMTP id w19so10006043edd.2 for ; Mon, 11 Oct 2021 09:26:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=xajaQmopyTOLAu+vJNeq5dQLJ9VvvQH/FyCEGg7UM4s=; b=d8A0nrbPD7k7hx/HbThMndlBvMTqJnPgm7vrbJxwznhehSHWJPrAsRSKpENBxduDhW NEcRK6Ocf3orKyPcVaFmQPsXjuG3y9V93nQLuGCv07+R9FzxjPddCU9jFWmSaGX5J4Vd XwZDXz4QxY/hx2jndT1PFk20klHpytiwZ9/5161FEOc0gok8PuGxXXNRw8LUxE/SUFFL elFf+YiqPFZWe+rBD6b/smlk12WlGqBmFvz/aZcXe9CzdgQYpSLP6FSF1rhHeLmlSG7z 6aEIfcjqbW7gEywR9DYJEXv+ZJjgBWkX7q+aXAA2P9IRqtevKXOSg9WpDrfZvaN9tmgO ZNxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xajaQmopyTOLAu+vJNeq5dQLJ9VvvQH/FyCEGg7UM4s=; b=ejy0bOWR0UXyo9hkpBVS13z57OYTKZKXUhhZ9MTn/lweZsNKeZSRhaDkXKoRfBZWgQ ebgXoE3Pp5D7Ec7DKNI8dWgYDe8v/r7oJVKPedUrgnpIQU3zbTVm06AplJsJ73Pr2NMw 8wgqZDgXJAMl82Z4Ia0KGpknh8Vr2doXo+JE0Ag6YrYtY2ZuVG/DkNJR17Q/mBqRI1Sz 5IUuzwTTHEhvLvyhkJPeqWBbVYH1YQJNA9vAtwJet8VHnq/Ln7uNKHVIIM/khcm0ZuI+ rtnEkNxSvldu7thcc+UlAaXbAbgoc93KxkhPXpvmzjGAQEefTCsQRsZD8eDYJF6SSaW8 XYLw== X-Gm-Message-State: AOAM530Mm4VtaLbKINdboQDRjmeXG15BDTw6O7PRQ3wn2AFFogGfkH0t LpNdIWokhTxPxDToMT6KM4SZnvn4+A4= X-Google-Smtp-Source: ABdhPJywKDk5NUF9z/yLS5snwKuaSvnzVXYms1WGxgI0YdF09+Oc7IIopROj1JO2sJxwnaglUmOhwQ== X-Received: by 2002:a05:6402:4409:: with SMTP id y9mr32347002eda.184.1633969583288; Mon, 11 Oct 2021 09:26:23 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:23 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 04/35] libsepol: add libfuzz based fuzzer for reading binary policies Date: Mon, 11 Oct 2021 18:25:02 +0200 Message-Id: <20211011162533.53404-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche --- libsepol/fuzz/binpolicy-fuzzer.c | 63 +++++++++++++++++++++++++++++++ libsepol/fuzz/policy.bin | Bin 0 -> 1552 bytes scripts/oss-fuzz.sh | 19 ++++++++-- 3 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 libsepol/fuzz/binpolicy-fuzzer.c create mode 100644 libsepol/fuzz/policy.bin diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c new file mode 100644 index 00000000..85c59645 --- /dev/null +++ b/libsepol/fuzz/binpolicy-fuzzer.c @@ -0,0 +1,63 @@ +#include +#include +#include +#include + +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static int write_binary_policy(policydb_t *p, FILE *outfp) +{ + struct policy_file pf; + + policy_file_init(&pf); + pf.type = PF_USE_STDIO; + pf.fp = outfp; + return policydb_write(p, &pf); +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + policydb_t policydb = {}; + sidtab_t sidtab = {}; + struct policy_file pf; + FILE *devnull = NULL; + + sepol_debug(0); + + policy_file_init(&pf); + pf.type = PF_USE_MEMORY; + pf.data = (char *) data; + pf.len = size; + + if (policydb_init(&policydb)) + goto exit; + + if (policydb_read(&policydb, &pf, /*verbose=*/0)) + goto exit; + + if (policydb_load_isids(&policydb, &sidtab)) + goto exit; + + if (policydb.policy_type == POLICY_KERN) + (void) policydb_optimize(&policydb); + + devnull = fopen("/dev/null", "w"); + if (!devnull) + goto exit; + + (void) write_binary_policy(&policydb, devnull); + + (void) sepol_kernel_policydb_to_conf(devnull, &policydb); + + (void) sepol_kernel_policydb_to_cil(devnull, &policydb); + +exit: + if (devnull != NULL) + fclose(devnull); + + policydb_destroy(&policydb); + sepol_sidtab_destroy(&sidtab); + + /* Non-zero return values are reserved for future use. */ + return 0; +} diff --git a/libsepol/fuzz/policy.bin b/libsepol/fuzz/policy.bin new file mode 100644 index 0000000000000000000000000000000000000000..6f977ef34479daa9bf2e848c502ecea8d96f7912 GIT binary patch literal 1552 zcma)5OLBuS3?==4PtZ+{&?9)$U3WbIlYnX65X0D})6Db;y>M5p9{5ov4Nx%;$40a)K#TcVgu}o@qItz z*n@Vpe$`n>9k>)lLo|5!#vC+5dA)f~edbIZ(r^=r47z&T$5@O7acJXBjy1qIauI91 zZV#hm%^Wra%{;^@N(_Mfp@x57&=A0V{XH^N#4uZ2$+ZB!ToK{?!0dQgn^$*KOS$hBg literal 0 HcmV?d00001 diff --git a/scripts/oss-fuzz.sh b/scripts/oss-fuzz.sh index 16cc3c0a..14bad14d 100755 --- a/scripts/oss-fuzz.sh +++ b/scripts/oss-fuzz.sh @@ -32,10 +32,10 @@ SANITIZER=${SANITIZER:-address} flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link" export CC=${CC:-clang} -export CFLAGS=${CFLAGS:-$flags} +export CFLAGS="${CFLAGS:-$flags} -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" export CXX=${CXX:-clang++} -export CXXFLAGS=${CXXFLAGS:-$flags} +export CXXFLAGS="${CXXFLAGS:-$flags}" export OUT=${OUT:-$(pwd)/out} mkdir -p "$OUT" @@ -49,11 +49,24 @@ make -C libsepol clean # shellcheck disable=SC2016 make -C libsepol V=1 LD_SONAME_FLAGS='-soname,$(LIBSO),--version-script=$(LIBMAP)' -j"$(nproc)" install +## secilc fuzzer ## + # CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by # the compiler/linker so they shouldn't be quoted # shellcheck disable=SC2086 -$CC $CFLAGS -I"$DESTDIR/usr/include" -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c +$CC $CFLAGS -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c # shellcheck disable=SC2086 $CXX $CXXFLAGS $LIB_FUZZING_ENGINE secilc-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/secilc-fuzzer" zip -r "$OUT/secilc-fuzzer_seed_corpus.zip" secilc/test + +## binary policy fuzzer ## + +# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by +# the compiler/linker so they shouldn't be quoted +# shellcheck disable=SC2086 +$CC $CFLAGS -c -o binpolicy-fuzzer.o libsepol/fuzz/binpolicy-fuzzer.c +# shellcheck disable=SC2086 +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE binpolicy-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/binpolicy-fuzzer" + +zip -j "$OUT/binpolicy-fuzzer_seed_corpus.zip" libsepol/fuzz/policy.bin From patchwork Mon Oct 11 16:25:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550511 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 599FDC4332F for ; Mon, 11 Oct 2021 16:26:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4171360EE5 for ; Mon, 11 Oct 2021 16:26:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232016AbhJKQ20 (ORCPT ); Mon, 11 Oct 2021 12:28:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232035AbhJKQ2Z (ORCPT ); Mon, 11 Oct 2021 12:28:25 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E8A5C061570 for ; Mon, 11 Oct 2021 09:26:25 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id a25so54087426edx.8 for ; Mon, 11 Oct 2021 09:26:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=+jacl8Al8Q58H+wLtpDSJ9c94xGremV+a4pxFon+T1Y=; b=QsgY4LKgclzOCvaI847Yq7FGnrAtBgv+cj+N/3lTM1ym5uurRsotyZm0NZeQ2VXt59 2FniJgIwWpcQsVs1l3y2eJpv4MYlUxqN5wAUZSd2GC2BSmRXCXF9sVsq9J7qvn+BegMK LjsHlIwADpneEfXGOq9/+eA7/dw2tnHbgNS05ZZLgwfFkhzahBqniy1MvFhXt/LMlfAy h8A5cH6wCY6kS9NQfPzwqfplhwXKrKadrrb2S2MnIufbQD+FB2ejBrisGbBN/HTYW6Jl 0v4mio4r5WtmAF+oaOxFP7LCHl5HVWU27HIXtL2lZA+BalN1y1NMvH/t/h5O5FiBDDxj 0Luw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+jacl8Al8Q58H+wLtpDSJ9c94xGremV+a4pxFon+T1Y=; b=AfRM5raNBW1E7rQKwh27Ap++sE2n+3CDIHPgrtRCv13pHbSn8YR0kF2vaoo7j9MDsr XNusAu5dNaYumijw35BZVNkRbeHs91iKkmTujjOesTd0G1uPskn3jqtHdcuIxO3mo6ok sk1Q5VF+ErbGw9Z/15Jp3JTTlef25qnATVdFniM8cF/wUJ1wnzakIHdTdwiI6mkQq41K V+2IknnYUnwASu5DyV62ezIrvFqNtN25J3hlo19Rm54FRg330WeIxzM6qQWDwl/Nhl7E jsb5Ms0l6ifgmj+ZtoFIMcnkm6doAQJ2NvzollwRuBbZSw2Azpa3rpcTElsc7MjdKVMd MAUg== X-Gm-Message-State: AOAM531gY//5FSdOyR+hpzuwNyK5wMw6SDAC3c6A8/W+F/qg7LEtLwjK dZ4Ssl19sO9dzADAfvdiTFeqVVi550M= X-Google-Smtp-Source: ABdhPJzQcUzZkEkBWnvjVTb4f8nZW4EYn7sHmhYieo9ucCwiYKCZuEkZeOP8uhYk2sDfKH/WvjXPKw== X-Received: by 2002:a17:906:26c4:: with SMTP id u4mr25515248ejc.511.1633969583846; Mon, 11 Oct 2021 09:26:23 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:23 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 05/35] libsepol/fuzz: limit element sizes for fuzzing Date: Mon, 11 Oct 2021 18:25:03 +0200 Message-Id: <20211011162533.53404-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Limit the maximum length of read sizes, like string length of module version and name or keys and number of symtab entries. This avoids the fuzzer to report oom events for huge allocations (it also improves the number of executions per seconds of the fuzzer). This change only affects the fuzzer build. ==15211== ERROR: libFuzzer: out-of-memory (malloc(3115956666)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143) #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb) #8 0x59d307 in str_read ./libsepol/src/services.c:1746:8 #9 0x585b97 in perm_read ./libsepol/src/policydb.c:2063:5 #10 0x581f8a in common_read ./libsepol/src/policydb.c:2119:7 #11 0x576681 in policydb_read ./libsepol/src/policydb.c:4417:8 #12 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #13 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #14 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #15 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #16 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #17 0x7fe1ec88a7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #18 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) ==13584== ERROR: libFuzzer: out-of-memory (malloc(2560137369)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143) #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb) #8 0x581cc4 in common_read ./libsepol/src/policydb.c:2108:8 #9 0x576681 in policydb_read ./libsepol/src/policydb.c:4409:8 #10 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #11 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #12 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #13 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #14 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #15 0x7fa6431787ec in __libc_start_main csu/../csu/libc-start.c:332:16 #16 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) ==12683== ERROR: libFuzzer: out-of-memory (malloc(2526451450)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143) #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb) #8 0x575f8a in policydb_read ./libsepol/src/policydb.c:4356:18 #9 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #10 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #11 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #12 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #13 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #14 0x7fa737b377ec in __libc_start_main csu/../csu/libc-start.c:332:16 #15 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/private.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libsepol/src/private.h b/libsepol/src/private.h index 71287282..6146f59f 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -44,7 +44,12 @@ #define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0])) -#define is_saturated(x) (x == (typeof(x))-1) +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +# define is_saturated(x) (x == (typeof(x))-1 || (x) > (1U << 16)) +#else +# define is_saturated(x) (x == (typeof(x))-1) +#endif + #define zero_or_saturated(x) ((x == 0) || is_saturated(x)) #define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b))) From patchwork Mon Oct 11 16:25:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4E477C433EF for ; Mon, 11 Oct 2021 16:26:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3B70860EE5 for ; Mon, 11 Oct 2021 16:26:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232108AbhJKQ21 (ORCPT ); Mon, 11 Oct 2021 12:28:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232062AbhJKQ20 (ORCPT ); Mon, 11 Oct 2021 12:28:26 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF184C06161C for ; Mon, 11 Oct 2021 09:26:25 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id d9so46036288edh.5 for ; Mon, 11 Oct 2021 09:26:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=2ruCt1+N7aypGX9gh1/S/uTgsVDxJ/gF0h3VlIk0pQo=; b=eh9GKkQIIXZW0+MjPaumJ9Qhrbti4xct5n06F0Ph6tZbUa7EpSg/h1yz8CqHTu+21t RNK+IrkrU0RazC2ptMF34vbz9pgRJGOmtmmmNpcML0zMe2iH690d6MYnhPzWRpkWN4g7 vAiVPDYPqy86t8nOsoRPebysxvNrGPbEQu0rZmYu5QeZOwD/4RVeKhXvwGjhJpNMzFH2 T+wPztdgjra6OChZ3PPZsNpBiRID2kx1nCQVaDT48OrNhIW7AtkZZfb/vh+Y2vug0s7o zJWfMB9UXlzWacgQqOg0ziSeBXfsOX09HK0UVPjPHRnTZFQ7uB712ZPh2xQR3wi9t8Tz 0JSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2ruCt1+N7aypGX9gh1/S/uTgsVDxJ/gF0h3VlIk0pQo=; b=wGToG/n18X65fIlLqhpxtYRMjh3MFigVt5GD84c/mGv+lOjfoOhyAa9EqWNXEwNviN Y1ycULROrHjYp9VoJtB6UX1cy48fqIGSXO95rffw2gcy3qK9AsLRTm3Jd/K/q3FWZ1nk hv4qpRFa1Ii3nmq/SnIQWWXln60RcqcuGz7Rl9IircSyW3R8hzneN4vkZqOuBRt7+tA4 pgbKep3sqoebg0wH4kLGTGSzr6uwAXk4/u2PtMdI/VGzDAabt/Iog1+9yht2R7SaEF2o QNwT3Awu54C/wqNuN6u2vXb/GHGTZOWiSj2vpUesEgu89eLl50ikbxpr0SwJVqNhFR6d T7dg== X-Gm-Message-State: AOAM533Wn8MS7zD1OAPNQBZgaMiYReYo25zeZ7XXpaX0rlZFGu1WroS4 5+HAIoiJKYL1gWC9zx3XnwQuN0HVAOY= X-Google-Smtp-Source: ABdhPJzr5o9kxQN9tfUoSSls+ERPACrWnw2NOZjsTqhTtf4+AWx4yiH2ecdkhY2QQOfuoaO5CDZR6w== X-Received: by 2002:a17:906:ae14:: with SMTP id le20mr27496321ejb.89.1633969584384; Mon, 11 Oct 2021 09:26:24 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:24 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 06/35] libsepol: use logging framework in conditional.c Date: Mon, 11 Oct 2021 18:25:04 +0200 Message-Id: <20211011162533.53404-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the internal logging framework instead of directly writing to stdout as it might be undesired to do so within a library. Signed-off-by: Christian Göttsche --- libsepol/src/conditional.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index e3ede694..a01350a6 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -25,6 +25,7 @@ #include #include "private.h" +#include "debug.h" /* move all type rules to top of t/f lists to help kernel on evaluation */ static void cond_optimize(cond_av_list_t ** l) @@ -314,8 +315,7 @@ static int evaluate_cond_node(policydb_t * p, cond_node_t * node) if (new_state != node->cur_state) { node->cur_state = new_state; if (new_state == -1) - printf - ("expression result was undefined - disabling all rules.\n"); + WARN(NULL, "expression result was undefined - disabling all rules.\n"); /* turn the rules on or off */ for (cur = node->true_list; cur != NULL; cur = cur->next) { if (new_state <= 0) { @@ -368,8 +368,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn) if (ne) { ne->next = NULL; } else { /* ne should never be NULL */ - printf - ("Found expr with no bools and only a ! - this should never happen.\n"); + ERR(NULL, "Found expr with no bools and only a ! - this should never happen.\n"); return -1; } /* swap the true and false lists */ @@ -421,8 +420,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn) } k = cond_evaluate_expr(p, cn->expr); if (k == -1) { - printf - ("While testing expression, expression result " + ERR(NULL, "While testing expression, expression result " "was undefined - this should never happen.\n"); return -1; } @@ -635,8 +633,7 @@ static int cond_insertf(avtab_t * a */ if (k->specified & AVTAB_TYPE) { if (avtab_search(&p->te_avtab, k)) { - printf - ("security: type rule already exists outside of a conditional."); + INFO(NULL, "security: type rule already exists outside of a conditional."); goto err; } /* @@ -652,8 +649,7 @@ static int cond_insertf(avtab_t * a if (node_ptr) { if (avtab_search_node_next (node_ptr, k->specified)) { - printf - ("security: too many conflicting type rules."); + ERR(NULL, "security: too many conflicting type rules."); goto err; } found = 0; @@ -664,15 +660,13 @@ static int cond_insertf(avtab_t * a } } if (!found) { - printf - ("security: conflicting type rules.\n"); + ERR(NULL, "security: conflicting type rules.\n"); goto err; } } } else { if (avtab_search(&p->te_cond_avtab, k)) { - printf - ("security: conflicting type rules when adding type rule for true.\n"); + ERR(NULL, "security: conflicting type rules when adding type rule for true.\n"); goto err; } } @@ -680,7 +674,7 @@ static int cond_insertf(avtab_t * a node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); if (!node_ptr) { - printf("security: could not insert rule."); + ERR(NULL, "security: could not insert rule."); goto err; } node_ptr->parse_context = (void *)1; @@ -742,14 +736,12 @@ static int cond_read_av_list(policydb_t * p, void *fp, static int expr_isvalid(policydb_t * p, cond_expr_t * expr) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { - printf - ("security: conditional expressions uses unknown operator.\n"); + INFO(NULL, "security: conditional expressions uses unknown operator.\n"); return 0; } if (expr->bool > p->p_bools.nprim) { - printf - ("security: conditional expressions uses unknown bool.\n"); + INFO(NULL, "security: conditional expressions uses unknown bool.\n"); return 0; } return 1; From patchwork Mon Oct 11 16:25:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3C3EC433FE for ; Mon, 11 Oct 2021 16:26:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CE7C960E8B for ; Mon, 11 Oct 2021 16:26:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232035AbhJKQ21 (ORCPT ); Mon, 11 Oct 2021 12:28:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232087AbhJKQ20 (ORCPT ); Mon, 11 Oct 2021 12:28:26 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 72ABBC061570 for ; Mon, 11 Oct 2021 09:26:26 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id i20so53523262edj.10 for ; Mon, 11 Oct 2021 09:26:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=dMS8W/GAYYtBc6YxJ9Pe2XzQ2RnoX9Ik1pXdcIcfWic=; b=ZuDqiT2xiwnyiJ4jpfqlw/jQg2CE/D4QygxTQ8/QMyFDuS+xna6EzJh5hg+NkLYsYK wco3rU1Arg2xBTy573BbtdQPHgCja+ExOYo32+VKq6il6kaBwzaatF5ilcAzamEAzcqy 5Qt1d5xIGt/yt/pDyWG076WYxi7h4AUcveorxmWpm+tEUEhTETiCWlhg0IxSGn1q3ncM JSxtlfazfE2MVThtIW7/XzZgoH+BPzdESKEQ2LYloCBuQzfLdY+OceDsFt29DDr3tg1L Xg92yVlHCifysz85AHDbhn6IAP81phRaAJbdZjvxKioMwQllDluoIp4LDLTZJv5QVNq3 Ving== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dMS8W/GAYYtBc6YxJ9Pe2XzQ2RnoX9Ik1pXdcIcfWic=; b=opfh4W3GfVI77XU046m0iBbc8ySO0JjXjjc3eiUU/TFcx775RGFwzJiaQtz0QoPmfW UxDCCLmKRVaihy94WtsCkN/ENBVVi/rH2Ax15vaJzrDATjURAsHYqet9zG6dH1fuubez n8uEKmK88hMcPnfTPbGM5JiknWa/2F6PCiH1WqVw2owAEMEcFXJQ58TnTgRkBb4mXAZc mMmn7NnX1vUSsQksQpJTaxSEIFfhDj1dyf0vq1KG0E/trdOaLKM9VYPQC/AvUdQ+shi3 xaNITTG+0rUwdK6CmrBnprhof+zM9LjGJZpbLXdHYmuaE0yR6t2LPBUbtoIUedO/0PtG HslA== X-Gm-Message-State: AOAM530FTpehEdSwJkrpfKHHKpMlHxgxwfB3bQsWdlG2Z+SzAMxLYuWJ b9ZC0pQGNbyjskdAyfhLcinSZg5Qr7U= X-Google-Smtp-Source: ABdhPJzxv1hztce1RGKIaitFH2oLimRZY37qiFonFxyYyP6nq/DSuaOy4qI6Llws0YDgrafxeyq0JA== X-Received: by 2002:a17:906:d1d6:: with SMTP id bs22mr27041632ejb.554.1633969584940; Mon, 11 Oct 2021 09:26:24 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:24 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 07/35] libsepol: use logging framework in ebitmap.c Date: Mon, 11 Oct 2021 18:25:05 +0200 Message-Id: <20211011162533.53404-8-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the internal logging framework instead of directly writing to stdout as it might be undesired to do so within a library. Signed-off-by: Christian Göttsche --- libsepol/src/ebitmap.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c index 1de3816a..fa728558 100644 --- a/libsepol/src/ebitmap.c +++ b/libsepol/src/ebitmap.c @@ -406,8 +406,7 @@ int ebitmap_read(ebitmap_t * e, void *fp) count = le32_to_cpu(buf[2]); if (mapsize != MAPSIZE) { - printf - ("security: ebitmap: map size %d does not match my size %zu (high bit was %d)\n", + ERR(NULL, "security: ebitmap: map size %d does not match my size %zu (high bit was %d)\n", mapsize, MAPSIZE, e->highbit); goto bad; } @@ -416,8 +415,7 @@ int ebitmap_read(ebitmap_t * e, void *fp) goto ok; } if (e->highbit & (MAPSIZE - 1)) { - printf - ("security: ebitmap: high bit (%d) is not a multiple of the map size (%zu)\n", + ERR(NULL, "security: ebitmap: high bit (%d) is not a multiple of the map size (%zu)\n", e->highbit, MAPSIZE); goto bad; } @@ -429,12 +427,12 @@ int ebitmap_read(ebitmap_t * e, void *fp) for (i = 0; i < count; i++) { rc = next_entry(buf, fp, sizeof(uint32_t)); if (rc < 0) { - printf("security: ebitmap: truncated map\n"); + ERR(NULL, "security: ebitmap: truncated map\n"); goto bad; } n = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t)); if (!n) { - printf("security: ebitmap: out of memory\n"); + ERR(NULL, "security: ebitmap: out of memory\n"); rc = -ENOMEM; goto bad; } @@ -443,34 +441,30 @@ int ebitmap_read(ebitmap_t * e, void *fp) n->startbit = le32_to_cpu(buf[0]); if (n->startbit & (MAPSIZE - 1)) { - printf - ("security: ebitmap start bit (%d) is not a multiple of the map size (%zu)\n", + ERR(NULL, "security: ebitmap start bit (%d) is not a multiple of the map size (%zu)\n", n->startbit, MAPSIZE); goto bad_free; } if (n->startbit > (e->highbit - MAPSIZE)) { - printf - ("security: ebitmap start bit (%d) is beyond the end of the bitmap (%zu)\n", + ERR(NULL, "security: ebitmap start bit (%d) is beyond the end of the bitmap (%zu)\n", n->startbit, (e->highbit - MAPSIZE)); goto bad_free; } rc = next_entry(&map, fp, sizeof(uint64_t)); if (rc < 0) { - printf("security: ebitmap: truncated map\n"); + ERR(NULL, "security: ebitmap: truncated map\n"); goto bad_free; } n->map = le64_to_cpu(map); if (!n->map) { - printf - ("security: ebitmap: null map in ebitmap (startbit %d)\n", + ERR(NULL, "security: ebitmap: null map in ebitmap (startbit %d)\n", n->startbit); goto bad_free; } if (l) { if (n->startbit <= l->startbit) { - printf - ("security: ebitmap: start bit %d comes after start bit %d\n", + ERR(NULL, "security: ebitmap: start bit %d comes after start bit %d\n", n->startbit, l->startbit); goto bad_free; } @@ -481,8 +475,7 @@ int ebitmap_read(ebitmap_t * e, void *fp) l = n; } if (count && l->startbit + MAPSIZE != e->highbit) { - printf - ("security: ebitmap: high bit %u has not the expected value %zu\n", + ERR(NULL, "security: ebitmap: high bit %u has not the expected value %zu\n", e->highbit, l->startbit + MAPSIZE); goto bad; } From patchwork Mon Oct 11 16:25:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550517 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 959ADC43219 for ; Mon, 11 Oct 2021 16:26:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 805DB60E8B for ; Mon, 11 Oct 2021 16:26:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232114AbhJKQ22 (ORCPT ); Mon, 11 Oct 2021 12:28:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43972 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232087AbhJKQ21 (ORCPT ); Mon, 11 Oct 2021 12:28:27 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13FA3C061570 for ; Mon, 11 Oct 2021 09:26:27 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id d9so46036525edh.5 for ; Mon, 11 Oct 2021 09:26:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=jzK8JTFGXR9V+WKOCu2iIAbtYEx+Yt34mGHccxB1Wec=; b=EpBVUFWsjQwAsU/xniK8OlCSajQzjRPOxZXk9v2J/EF1Rj8NE2l/224uJTQRSZG0tf ExJtSvr0QBjQi1cZjbtDlzktr5bgBQ4sPkjxhzQ0LhTTkSW9//mbAjT/0+I3hK4qxKtw nfNqaa6ar9LkgDpdKdPLHTlx+XtyHmQUnZVFOC+QzpEaMgVqJc8AXx9IKIkb6GXkGWKn I8uqghhImmKhZMCzaATk+Yj1C3Y/dg3MoHYu/rOugIdk5cYxTryvkzSCtgZFTRjJ2bXf 6UXL54SBiPS0NJbDmq6C5FefseuJQKFp/ElNFv7QRi0VH5qeY7og58dy9yTmU7i5+iog Owng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jzK8JTFGXR9V+WKOCu2iIAbtYEx+Yt34mGHccxB1Wec=; b=E1dZmu+9548DvleUomd9IyWJ17cgBoImhkk/7pv+i+D1ekv8W/cCwIoe3Y/zfcaB0N lzjbzHZQZFmNKxtN3DqqXeUynnmi/lZvwsXgOlzYXS+UjeApFAiIRTm/6DNQZb2w82N2 Fc5Kofv9nGxe5h2s8wwUeQ8JUuRVNQL32Jcyt3sA2Fn/K7ySLnwfnrzM0U6xY7geoGbl ItXyXhb6nH/YNntGilP6fd83ix4SIpcQq1qQX+HoB75+/69r9CD427SppOXl7VzUDpdf 9RSSCRbt56yI8fmEssqfc1e5AdVlidhtCuQQZGvnZHWclhW+wdG4WbtVezn0ihee97qn CdJQ== X-Gm-Message-State: AOAM530CE8FIBJLsfvUAChM21rWlGLtdp3O2j6jOzGUefGkDPP41XdmC CpC0rslTC16W9lW16hBX1lkKQcqKV8M= X-Google-Smtp-Source: ABdhPJyAPRLqzH1cNBl/MMzz44AOV6VoapdDs+xbB9CfKlxyhE4ZP1Ac4FqV1mSJIENtVrA+xvPtDQ== X-Received: by 2002:a17:907:7803:: with SMTP id la3mr27559080ejc.235.1633969585578; Mon, 11 Oct 2021 09:26:25 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:25 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 08/35] libsepol: use mallocarray wrapper to avoid overflows Date: Mon, 11 Oct 2021 18:25:06 +0200 Message-Id: <20211011162533.53404-9-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use a wrapper to guard `malloc(a * b)` type allocations, to detect multiplication overflows, which result in too few memory being allocated. Signed-off-by: Christian Göttsche --- libsepol/src/conditional.c | 2 +- libsepol/src/expand.c | 4 ++-- libsepol/src/hashtab.c | 4 +++- libsepol/src/link.c | 3 ++- libsepol/src/module.c | 4 ++-- libsepol/src/module_to_cil.c | 4 ++-- libsepol/src/optimize.c | 6 ++++-- libsepol/src/policydb.c | 6 +++--- libsepol/src/private.h | 9 +++++++++ libsepol/src/services.c | 6 +++--- libsepol/src/sidtab.c | 3 ++- libsepol/src/user_record.c | 3 ++- libsepol/src/write.c | 2 +- 13 files changed, 36 insertions(+), 20 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index a01350a6..9a10aae1 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -522,7 +522,7 @@ int cond_init_bool_indexes(policydb_t * p) if (p->bool_val_to_struct) free(p->bool_val_to_struct); p->bool_val_to_struct = (cond_bool_datum_t **) - malloc(p->p_bools.nprim * sizeof(cond_bool_datum_t *)); + mallocarray(p->p_bools.nprim, sizeof(cond_bool_datum_t *)); if (!p->bool_val_to_struct) return -1; return 0; diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index a6a466f7..8a7259a0 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -3146,9 +3146,9 @@ int expand_module(sepol_handle_t * handle, goto cleanup; /* Build the type<->attribute maps and remove attributes. */ - state.out->attr_type_map = malloc(state.out->p_types.nprim * + state.out->attr_type_map = mallocarray(state.out->p_types.nprim, sizeof(ebitmap_t)); - state.out->type_attr_map = malloc(state.out->p_types.nprim * + state.out->type_attr_map = mallocarray(state.out->p_types.nprim, sizeof(ebitmap_t)); if (!state.out->attr_type_map || !state.out->type_attr_map) { ERR(handle, "Out of memory!"); diff --git a/libsepol/src/hashtab.c b/libsepol/src/hashtab.c index 21143b76..2eb35212 100644 --- a/libsepol/src/hashtab.c +++ b/libsepol/src/hashtab.c @@ -32,6 +32,8 @@ #include #include +#include "private.h" + hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h, const_hashtab_key_t key), int (*keycmp) (hashtab_t h, @@ -52,7 +54,7 @@ hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h, p->nel = 0; p->hash_value = hash_value; p->keycmp = keycmp; - p->htable = (hashtab_ptr_t *) malloc(sizeof(hashtab_ptr_t) * size); + p->htable = (hashtab_ptr_t *) mallocarray(size, sizeof(hashtab_ptr_t)); if (p->htable == NULL) { free(p); return NULL; diff --git a/libsepol/src/link.c b/libsepol/src/link.c index 461d2feb..a6b10b52 100644 --- a/libsepol/src/link.c +++ b/libsepol/src/link.c @@ -34,6 +34,7 @@ #include #include "debug.h" +#include "private.h" #undef min #define min(a,b) (((a) < (b)) ? (a) : (b)) @@ -1679,7 +1680,7 @@ static int copy_scope_index(scope_index_t * src, scope_index_t * dest, } /* next copy the enabled permissions data */ - if ((dest->class_perms_map = malloc(largest_mapped_class_value * + if ((dest->class_perms_map = mallocarray(largest_mapped_class_value, sizeof(*dest->class_perms_map))) == NULL) { goto cleanup; diff --git a/libsepol/src/module.c b/libsepol/src/module.c index 02a5de2c..4a51f25c 100644 --- a/libsepol/src/module.c +++ b/libsepol/src/module.c @@ -406,14 +406,14 @@ static int module_package_read_offsets(sepol_module_package_t * mod, goto err; } - off = (size_t *) malloc((nsec + 1) * sizeof(size_t)); + off = (size_t *) mallocarray(nsec + 1, sizeof(size_t)); if (!off) { ERR(file->handle, "out of memory"); goto err; } free(buf); - buf = malloc(sizeof(uint32_t) * nsec); + buf = mallocarray(nsec, sizeof(uint32_t)); if (!buf) { ERR(file->handle, "out of memory"); goto err; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 16e4004e..ad0880bd 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -430,7 +430,7 @@ static int stack_init(struct stack **stack) goto exit; } - s->stack = malloc(sizeof(*s->stack) * STACK_SIZE); + s->stack = mallocarray(STACK_SIZE, sizeof(*s->stack)); if (s->stack == NULL) { goto exit; } @@ -1008,7 +1008,7 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n goto exit; } - name_arr = malloc(sizeof(*name_arr) * num); + name_arr = mallocarray(num, sizeof(*name_arr)); if (name_arr == NULL) { log_err("Out of memory"); rc = -1; diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c index 6826155c..f8298fb7 100644 --- a/libsepol/src/optimize.c +++ b/libsepol/src/optimize.c @@ -31,6 +31,8 @@ #include #include +#include "private.h" + #define TYPE_VEC_INIT_SIZE 16 struct type_vec { @@ -42,7 +44,7 @@ static int type_vec_init(struct type_vec *v) { v->capacity = TYPE_VEC_INIT_SIZE; v->count = 0; - v->types = malloc(v->capacity * sizeof(*v->types)); + v->types = mallocarray(v->capacity, sizeof(*v->types)); if (!v->types) return -1; return 0; @@ -93,7 +95,7 @@ static struct type_vec *build_type_map(const policydb_t *p) { unsigned int i, k; ebitmap_node_t *n; - struct type_vec *map = malloc(p->p_types.nprim * sizeof(*map)); + struct type_vec *map = mallocarray(p->p_types.nprim, sizeof(*map)); if (!map) return NULL; diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 7093d9b7..46fb4893 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -4111,7 +4111,7 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) goto cleanup; } if ((scope->decl_ids = - malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { + mallocarray(scope->decl_ids_len, sizeof(uint32_t))) == NULL) { goto cleanup; } rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); @@ -4500,8 +4500,8 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) } if (policy_type == POLICY_KERN) { - p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); - p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); + p->type_attr_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t)); + p->attr_type_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t)); if (!p->type_attr_map || !p->attr_type_map) goto bad; for (i = 0; i < p->p_types.nprim; i++) { diff --git a/libsepol/src/private.h b/libsepol/src/private.h index 6146f59f..d3d65a57 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -83,3 +83,12 @@ extern int next_entry(void *buf, struct policy_file *fp, size_t bytes); extern size_t put_entry(const void *ptr, size_t size, size_t n, struct policy_file *fp); extern int str_read(char **strp, struct policy_file *fp, size_t len); + +static inline void* mallocarray(size_t nmemb, size_t size) { + if (size && nmemb > (size_t)-1 / size) { + errno = ENOMEM; + return NULL; + } + + return malloc(nmemb * size); +} diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 673b3971..a132d080 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -712,7 +712,7 @@ mls_ops: * Generate the same number of answer buffer entries as expression * buffers (as there will never be more). */ - answer_list = malloc(expr_count * sizeof(*answer_list)); + answer_list = mallocarray(expr_count, sizeof(*answer_list)); if (!answer_list) { ERR(NULL, "failed to allocate answer stack"); rc = -ENOMEM; @@ -2163,7 +2163,7 @@ int sepol_get_user_sids(sepol_security_id_t fromsid, } usercon.user = user->s.value; - mysids = malloc(maxnel * sizeof(sepol_security_id_t)); + mysids = mallocarray(maxnel, sizeof(sepol_security_id_t)); if (!mysids) { rc = -ENOMEM; goto out; @@ -2199,7 +2199,7 @@ int sepol_get_user_sids(sepol_security_id_t fromsid, } else { maxnel += SIDS_NEL; mysids2 = - malloc(maxnel * + mallocarray(maxnel, sizeof(sepol_security_id_t)); if (!mysids2) { diff --git a/libsepol/src/sidtab.c b/libsepol/src/sidtab.c index 255e0725..adeae6eb 100644 --- a/libsepol/src/sidtab.c +++ b/libsepol/src/sidtab.c @@ -15,6 +15,7 @@ #include #include "flask.h" +#include "private.h" #define SIDTAB_HASH(sid) \ (sid & SIDTAB_HASH_MASK) @@ -27,7 +28,7 @@ int sepol_sidtab_init(sidtab_t * s) { int i; - s->htable = malloc(sizeof(sidtab_ptr_t) * SIDTAB_SIZE); + s->htable = mallocarray(SIDTAB_SIZE, sizeof(sidtab_ptr_t)); if (!s->htable) return -ENOMEM; for (i = 0; i < SIDTAB_SIZE; i++) diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c index ac520060..c1356a6b 100644 --- a/libsepol/src/user_record.c +++ b/libsepol/src/user_record.c @@ -4,6 +4,7 @@ #include "user_internal.h" #include "debug.h" +#include "private.h" struct sepol_user { /* This user's name */ @@ -265,7 +266,7 @@ int sepol_user_get_roles(sepol_handle_t * handle, unsigned int i; const char **tmp_roles = - (const char **)malloc(sizeof(char *) * user->num_roles); + (const char **)mallocarray(user->num_roles, sizeof(char *)); if (!tmp_roles) goto omem; diff --git a/libsepol/src/write.c b/libsepol/src/write.c index 3bd034d6..9df5b0bd 100644 --- a/libsepol/src/write.c +++ b/libsepol/src/write.c @@ -2117,7 +2117,7 @@ static int scope_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) * buffer. this would have been easier with C99's * dynamic arrays... */ rc = POLICYDB_ERROR; - dyn_buf = malloc(items * sizeof(*dyn_buf)); + dyn_buf = mallocarray(items, sizeof(*dyn_buf)); if (!dyn_buf) goto err; buf = dyn_buf; From patchwork Mon Oct 11 16:25:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0994EC433F5 for ; Mon, 11 Oct 2021 16:26:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E405060E8B for ; Mon, 11 Oct 2021 16:26:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232087AbhJKQ22 (ORCPT ); Mon, 11 Oct 2021 12:28:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232062AbhJKQ21 (ORCPT ); Mon, 11 Oct 2021 12:28:27 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 930DCC06161C for ; Mon, 11 Oct 2021 09:26:27 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id a25so54087810edx.8 for ; Mon, 11 Oct 2021 09:26:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=4fmZY8IZMwqwrNJPTmuhZgcrJnQjTCsaCV6df0sTvgA=; b=aistffnKqr1xyZxS4XDmZAxcN462PmLAS/SbJ1wzo624n/9ah3O2X846UNiJ7xPLgT zJ+VCnzDq0b+zMj9atON8iK5ZCmxYhZZBRpWrif5d7QZ4ojRF65oVVDpBtSHEaNdiAyF U1moXWNwbs11vKJnr/RlQFKYkUFOc8MakMB5F6EcnbD/xsKiXJ5UIi7VD4Dwh7aEl7eI zqkjbS9AMErPj9ryvXy/vCtErhi8JZTlqd9TxkgtahPYEZS9fwwsLe6TR7toHJ8I2Fd8 LspHUULIk0yFdckSYJ+vXqW8an1Oj0yfMrUXRpZXHUmVpIZ4RLEMHuWcR07LEKdkjWrr n9rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4fmZY8IZMwqwrNJPTmuhZgcrJnQjTCsaCV6df0sTvgA=; b=YbRrigNJTZ8v4JmpuPvMPodJJ37wrQ1jQca/uEE3Wdvt9s/pp4Dz6c8SiVh/Rz+OHN jW4tYCsLYLkjO2LfKmyX7SvhESJcLq+h7pHyfjMvIhLe7KnNuhzye6OhyRQjy3bWMk4E YQoTdGxqIQsJT+9NzaV/x21m8g61Ftt9dFI5XO+s4nv9Al7+RW3OGM3JQJv3zlqSKJgY syCNZ5DtMcRtbVBeT1DV+wVg/0tLDbhRS/eETxnFHDkY9bv2xEilwws/ASJY2MGlCavG A+2qpXa5M4cGlbI6wcHUQlEBPSorArDHc5Q1tGBjohpnah6wsogwEh3B61eRoFZ3RRvP nqHw== X-Gm-Message-State: AOAM533vjnQn6KfSgFQj++7R336pi5yjpEZ/uNkHuPzw+Pmz/ntLUb3F t2lx+uAWa2at4Wf+uB5J+1FfpVxX84A= X-Google-Smtp-Source: ABdhPJxsP/w0ao+AlvSi0EchKTIwRZKmZUKveSVxS1BIufoIcsSejkMIrD3pGnAL4TyyEqvtQviRFA== X-Received: by 2002:a17:907:7704:: with SMTP id kw4mr26979576ejc.23.1633969586108; Mon, 11 Oct 2021 09:26:26 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:25 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 09/35] libsepol: use reallocarray wrapper to avoid overflows Date: Mon, 11 Oct 2021 18:25:07 +0200 Message-Id: <20211011162533.53404-10-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use a wrapper to guard `realloc(p, a * b)` type allocations, to detect multiplication overflows, which result in too few memory being allocated. Use a custom implementation if the used C library does not offer one. Signed-off-by: Christian Göttsche --- libsepol/src/Makefile | 6 ++++++ libsepol/src/kernel_to_common.c | 4 ++-- libsepol/src/module_to_cil.c | 9 +++++---- libsepol/src/optimize.c | 5 +++-- libsepol/src/private.h | 11 +++++++++++ libsepol/src/services.c | 6 +++--- libsepol/src/user_record.c | 5 +++-- libsepol/src/users.c | 12 ++++++------ libsepol/src/util.c | 11 +++++++---- 9 files changed, 46 insertions(+), 23 deletions(-) diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile index dc8b1773..13410c67 100644 --- a/libsepol/src/Makefile +++ b/libsepol/src/Makefile @@ -29,6 +29,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(sort $(wildcard $(CILDIR)/src/*.c)) $(CIL_ override CFLAGS += -I$(CILDIR)/include endif +# check for reallocarray(3) availability +H := \# +ifeq (yes,$(shell printf '${H}define _GNU_SOURCE\n${H}include \nint main(void){void*p=reallocarray(NULL, 1, sizeof(char));return 0;}' | $(CC) -x c -o /dev/null - >/dev/null 2>&1 && echo yes)) +override CFLAGS += -DHAVE_REALLOCARRAY +endif + LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=$(LIBMAP),-z,defs LN=ln diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index a7453d3c..51df8c25 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -161,7 +161,7 @@ int strs_add(struct strs *strs, char *s) char **new; unsigned i = strs->size; strs->size *= 2; - new = realloc(strs->list, sizeof(char *)*strs->size); + new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { sepol_log_err("Out of memory"); return -1; @@ -220,7 +220,7 @@ int strs_add_at_index(struct strs *strs, char *s, unsigned index) while (index >= strs->size) { strs->size *= 2; } - new = realloc(strs->list, sizeof(char *)*strs->size); + new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { sepol_log_err("Out of memory"); return -1; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index ad0880bd..84e49c5b 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -453,7 +453,7 @@ static int stack_push(struct stack *stack, void *ptr) void *new_stack; if (stack->pos + 1 == stack->size) { - new_stack = realloc(stack->stack, sizeof(*stack->stack) * (stack->size * 2)); + new_stack = reallocarray(stack->stack, stack->size * 2, sizeof(*stack->stack)); if (new_stack == NULL) { goto exit; } @@ -4123,7 +4123,7 @@ exit: static int fp_to_buffer(FILE *fp, char **data, size_t *data_len) { int rc = -1; - char *d = NULL; + char *d = NULL, *d_tmp; size_t d_len = 0; size_t read_len = 0; size_t max_len = 1 << 17; // start at 128KB, this is enough to hold about half of all the existing pp files @@ -4139,12 +4139,13 @@ static int fp_to_buffer(FILE *fp, char **data, size_t *data_len) d_len += read_len; if (d_len == max_len) { max_len *= 2; - d = realloc(d, max_len); - if (d == NULL) { + d_tmp = realloc(d, max_len); + if (d_tmp == NULL) { log_err("Out of memory"); rc = -1; goto exit; } + d = d_tmp; } } diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c index f8298fb7..8a048702 100644 --- a/libsepol/src/optimize.c +++ b/libsepol/src/optimize.c @@ -59,8 +59,9 @@ static int type_vec_append(struct type_vec *v, uint32_t type) { if (v->capacity == v->count) { unsigned int new_capacity = v->capacity * 2; - uint32_t *new_types = realloc(v->types, - new_capacity * sizeof(*v->types)); + uint32_t *new_types = reallocarray(v->types, + new_capacity, + sizeof(*v->types)); if (!new_types) return -1; diff --git a/libsepol/src/private.h b/libsepol/src/private.h index d3d65a57..a8cc1472 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -92,3 +92,14 @@ static inline void* mallocarray(size_t nmemb, size_t size) { return malloc(nmemb * size); } + +#ifndef HAVE_REALLOCARRAY +static inline void* reallocarray(void *ptr, size_t nmemb, size_t size) { + if (size && nmemb > (size_t)-1 / size) { + errno = ENOMEM; + return NULL; + } + + return realloc(ptr, nmemb * size); +} +#endif diff --git a/libsepol/src/services.c b/libsepol/src/services.c index a132d080..e9333741 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -94,7 +94,7 @@ static void push(char *expr_ptr) else new_stack_len = stack_len * 2; - new_stack = realloc(stack, new_stack_len * sizeof(*stack)); + new_stack = reallocarray(stack, new_stack_len, sizeof(*stack)); if (!new_stack) { ERR(NULL, "unable to allocate stack space"); return; @@ -449,8 +449,8 @@ static int constraint_expr_eval_reason(context_struct_t *scontext, else new_expr_list_len = expr_list_len * 2; - new_expr_list = realloc(expr_list, - new_expr_list_len * sizeof(*expr_list)); + new_expr_list = reallocarray(expr_list, + new_expr_list_len, sizeof(*expr_list)); if (!new_expr_list) { ERR(NULL, "failed to allocate expr buffer stack"); rc = -ENOMEM; diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c index c1356a6b..404fa3a8 100644 --- a/libsepol/src/user_record.c +++ b/libsepol/src/user_record.c @@ -183,8 +183,9 @@ int sepol_user_add_role(sepol_handle_t * handle, if (!role_cp) goto omem; - roles_realloc = realloc(user->roles, - sizeof(char *) * (user->num_roles + 1)); + roles_realloc = reallocarray(user->roles, + user->num_roles + 1, + sizeof(char *)); if (!roles_realloc) goto omem; diff --git a/libsepol/src/users.c b/libsepol/src/users.c index b895b7f5..a7406214 100644 --- a/libsepol/src/users.c +++ b/libsepol/src/users.c @@ -226,17 +226,17 @@ int sepol_user_modify(sepol_handle_t * handle, void *tmp_ptr; /* Ensure reverse lookup array has enough space */ - tmp_ptr = realloc(policydb->user_val_to_struct, - (policydb->p_users.nprim + - 1) * sizeof(user_datum_t *)); + tmp_ptr = reallocarray(policydb->user_val_to_struct, + policydb->p_users.nprim + 1, + sizeof(user_datum_t *)); if (!tmp_ptr) goto omem; policydb->user_val_to_struct = tmp_ptr; policydb->user_val_to_struct[policydb->p_users.nprim] = NULL; - tmp_ptr = realloc(policydb->sym_val_to_name[SYM_USERS], - (policydb->p_users.nprim + - 1) * sizeof(char *)); + tmp_ptr = reallocarray(policydb->sym_val_to_name[SYM_USERS], + policydb->p_users.nprim + 1, + sizeof(char *)); if (!tmp_ptr) goto omem; policydb->sym_val_to_name[SYM_USERS] = tmp_ptr; diff --git a/libsepol/src/util.c b/libsepol/src/util.c index 902c63c5..b7230564 100644 --- a/libsepol/src/util.c +++ b/libsepol/src/util.c @@ -40,6 +40,8 @@ struct val_to_name { * 0). Return 0 on success, -1 on out of memory. */ int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a) { + uint32_t *new; + if (cnt == NULL || a == NULL) return -1; @@ -48,17 +50,18 @@ int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a) * than be smart about it, for now we realloc() the array each * time a new uint32_t is added! */ if (*a != NULL) - *a = (uint32_t *) realloc(*a, (*cnt + 1) * sizeof(uint32_t)); + new = (uint32_t *) reallocarray(*a, *cnt + 1, sizeof(uint32_t)); else { /* empty list */ *cnt = 0; - *a = (uint32_t *) malloc(sizeof(uint32_t)); + new = (uint32_t *) malloc(sizeof(uint32_t)); } - if (*a == NULL) { + if (new == NULL) { return -1; } - (*a)[*cnt] = i; + new[*cnt] = i; (*cnt)++; + *a = new; return 0; } From patchwork Mon Oct 11 16:25:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550521 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 965FAC433FE for ; Mon, 11 Oct 2021 16:26:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7DE5660EE5 for ; Mon, 11 Oct 2021 16:26:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232062AbhJKQ23 (ORCPT ); Mon, 11 Oct 2021 12:28:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232115AbhJKQ22 (ORCPT ); Mon, 11 Oct 2021 12:28:28 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2081BC061570 for ; Mon, 11 Oct 2021 09:26:28 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id p13so70634934edw.0 for ; Mon, 11 Oct 2021 09:26:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=NDqMxV/B48TTsPy+yvgHR7q9vo4w9I0W5krJ+UsYWYQ=; b=jFQZton+TJu3/bMZ88UNO5qoe4ALVVvD5ADfVfZobbOqKscTiyDw30uh3NIDfIumHx 5frurmP9L8QVFPg/d49OUbVtdLHQeirURBu8tY2EoO57WZTQnRii/oDEQ1quXgE0zl6J uX813hkMXxzdksiquRj1Brn4DuTY5oWM1xv6JAhXGgxFmCA9i34B31zsyqkB/Gyn7hqF F3H4IF9jGJLQ/LpbXCFTomtQ21FITFbJoTvtVZcC89LRZ7QoK+kwGWCird+ohV+zhpXI nNwsnF64b9HmWzowb7nXICcq9mb94GcKrI+lR97z1Klu4DUr576KPhJWe8CCjVFzKtU+ cltg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NDqMxV/B48TTsPy+yvgHR7q9vo4w9I0W5krJ+UsYWYQ=; b=7AaDWz+VuUYjEH4czH8KD5rlxl1VgEqjyDjLF6ESidL6uIQh2VPS7WZNrIec16kAxL RoN/qi4owUUYUTXu0L11/4ziRomDHn4kXWM/DNkcLPvn99DgBWExyrRkmW78c28tQqfH RGNAGCt1VRML5G0IiLjee0CxbQPzNEiQXKEox7m/gTJ4EwQ4f3W81r9+55WowjRBD8YA U9BR5QzpNcm7o6I8TvmFbN4+mDefjpvL7M6zdGRenjT0PHDrX2L4TmQiMcbe8TT/KV9P mzgqHrGwb4yoV2C9XIfjzsOHcSIA5YtJH2AdW4rSYgVt9CRmOe8i3WjwsbL9Dav3/Pc0 dQWA== X-Gm-Message-State: AOAM533XhbVYNGfrwpCXPTLmEhtdlFn8tHaJ7/ztib11qyDJyl4Amljw e17ouJuzYLqo4e96c+6wFPBFVDZdtWg= X-Google-Smtp-Source: ABdhPJzuOJEtQjaKxDaWr8yepGNjbOKaRIBmtYp625dLQyRp7LJ2YzItAXDdhi1x/6wdTcBqDj+HkA== X-Received: by 2002:a17:906:1f95:: with SMTP id t21mr25814317ejr.234.1633969586685; Mon, 11 Oct 2021 09:26:26 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:26 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 10/35] libsepol: add checks for read sizes Date: Mon, 11 Oct 2021 18:25:08 +0200 Message-Id: <20211011162533.53404-11-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add checks for invalid read sizes from a binary policy to guard allocations. In the fuzzer build the value will also be bounded to avoid oom reports. ==29857== ERROR: libFuzzer: out-of-memory (malloc(17179868160)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143) #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb) #8 0x580b5d in mallocarray ./libsepol/src/./private.h:93:9 #9 0x57c2ed in scope_read ./libsepol/src/policydb.c:4120:7 #10 0x576b0d in policydb_read ./libsepol/src/policydb.c:4462:9 #11 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #12 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #13 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #14 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #15 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #16 0x7ffad6e107ec in __libc_start_main csu/../csu/libc-start.c:332:16 #17 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) ==19462== ERROR: libFuzzer: out-of-memory (malloc(18253611008)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa999 in __asan::asan_calloc(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa999) #7 0x525b63 in __interceptor_calloc (./out/binpolicy-fuzzer+0x525b63) #8 0x570938 in policydb_index_others ./libsepol/src/policydb.c:1245:6 #9 0x5771f3 in policydb_read ./src/policydb.c:4481:6 #10 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #11 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #12 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #13 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #14 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #15 0x7f4d933157ec in __libc_start_main csu/../csu/libc-start.c:332:16 #16 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 46fb4893..70b503e1 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2103,6 +2103,8 @@ static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) goto bad; comdatum->permissions.nprim = le32_to_cpu(buf[2]); + if (is_saturated(comdatum->permissions.nprim)) + goto bad; nel = le32_to_cpu(buf[3]); key = malloc(len + 1); @@ -2251,6 +2253,8 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) goto bad; cladatum->permissions.nprim = le32_to_cpu(buf[3]); + if (is_saturated(cladatum->permissions.nprim)) + goto bad; nel = le32_to_cpu(buf[4]); ncons = le32_to_cpu(buf[5]); @@ -3980,6 +3984,8 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, if (rc < 0) return -1; nprim = le32_to_cpu(buf[0]); + if (is_saturated(nprim)) + return -1; nel = le32_to_cpu(buf[1]); for (j = 0; j < nel; j++) { if (read_f[i] (p, decl->symtab[i].table, fp)) { @@ -4106,7 +4112,7 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) goto cleanup; scope->scope = le32_to_cpu(buf[0]); scope->decl_ids_len = le32_to_cpu(buf[1]); - if (scope->decl_ids_len == 0) { + if (zero_or_saturated(scope->decl_ids_len)) { ERR(fp->handle, "invalid scope with no declaration"); goto cleanup; } @@ -4396,6 +4402,8 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) if (rc < 0) goto bad; nprim = le32_to_cpu(buf[0]); + if (is_saturated(nprim)) + goto bad; nel = le32_to_cpu(buf[1]); if (nel && !nprim) { ERR(fp->handle, "unexpected items in symbol table with no symbol"); From patchwork Mon Oct 11 16:25:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550523 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48EACC4332F for ; Mon, 11 Oct 2021 16:26:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F44660E8B for ; Mon, 11 Oct 2021 16:26:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232134AbhJKQ23 (ORCPT ); Mon, 11 Oct 2021 12:28:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43984 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232129AbhJKQ23 (ORCPT ); Mon, 11 Oct 2021 12:28:29 -0400 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1FC2C06161C for ; Mon, 11 Oct 2021 09:26:28 -0700 (PDT) Received: by mail-ed1-x52d.google.com with SMTP id w14so18196740edv.11 for ; Mon, 11 Oct 2021 09:26:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=KdZ9FDciXkEH9cgD4Fn+Yo18eekBb9pCxyRlHDV5C9s=; b=h0OuQn0/d6nvv6cBAdzS/Z85RwWfCxDM8IV8Dvob1qDN2NZuY9ITMvUGCy+iJIjPa7 VmlbMdC7cijHdDYk666u2oom7oNECff0Iy/PMuCJnyeUKB3aEYdGUJHNFKBipHU8malM xbchEaZBE+CiFXXT/TQy/ZdSjQVGCB9H9aBUpawNM3ffNtvvQI21vKTeveRkfkBtBMrx BapbhkrCqFgTi66YAzI3ndgqvkYladcA0gqWAc2aiWwp13ZW7Dr+p3DUTFxGUT3GXx3g akVnsWhATwwnRhagtZkXNFXWuEZtjvHY4aYTDDQxWA8WrBcUqgibXLJtX1TdG21IHRzP aBgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KdZ9FDciXkEH9cgD4Fn+Yo18eekBb9pCxyRlHDV5C9s=; b=DLycbLUo34R7wdKZYywl8OgoISvnz4UViyvcguzN0Lr8WsxFAt/vr7N5S++GfWJ9V6 s8HGEwP/pCShIPfmt/TiDHIuc5XtQvCWFBUFW9qULKjf+3UErvbiKs0ZEPx/708EcupB A8dViBHniTN6uhleRGVZRLLJyYQlV0Ez2CAyuaXk8JhPlpD7gsXjwH3iTIpt3Nqx57+s Nef+ykRMcqj8YWu3yu/an0eBbLvcsOBUvWgL8Gbvm5UrY/VVrXG38TWNrrkQFzqR3Tid g6TCNZdzqsoyrAEvXIn/J5/0wDMMtgsK4yDS80LKSpnOhPbCRqYEbXRKHC9nPD2ihua6 PhBg== X-Gm-Message-State: AOAM531gL+Z4m0ox6qYsCbOAJjJeeCu+kV6DmqH5trPfWeTzazuCy3VL 5hm16XrAFVZ19gL9MfTZWqORF5HbRJc= X-Google-Smtp-Source: ABdhPJyIHBqmYkguYGpBf4puUphCWARSBrcmmhR3cU1Pkw4Gm3d/mgY1b7123YDel7xWRPx3K/EeWA== X-Received: by 2002:a17:906:4310:: with SMTP id j16mr27028820ejm.48.1633969587223; Mon, 11 Oct 2021 09:26:27 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:26 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 11/35] libsepol: enforce avtab item limit Date: Mon, 11 Oct 2021 18:25:09 +0200 Message-Id: <20211011162533.53404-12-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the current item count does not exceed the maximum allowed to avoid stack overflows. ==33660==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fa64b8fc070 at pc 0x0000005acba0 bp 0x7ffc1f0b2870 sp 0x7ffc1f0b2868 READ of size 4 at 0x7fa64b8fc070 thread T0 #0 0x5acb9f in avtab_read_item ./libsepol/src/avtab.c:507:18 #1 0x5acec4 in avtab_read ./libsepol/src/avtab.c:611:8 #2 0x576ae3 in policydb_read ./libsepol/src/policydb.c:4433:7 #3 0x55a1fe in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6 #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #8 0x7fa64cc867ec in __libc_start_main csu/../csu/libc-start.c:332:16 #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Address 0x7fa64b8fc070 is located in stack of thread T0 at offset 112 in frame #0 0x5aabdf in avtab_read_item ./libsepol/src/avtab.c:437 This frame has 6 object(s): [32, 33) 'buf8' (line 438) [48, 56) 'buf16' (line 439) [80, 112) 'buf32' (line 440) <== Memory access at offset 112 overflows this variable [144, 152) 'key' (line 441) [176, 192) 'datum' (line 442) [208, 244) 'xperms' (line 443) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ./libsepol/src/avtab.c:507:18 in avtab_read_item Shadow bytes around the buggy address: 0x0ff5497177b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ff549717800: f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 00 00[f2]f2 0x0ff549717810: f2 f2 00 f2 f2 f2 00 00 f2 f2 00 00 00 00 04 f3 0x0ff549717820: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff549717830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff549717840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff549717850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==33660==ABORTING Signed-off-by: Christian Göttsche --- libsepol/src/avtab.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c index 93505b20..2a52c69a 100644 --- a/libsepol/src/avtab.c +++ b/libsepol/src/avtab.c @@ -503,6 +503,12 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, for (i = 0; i < ARRAY_SIZE(spec_order); i++) { if (val & spec_order[i]) { + if (items > items2) { + ERR(fp->handle, + "entry has too many items (%d/%d)", + items, items2); + return -1; + } key.specified = spec_order[i] | enabled; datum.data = le32_to_cpu(buf32[items++]); rc = insertf(a, &key, &datum, p); From patchwork Mon Oct 11 16:25:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550525 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A445C43217 for ; Mon, 11 Oct 2021 16:26:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 829EC60EE5 for ; Mon, 11 Oct 2021 16:26:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232129AbhJKQ2a (ORCPT ); Mon, 11 Oct 2021 12:28:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232115AbhJKQ23 (ORCPT ); Mon, 11 Oct 2021 12:28:29 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25BD0C061570 for ; Mon, 11 Oct 2021 09:26:29 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id z20so69827934edc.13 for ; Mon, 11 Oct 2021 09:26:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=lplp4nrdJoR0RZEqBm7YvdG3+pwtN0xfF2+Xd6xX3YE=; b=pnEz81ILGDIoH84kB5e1flC5WThgP5aM+vhW6ACyjCHQyO1Q3x24oRswXQZefqOpLf +L7QpijzmGAAKjG1Y7wOiRW6wjH3MmyzEkvTZrgIGMD4PWiQwoAi/W4qq7zzlX4RHbme 7BRWj8jG/quPYSvdf00cybUwiqgLRTScAV4Iqgci71C8VQaL6XDFdxc3eUoLwJXhE3hd cp8BF1ruVMAT5aowjQUa/YW0x4gWW6tnDKwyhiCvL50fe9y6uLyn2XErDioFQoOtjdRC leBbLUXJ3vH6nc6S+cEReGTbZrEekPTFvL8HMzHWaaof1HLt+uu+VOJR+uhLihZw+Jmc G/4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lplp4nrdJoR0RZEqBm7YvdG3+pwtN0xfF2+Xd6xX3YE=; b=JCt6wn0PILHKDooiVkfs/pOqqVv2rogFjJcpj+rDcSXl0fKGs9JBXPP8z4Tp6mNscV C19sBUKkZZ4Ptm1CKCyYlE/6JKQWoiyiPn1F0bopWI8HOT152kWaMs9K9ZBhe1Esh4LF FXhAmdbG9IPMIv6iQg+PL3x17cOzRC2Kfs4g0Vera0DqVIXi4LEO3wXWxmZ7CQgZA/0B OkkPtbAwpHixU8kzDD+WtOEim7G+z1vp9aMtYk1ZHfeyCk1wwVITIrBGE+2yh/AIWI2j KEmoLAI67uGY6ZYd6/gJafkR8d4zLiIBk5YgISLCtE5swUYzVOwIezX6YjF8We08uom7 +eYQ== X-Gm-Message-State: AOAM5311/AUaqwG31Wcgti+0wE/ViHWGqwaA6Qlwnl8w7nRlwPvwhwu2 0GtSBd/QgYMlh/qWQEXvToS51lCxaKQ= X-Google-Smtp-Source: ABdhPJy5DBzz8h/djt/JPnhx/RvjWrBLkma9jKz1NA1OB8AJpWP8HXiehqyhGaxB+ptAG8oNVAUEfw== X-Received: by 2002:a17:906:660f:: with SMTP id b15mr27364950ejp.491.1633969587694; Mon, 11 Oct 2021 09:26:27 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:27 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 12/35] libsepol: clean memory on conditional read failure Date: Mon, 11 Oct 2021 18:25:10 +0200 Message-Id: <20211011162533.53404-13-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Free the local access vector list on failure as it does not get moved into the policy structure. Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x52596d in malloc (./out/binpolicy-fuzzer+0x52596d) #1 0x5b30d2 in cond_insertf ./libsepol/src/conditional.c:682:9 #2 0x5ac218 in avtab_read_item ./libsepol/src/avtab.c:583:10 #3 0x5b21f4 in cond_read_av_list ./libsepol/src/conditional.c:725:8 #4 0x5b21f4 in cond_read_node ./libsepol/src/conditional.c:798:7 #5 0x5b21f4 in cond_read_list ./libsepol/src/conditional.c:847:7 #6 0x576b6e in policydb_read ./libsepol/src/policydb.c:4436:8 #7 0x55a1fe in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6 #8 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #9 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #10 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #11 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #12 0x7f47abeb87ec in __libc_start_main csu/../csu/libc-start.c:332:16 Signed-off-by: Christian Göttsche --- libsepol/src/conditional.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index 9a10aae1..50cb5395 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -724,8 +724,10 @@ static int cond_read_av_list(policydb_t * p, void *fp, for (i = 0; i < len; i++) { rc = avtab_read_item(fp, p->policyvers, &p->te_cond_avtab, cond_insertf, &data); - if (rc) + if (rc) { + cond_av_list_destroy(data.head); return rc; + } } From patchwork Mon Oct 11 16:25:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550527 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57652C433EF for ; Mon, 11 Oct 2021 16:26:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4115D60E8B for ; Mon, 11 Oct 2021 16:26:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232145AbhJKQ2a (ORCPT ); Mon, 11 Oct 2021 12:28:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232115AbhJKQ2a (ORCPT ); Mon, 11 Oct 2021 12:28:30 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8539C061570 for ; Mon, 11 Oct 2021 09:26:29 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id d3so42460105edp.3 for ; Mon, 11 Oct 2021 09:26:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=FXStbGqz/wV9AkuhE6zzk1UhkuY82+ILKcE9+4X7Eog=; b=na1/SwBu+NFW2Twq35/ilMchjFW9s3PRkLutCeiYzvS+rxmJFfTEj3VCtrmXZTD8HN c+oELBZEcZFhdjjilt/wYwdjmGkdxN8D4KL9Q1knvk09ZhntEWkg2SY0GzvIBVwC0rS5 wn1ufZYWe1ais16gSNSjji66ITFMFnJz9M7IcXivHjVxLgUV+hIQIu2ikIDp6HA2FtOO hmC2BcJDiDQ1Qj1k2devIJwgrck9bRpVa+wAJOv6FDnlUBPEZMCdDEaJWR2a2rNCjd/H /REQ2kPh62cNC07kcvgir/yFB4qJvyyVHwA49KZmECmkuC5W1z+hpZoWEsCEI5yNfm2H NprA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FXStbGqz/wV9AkuhE6zzk1UhkuY82+ILKcE9+4X7Eog=; b=OLo8HC1OqAAbJxQelBgFB10rfmgWL00hg/KIglCIrMYS3Tz811Vk6bLg60V+Jf/wdq MvbSO6T6ulb+c9g75idn2Pb97jEOI4kDTrMP32LHLUqwfHTD3zeA5mPIVcvUAeH2KHCJ YtYhOpSdWcFlFo/aqEhXrfzow+SeePoeTBrzcSPLkdk43YsmCURyHP0yfq/KaUm3mu4G TtB+tVqv1GgY7sDy2rR5IOPMCcdNhHxeilmzpXI+WSZm5mXJBHaGLrqNKs9OVIE7n25w ftIYlrnKlGYwTXX7y3/mhl7amZsMe1HWs4fHLHHjbzx0qfgDtY+kXYm3MKzt4gQeAQzU TnZA== X-Gm-Message-State: AOAM533XVF5RVAllQ3d1RFaPHMJYchmp6F/kX0Fsf96JecWnrk0mGYpd pmQ42BLKqfbsIqwx+0ipzQATyPvgOSs= X-Google-Smtp-Source: ABdhPJwWxkH5iY4wQfXz1fzPUhz5L/8feNJWyETZJCIyr4zw0NfwI8WELHwb9zi4an9e82b619USVA== X-Received: by 2002:a17:906:f8d0:: with SMTP id lh16mr25718615ejb.367.1633969588374; Mon, 11 Oct 2021 09:26:28 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:27 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 13/35] libsepol: validate MLS levels Date: Mon, 11 Oct 2021 18:25:11 +0200 Message-Id: <20211011162533.53404-14-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Validate the level map of the policy to ensure no level refers to a non existent category. READ of size 8 at 0x602000000c58 thread T0 #0 0x568d2c in cats_ebitmap_len ./libsepol/src/kernel_to_conf.c:1003:14 #1 0x568d2c in cats_ebitmap_to_str ./libsepol/src/kernel_to_conf.c:1038:19 #2 0x55e371 in write_level_rules_to_conf ./libsepol/src/kernel_to_conf.c:1106:11 #3 0x55e371 in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1140:7 #4 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3103:7 #5 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #6 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #7 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #8 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #9 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #10 0x7f741d0d67ec in __libc_start_main csu/../csu/libc-start.c:332:16 #11 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 5804d247..ca0dcca3 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -310,6 +310,29 @@ bad: return -1; } +static int validate_mls_level(mls_level_t *level, validate_t *sens, validate_t *cats) +{ + if (level->sens == 0) + return 0; + if (validate_value(level->sens, sens)) + goto bad; + if (validate_ebitmap(&level->cat, cats)) + goto bad; + + return 0; + + bad: + return -1; +} + +static int validate_level(__attribute__ ((unused))hashtab_key_t k, hashtab_datum_t d, void *args) +{ + level_datum_t *level = d; + validate_t *flavors = args; + + return validate_mls_level(level->level, &flavors[SYM_LEVELS], &flavors[SYM_CATS]); +} + static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) { unsigned int i; @@ -368,6 +391,9 @@ static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate } } + if (hashtab_map(p->p_levels.table, validate_level, flavors)) + goto bad; + return 0; bad: From patchwork Mon Oct 11 16:25:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DCBD2C433EF for ; Mon, 11 Oct 2021 16:26:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C3FDE60E8B for ; Mon, 11 Oct 2021 16:26:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232141AbhJKQ2b (ORCPT ); Mon, 11 Oct 2021 12:28:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232151AbhJKQ2a (ORCPT ); Mon, 11 Oct 2021 12:28:30 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88A25C061570 for ; Mon, 11 Oct 2021 09:26:30 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id d3so42460234edp.3 for ; Mon, 11 Oct 2021 09:26:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=moXSJDzCpBBgzSNajQ08xJDyEqF1htrxYCt/Ai68WKI=; b=RjWVPnSe9Yo7DIlRrbyFw36uBiAUmmkIotIbz6/aQL4MdMmRyjk4iq26YR8G2UOzni DJnfREYq6RojZT03V9aD/1UZantKBi/j79a/M5WWMaXaiDjOJ7xC1dP9CWlu8YuO4Wqb O2jgyFF/o+eJW+uSxbi9j8Bwj582kDZLex7tk3JdZcvw0UaCdXcYGpbLGl8bUG9/YPzD 0C5otNM6AQwObLgFXUHJKak8Jb75WPE/Is95MXrnkmN02vCLLM0o9Z9+6NmGZN/n1x3H vQfk7KbsF/vPl2JPQck+pO/74oTz4Nvt31CT9DHTYihmNZ4S+mARqnKaXCx/XAvx55j4 9bSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=moXSJDzCpBBgzSNajQ08xJDyEqF1htrxYCt/Ai68WKI=; b=mFNn0/jkX9EQ6/OKq+trOxOlI1k+Q1vDM1fxqbMDCfjO9tLe93uZxn0OxA7nuEn77b I/Yu2T/ZGw84oFTsHzzaIMyJBkDQtu2ZwfQ2b+L/LdgFsWDTaiuTJXZOivXyRZ17SyZr HaGpPJ36AIBUIZTLFPrswlun3JyFxLXAG16he9alxDQAnJ6qWUMQUabEI0fuaZGhqxnv JSd5nNB+Hr2ZPvw1c27CKiTZ/tdh1mtZbirZ7C4jR2TgApJlg2S2odJUumky9AYC2dC/ OlcxAs7JHBGm6PVxFtqs9UGuzG2RpqjzVIVnFB2UAmeTvT8EuX1UfXXjrXQDQctizVsX Fsig== X-Gm-Message-State: AOAM531rSUwz/mNc7cm2pdaMOcKDUNMu/6Eu0nhO++lIhcFQ9rXhrtMO h5w8iGaeZ/wyjfb+4WLcNKoZDeXA2u4= X-Google-Smtp-Source: ABdhPJx6heHnKV9Eu+bQ0CSCX+pqCiKOBYEjDsff12nIFfQMxEpujU/7oQ9swO5KJ3K7rWfDiO8+GA== X-Received: by 2002:a17:906:3510:: with SMTP id r16mr27273597eja.209.1633969588918; Mon, 11 Oct 2021 09:26:28 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:28 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 14/35] libsepol: reject invalid fsuse types Date: Mon, 11 Oct 2021 18:25:12 +0200 Message-Id: <20211011162533.53404-15-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Reject loading a policy with invalid fsuse declarations, except xattr, trans and task, so that all following code, e.g. the different output modes, do not need to handle unsupported ones. Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 70b503e1..980af059 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include "kernel_to_common.h" @@ -3099,6 +3100,14 @@ static int ocontext_read_selinux(const struct policydb_compat_info *info, if (rc < 0) return -1; c->v.behavior = le32_to_cpu(buf[0]); + switch (c->v.behavior) { + case SECURITY_FS_USE_XATTR: + case SECURITY_FS_USE_TRANS: + case SECURITY_FS_USE_TASK: + break; + default: + return -1; + } len = le32_to_cpu(buf[1]); if (zero_or_saturated(len)) return -1; From patchwork Mon Oct 11 16:25:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7975C433FE for ; Mon, 11 Oct 2021 16:26:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9217460EE5 for ; Mon, 11 Oct 2021 16:26:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232216AbhJKQ2d (ORCPT ); Mon, 11 Oct 2021 12:28:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232164AbhJKQ2b (ORCPT ); Mon, 11 Oct 2021 12:28:31 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25E95C06161C for ; Mon, 11 Oct 2021 09:26:31 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id t16so48115166eds.9 for ; Mon, 11 Oct 2021 09:26:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=uC+ySgpi2s/zDncbkZX9xqTdu0SZPJdJ+rLGpoLiySg=; b=CzCIbh1eQW7UQCE53YxSG6U1zLGRbGykk/205keGKzyCi/pnHtFKBW28V9ArNrYu5B ae2qIXJETyEHTTb1aEfFT4CrpYrMdFJZSkmqUNxmu0vG9gdRfcmf89YiPc1EpYPJwlVX 4ewU+6e7U85dviBfUQxmXg3VGQuiBJmeEQCq1mdLFPfNIFb8fj6vmAe/qShGbjSivQDx 9u3mkL6SlNoBC1cGOOJFIc5aiyDbaiZINCC4kwM5mEse2PlrKSknlCzzWWHS1cHuwShT BhSR/IPK2cANhKKeK7yC92KW+FaFDG1w4d+LaB9/51djBopCOhHZ08oloVi4zxntAH/r waAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uC+ySgpi2s/zDncbkZX9xqTdu0SZPJdJ+rLGpoLiySg=; b=XSUKa9esA7Mn1Kv9XVoKK0UFHkUPQ53JA3t5+AmewmvsSDDb3YN+MUsEHakVZp/e/C Bc2YJD4TsDmgHKq0neEFuNZVCndAFr/11fyE0pYp1XE3fDu90/pkF86E2mpe0A7usDo/ ACnmk08bHDlXQpSNQc9EeLoWN9x9SXPRvwg83pvpcQIqDwGJo2FQBhWoe9ovhT/u3tes VSYakoSUoofjSh2m8SYAuqhEnIhv09h8m65HnuQ3258grtcGCNqImw5MKl5ln00rolIk 6jTp5L7MqSdxakfaoLbBS10VcPlhmD5UK6ypIfUqCoADsEkfENPnpoKORxveGFsAT7u0 mksQ== X-Gm-Message-State: AOAM530p4PBimuHQnU+ziIYQPbVmomwA53d4eHfM5kXTkCOcv7mI3keF hsl0EaNuvujuaioVsoDUxn8gSX47RbY= X-Google-Smtp-Source: ABdhPJzZhyUWNAPbqFTUcuunvOb5E24uEjL+voNwVoZ7I4e46Acutz2aPR2iz1f7SLTiahaMNlx3JA== X-Received: by 2002:a17:907:77cd:: with SMTP id kz13mr27299833ejc.59.1633969589466; Mon, 11 Oct 2021 09:26:29 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:29 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 15/35] libsepol: reject invalid default targets Date: Mon, 11 Oct 2021 18:25:13 +0200 Message-Id: <20211011162533.53404-16-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Reject loading a policy with invalid default targets so that all following code, e.g. the different output modes, do not need to handle unsupported ones. Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 980af059..5e8b4a3f 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2313,8 +2313,37 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (rc < 0) goto bad; cladatum->default_user = le32_to_cpu(buf[0]); + switch (cladatum->default_user) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } cladatum->default_role = le32_to_cpu(buf[1]); + switch (cladatum->default_role) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } cladatum->default_range = le32_to_cpu(buf[2]); + switch (cladatum->default_range) { + case 0: + case DEFAULT_SOURCE_LOW: + case DEFAULT_SOURCE_HIGH: + case DEFAULT_SOURCE_LOW_HIGH: + case DEFAULT_TARGET_LOW: + case DEFAULT_TARGET_HIGH: + case DEFAULT_TARGET_LOW_HIGH: + case DEFAULT_GLBLUB: + break; + default: + goto bad; + } } if ((p->policy_type == POLICY_KERN && @@ -2325,6 +2354,14 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (rc < 0) goto bad; cladatum->default_type = le32_to_cpu(buf[0]); + switch (cladatum->default_type) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } } if (hashtab_insert(h, key, cladatum)) From patchwork Mon Oct 11 16:25:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54130C433EF for ; Mon, 11 Oct 2021 16:26:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3E60E60E8B for ; Mon, 11 Oct 2021 16:26:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232164AbhJKQ2f (ORCPT ); Mon, 11 Oct 2021 12:28:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232151AbhJKQ2b (ORCPT ); Mon, 11 Oct 2021 12:28:31 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A0E5C061745 for ; Mon, 11 Oct 2021 09:26:31 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id g8so70005948edt.7 for ; Mon, 11 Oct 2021 09:26:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=cHhtep0cGwqd0jmEBxKWu6uhtluT1d6mG+Xlx+HtB5k=; b=iPuqhQIkK6P6pW3c3RJtIfYujzEnmVlSHSaisoBUZbDsT/872mTiWJtWwawpQyRNEb /7y2HxFycM1AensDO+YFTPInONq5TB3EoqjfKrEIEgN4iBIZbKYxuP/kK9dMXlTegqjM 7EA0YU3d3s0lmT94OA/017iUm3jTRKv3Hb7ZRkygn4IAOpWuym3StHVNxws0pS8gf4k8 1RQ/xNFX8BQ0UcNeOAylEC4omktYsxJNEaVBpn3SQGfHPrVQOAs7uw27FyB5OdrJfZIx i/qvnmkKW9OCADz4RBxxLiz8QMlpgMvDxlGQ6IYkbZW6kQWDHdH1KlbdXS4PGca3B/pM 3moQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cHhtep0cGwqd0jmEBxKWu6uhtluT1d6mG+Xlx+HtB5k=; b=XXxne9rK+ARFe9DFrgZ12XRWUwdfw+RaGeTMoRn81T9a7yveT0RTayhj/sfwQ5VF5u A/zbbviGtUQDifSOcoAryzdqrh7zU1QL9KolKIrClWhFR5GplkSMffdD7j7LcggyXwTN YaK7vxeMhL6TBxQSGEQoCeHa2vBOR+9Nu66NpNKDHn73RBxfSoDn+PSZpYd6l9mC5i/u n+n7fHXdpFKAPPktKNlePUWzBH7t70xAfNguI5xpKdpdrIOaZh9aM7bNECl3xPMH7auV hLd7YD2/Fc0uJa6qhDrwLZ8YWhYl7OlQOZxRjiSSjEUDrMv2Zgc5e/eoA1OxJzCYLVcn s39A== X-Gm-Message-State: AOAM533NXdtrs1Aws9zDFEYlJh3dzfbYTIuk6sbwsI22q9VJtJwYGx/W qncHX3FXdLsnIUsRr7vmqzl/IGX/49g= X-Google-Smtp-Source: ABdhPJxjqSsdRGas5tllzv+Fxdb3iYOdqZRkFBOGrE7GIwYEbK50qBkGSKLKatYJa/tyBHDB9VYtTw== X-Received: by 2002:a17:906:a1c1:: with SMTP id bx1mr19467181ejb.447.1633969589977; Mon, 11 Oct 2021 09:26:29 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:29 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 16/35] libsepol: validate expanded user range and level Date: Mon, 11 Oct 2021 18:25:14 +0200 Message-Id: <20211011162533.53404-17-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check those contains valid values. ==57532==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000001178 at pc 0x000000564c04 bp 0x7ffed7a5ad90 sp 0x7ffed7a5ad88 READ of size 8 at 0x603000001178 thread T0 #0 0x564c03 in level_to_str ./libsepol/src/kernel_to_conf.c:1901:19 #1 0x564c03 in range_to_str ./libsepol/src/kernel_to_conf.c:1926:9 #2 0x564c03 in write_user_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:2367:12 #3 0x55b137 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3184:7 #4 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #5 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #6 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #7 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #8 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #9 0x7f2c2e1a77ec in __libc_start_main csu/../csu/libc-start.c:332:16 #10 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 47 +++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index ca0dcca3..a6ae728a 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -290,38 +290,53 @@ bad: return -1; } -static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[]) +static int validate_mls_level(mls_level_t *level, validate_t *sens, validate_t *cats) { - if (validate_value(user->s.value, &flavors[SYM_USERS])) - goto bad; - if (validate_role_set(&user->roles, &flavors[SYM_ROLES])) + if (validate_value(level->sens, sens)) goto bad; - if (validate_mls_semantic_range(&user->range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + if (validate_ebitmap(&level->cat, cats)) goto bad; - if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + + return 0; + + bad: + return -1; +} + +static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *cats) +{ + if (validate_mls_level(&range->level[0], sens, cats)) goto bad; - if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS])) + if (validate_mls_level(&range->level[1], sens, cats)) goto bad; return 0; -bad: - ERR(handle, "Invalid user datum"); + bad: return -1; } -static int validate_mls_level(mls_level_t *level, validate_t *sens, validate_t *cats) +static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls) { - if (level->sens == 0) - return 0; - if (validate_value(level->sens, sens)) + if (validate_value(user->s.value, &flavors[SYM_USERS])) goto bad; - if (validate_ebitmap(&level->cat, cats)) + if (validate_role_set(&user->roles, &flavors[SYM_ROLES])) + goto bad; + if (validate_mls_semantic_range(&user->range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + goto bad; + if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + goto bad; + if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + goto bad; + if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + goto bad; + if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS])) goto bad; return 0; - bad: +bad: + ERR(handle, "Invalid user datum"); return -1; } @@ -383,7 +398,7 @@ static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate if (p->user_val_to_struct[i]) { if (ebitmap_get_bit(&flavors[SYM_USERS].gaps, i)) goto bad; - if (validate_user_datum(handle, p->user_val_to_struct[i], flavors)) + if (validate_user_datum(handle, p->user_val_to_struct[i], flavors, p->mls)) goto bad; } else { if (!ebitmap_get_bit(&flavors[SYM_USERS].gaps, i)) From patchwork Mon Oct 11 16:25:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550537 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23D9CC4332F for ; Mon, 11 Oct 2021 16:26:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 088A860E8B for ; Mon, 11 Oct 2021 16:26:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232185AbhJKQ2h (ORCPT ); Mon, 11 Oct 2021 12:28:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44016 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232198AbhJKQ2d (ORCPT ); Mon, 11 Oct 2021 12:28:33 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48D01C06161C for ; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id i20so53524277edj.10 for ; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BHup1qlMaWZvty1dyVJCc9ZAK6lZDscNovHZ5OLEpxY=; b=LXhCppsUdPHpuEoMgptjPR7ch5NeENM0VU5h2PnXmPvzTlrHiAMcltQm/KnjvRHIj4 QE4Kk3UDjIQzbBsKvysv05Yff4+8lfzt9xmZEzcga+GYXmSDR9rPJkGgxUpxnkDGpNHG 4BCJR3GFL0mX3cjStAZquLf1E4VYmHbkMhg1BpdlX8kWwp8W+6p+X8pK4xaPU/OWhF4+ oP3sQ3HnHS+siJ7AZLYqEBXIJUXckoM4klgeofmNAf+3ygzdtn3RPleRubzrT+IEw7yo Fkx15HWylKgls4O/5ImUJUvLHTukhiCa8Y+d8tq7PTP44ma+nJaSUzW+jbPRgWBez9J3 WSbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BHup1qlMaWZvty1dyVJCc9ZAK6lZDscNovHZ5OLEpxY=; b=Q++V0vqDUlIQ/lQwiddeRyzNcW/sAiPzFBJ043m+bZciFoc5XiTVaT9LKyV4I15rze xPRRrgwHKWKY7AL3UUWITx7LP7FFKQHiWEq20n/eJLKqpxFnNld/6xsWCo76NNsrfvjK pMaddzANzbUlx3RiF0pZxyb6rdBJIFz2AwXt7uUgDPjWUKQWF8HTyDg2BizXQjmn1Cd6 90jaXKdK/H6uUjuTFFmNz5If8rsiWkZgXVwqv6rSYJPQUAiaV8THT0Dp9be0MS5+DJHJ pvSKqqttDuNZl2bbaiVjSi9LYOo6YmnXfoqFvtYDzhOONlnBELT+5QiTM0GL9STydJ4S NRAQ== X-Gm-Message-State: AOAM531Qrdw4vrlMfOIOMzzz400ELTWf1E9P/lF659QmDeW4bg5JS/QQ b/6UL+sHXXVPOma39y+Mf7JB276CK6I= X-Google-Smtp-Source: ABdhPJz7Bg2gXI3N5sMx1MDj3Mm+TT2/tHifHM4HRj6cahUL1EfTJtVQa77jz0hHyxPtR99QMMkDZA== X-Received: by 2002:a17:906:3148:: with SMTP id e8mr26916093eje.240.1633969590474; Mon, 11 Oct 2021 09:26:30 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:30 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 17/35] libsepol: validate types Date: Mon, 11 Oct 2021 18:25:15 +0200 Message-Id: <20211011162533.53404-18-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check all types are valid values, especially important for aliases. ==9702==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000af8 at pc 0x000000560698 bp 0x7ffcca93b9f0 sp 0x7ffcca93b9e8 READ of size 8 at 0x602000000af8 thread T0 #0 0x560697 in write_type_alias_rules_to_conf ./libsepol/src/kernel_to_conf.c:1424:10 #1 0x55af16 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3131:7 #2 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #3 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #4 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #5 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #6 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #7 0x7f518b1d57ec in __libc_start_main csu/../csu/libc-start.c:332:16 #8 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index a6ae728a..c9700399 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -348,6 +348,14 @@ static int validate_level(__attribute__ ((unused))hashtab_key_t k, hashtab_datum return validate_mls_level(level->level, &flavors[SYM_LEVELS], &flavors[SYM_CATS]); } +static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum_t d, void *args) +{ + symtab_datum_t *s = d; + uint32_t *nprim = (uint32_t *)args; + + return !value_isvalid(s->value, *nprim); +} + static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) { unsigned int i; @@ -406,6 +414,9 @@ static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate } } + if (hashtab_map(p->p_types.table, validate_datum, &flavors[SYM_TYPES])) + goto bad; + if (hashtab_map(p->p_levels.table, validate_level, flavors)) goto bad; @@ -707,14 +718,6 @@ bad: return -1; } -static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum_t d, void *args) -{ - symtab_datum_t *s = d; - uint32_t *nprim = (uint32_t *)args; - - return !value_isvalid(s->value, *nprim); -} - static int validate_symtabs(sepol_handle_t *handle, symtab_t symtabs[], validate_t flavors[]) { unsigned int i; From patchwork Mon Oct 11 16:25:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C94C8C433F5 for ; Mon, 11 Oct 2021 16:26:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B770660E8B for ; Mon, 11 Oct 2021 16:26:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232256AbhJKQ2g (ORCPT ); Mon, 11 Oct 2021 12:28:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232185AbhJKQ2d (ORCPT ); Mon, 11 Oct 2021 12:28:33 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D9C3C061749 for ; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id d9so46037486edh.5 for ; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=EAcjYo/UANBtXSL6TDkzco2wBxRBoJWi6Qv9xG+KoXc=; b=fBhI9Ogi2uxbRANQgQBA9HWJT7jlBlKeM9Bsjxsplmckd7hbu4piQyz1+nJKa0mGnC Ekp3wq/XssuXFmzSUCixkQ1ft2GrQRHjZPAOgFMxKTSGXovYnD6AjnUr5T2GxP0j9Kld u3o1DH+zxmY2jDoMYxtFRTqeVlDuBGK6oyL4nFzcTBoTyGmHXQ42dugYSWMli3zQO9rS SNP/X/d4kYIe5GXImti9B34UL9HKRbiNZ+NsThezQF82Ep9slb2T8c0gCqTOr9OoOxTs ROf3djXNqeGdiyLVY/sa4/WIdmbHF5F3Znx3pPb2tGLhCIwDxVkG1bUMhwPwcQ+gyExS 1BAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EAcjYo/UANBtXSL6TDkzco2wBxRBoJWi6Qv9xG+KoXc=; b=DvvCE9RAERD9emHBeHUYQoZ2ZFS3khXIxGKvSXv+eKJFGf0IceskPQlU0Nr1MqyH6S oE5+GviupY4oBt3K0/eafLj2blAl4VqceXcl5XwG2uKV9tdEOPwdp/3MtZy44DwYt0Zz 89MVwAos4bIXwMVhVwMMbDJjHHzFvLl0ZjqbEH7cyeY8WNIx3P3xhh7PuhcQZrP1xBE0 po2cr+Pf0wnCWiQg0fQwNrzUDRLkgR7mAbvJ/rmjnpC7ORtT+SF7uN17C3eVzZdXsJUX A/88cND0HcwUOtgzsSmRaDxIc+3WMOnA3HQGwAxq0kykWrn5LQ22ZHPc1jRnrYmG92SM 9vkg== X-Gm-Message-State: AOAM5314EsFS/NUROTSUfYkNmMoGwU8QaYBKEMvclI0nPjyRYAJTN9tt qyNYSoBKadqTbLhVssJk9qR8N/+Uk6Y= X-Google-Smtp-Source: ABdhPJzsb0cZX932+buHKkfU/L693MzSQGxt28wmrbHkrUc6fZ6+abpILRunA1C6RJfHAJc/nGg81g== X-Received: by 2002:a17:906:2bc7:: with SMTP id n7mr26375048ejg.238.1633969590986; Mon, 11 Oct 2021 09:26:30 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:30 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 18/35] libsepol: use size_t for indexes in strs helpers Date: Mon, 11 Oct 2021 18:25:16 +0200 Message-Id: <20211011162533.53404-19-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use size_t, as the strs struct uses it for its size member. Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_common.c | 8 ++++---- libsepol/src/kernel_to_common.h | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 51df8c25..47c02d61 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -159,7 +159,7 @@ int strs_add(struct strs *strs, char *s) { if (strs->num + 1 > strs->size) { char **new; - unsigned i = strs->size; + size_t i = strs->size; strs->size *= 2; new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { @@ -212,11 +212,11 @@ char *strs_remove_last(struct strs *strs) return strs->list[strs->num]; } -int strs_add_at_index(struct strs *strs, char *s, unsigned index) +int strs_add_at_index(struct strs *strs, char *s, size_t index) { if (index >= strs->size) { char **new; - unsigned i = strs->size; + size_t i = strs->size; while (index >= strs->size) { strs->size *= 2; } @@ -237,7 +237,7 @@ int strs_add_at_index(struct strs *strs, char *s, unsigned index) return 0; } -char *strs_read_at_index(struct strs *strs, unsigned index) +char *strs_read_at_index(struct strs *strs, size_t index) { if (index >= strs->num) { return NULL; diff --git a/libsepol/src/kernel_to_common.h b/libsepol/src/kernel_to_common.h index 8aa483fa..e9932d30 100644 --- a/libsepol/src/kernel_to_common.h +++ b/libsepol/src/kernel_to_common.h @@ -99,8 +99,8 @@ int strs_add(struct strs *strs, char *s); __attribute__ ((format(printf, 2, 4))) int strs_create_and_add(struct strs *strs, const char *fmt, int num, ...); char *strs_remove_last(struct strs *strs); -int strs_add_at_index(struct strs *strs, char *s, unsigned index); -char *strs_read_at_index(struct strs *strs, unsigned index); +int strs_add_at_index(struct strs *strs, char *s, size_t index); +char *strs_read_at_index(struct strs *strs, size_t index); void strs_sort(struct strs *strs); unsigned strs_num_items(struct strs *strs); size_t strs_len_items(struct strs *strs); From patchwork Mon Oct 11 16:25:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550541 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 742DCC433FE for ; Mon, 11 Oct 2021 16:26:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5CB4B60E8B for ; Mon, 11 Oct 2021 16:26:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232198AbhJKQ2h (ORCPT ); Mon, 11 Oct 2021 12:28:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232203AbhJKQ2d (ORCPT ); Mon, 11 Oct 2021 12:28:33 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DE575C061570 for ; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id w19so10007481edd.2 for ; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BNFD+9F+vwUX0f0XeuxfAEZE3pvmAnh9lkEzT9ib510=; b=joQM9wJmIGHO/Y431REqgkR5EVxDcMKIkAp8zKqB6edZCh26i4Pn2v23AWhS1bo273 zQjkTRiEexDHdnoddofW8wdFVNA6TpYcPMfGPuUmxVH2MxKP2igWz71OGxnrX/RpaaWC 7xJqAAEtpMVefbOK/NyHnHF68AVkofmTgbt033pPwmNzqK2bchvyuBQ6mXpiMbx9CaSA z2d1Xd5BcouQp0Vy5JefAk1VR31gsOToclrEm4+9rpIGhZspw95Hws7vLwgb7L0Lovog oClfoM3TKiJbZp24KqlVgZFIaLsF9NVIAi9HgxCuzQZeGjHj9Up2TZfg2t8qy2TemzE7 AOng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BNFD+9F+vwUX0f0XeuxfAEZE3pvmAnh9lkEzT9ib510=; b=NF9UbiH7OHDkXuoyEtyQRBjo/u69KpWhM9/9HvWnweS2WuEYc6bGMfmiDjU7Fwra8R nrsMilOyV6X4TlXuvVNhIuZ5FWq19f/L0hrm8QVNVs1MJVrZOKXBzM6Vxgtz9uPE+J6D CS1WODDFMF/28MAK/fGkQ0q6bezBuIhdPhodMVJRz/Y3WM1Ko6fdmv2b9hJ90i1NiROy zEVJkHrjKcOeOgh5pF/32/qqRRPm0LscrRoPizNgX3nUcri4fqUy4XT8GxJdbeADL6zD ohXpcd0fozDTn+RFEUr4jlxYV3DdLzg7kuT9QnJjZ/3+Ozhxa1CgVhqHuXf0P4f2tObu 8mhg== X-Gm-Message-State: AOAM530N53VVd7SCfrZMOw4wnqW/gO8n+1jkraDQwBqD/i1y3ehVGnFN eGCMOxEo3ifThqoALh42sck7CJHZ5ps= X-Google-Smtp-Source: ABdhPJyIj2RdMYhBZUeJS/pWPFxGT1iIrHzZQ4axUuaYqS0YB0JvsZnV2RTFffWx3YSXTuC+pIWx2A== X-Received: by 2002:a17:906:84e:: with SMTP id f14mr26796119ejd.105.1633969591489; Mon, 11 Oct 2021 09:26:31 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:31 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 19/35] libsepol: reject abnormal huge sid ids Date: Mon, 11 Oct 2021 18:25:17 +0200 Message-Id: <20211011162533.53404-20-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check if the sid value is saturated to guard dependent allocations. ==19967== ERROR: libFuzzer: out-of-memory (malloc(7784628224)) #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aabe3 in __asan::Allocator::Reallocate(void*, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aabe3) #7 0x4aaa32 in __asan::asan_reallocarray(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aaa32) #8 0x525f8e in __interceptor_reallocarray (./out/binpolicy-fuzzer+0x525f8e) #9 0x5ebad3 in strs_add_at_index ./libsepol/src/kernel_to_common.c:224:9 #10 0x5680eb in write_sids_to_conf ./libsepol/src/kernel_to_conf.c:466:8 #11 0x55c1c0 in write_sid_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:498:8 #12 0x55ad36 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3083:7 #13 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #14 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #15 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #16 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #17 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #18 0x7f085ac657ec in __libc_start_main csu/../csu/libc-start.c:332:16 #19 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 5e8b4a3f..51fbd7c8 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2921,6 +2921,8 @@ static int ocontext_read_xen(const struct policydb_compat_info *info, if (rc < 0) return -1; c->sid[0] = le32_to_cpu(buf[0]); + if (is_saturated(c->sid[0])) + return -1; if (context_read_and_validate (&c->context[0], p, fp)) return -1; @@ -3032,6 +3034,8 @@ static int ocontext_read_selinux(const struct policydb_compat_info *info, if (rc < 0) return -1; c->sid[0] = le32_to_cpu(buf[0]); + if (is_saturated(c->sid[0])) + return -1; if (context_read_and_validate (&c->context[0], p, fp)) return -1; From patchwork Mon Oct 11 16:25:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550545 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6261FC433EF for ; Mon, 11 Oct 2021 16:26:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4BBC360E8B for ; Mon, 11 Oct 2021 16:26:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232222AbhJKQ2i (ORCPT ); Mon, 11 Oct 2021 12:28:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232181AbhJKQ2e (ORCPT ); Mon, 11 Oct 2021 12:28:34 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8508BC061764 for ; Mon, 11 Oct 2021 09:26:33 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id d3so42460752edp.3 for ; Mon, 11 Oct 2021 09:26:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=xW0/0u0OzRrm/2nH3UPZcwq0R3g21WYD6qMNqSPyGuM=; b=gdLXL54iLMiUsvBNU15T4ewhchMRBPTfDUrKuatfsHzstABNjATowBue0Nzi2UdjOH G7PPxsfAw6XQ6Ze8j3Ac/dLc9Sv5xsQ/oO5lREYW3ANDb6e/6H3sac/YcRxdQiQeRV+/ 7nzllgS4pWidpbueLxERsQLMVdAC5utH2Ke0mrb6aW2Ya2BlijwZsu8Qotfu9NvGrtW7 SApHy1O29bHEKpTJqWvshfEdkNKtXm3w8UcBKYdl9kemHk5Yy0kJhKDD0/3Rjc4tYBiC XGISFn5YM/auvb0TPRtlzf0V1dYObQd2ULlryQyWhiXHrn+7u/28ckMYxBqFH4SNld4M +Xjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xW0/0u0OzRrm/2nH3UPZcwq0R3g21WYD6qMNqSPyGuM=; b=fffgme6yyRgeeYLGCvgSFdsJLaxQtHHlvqXAzzqsuRKVEP/sBl4O2iWdjtnXil/J// L1ih6p0tyEPTGM/WVeDPpw9KjYlcbHeCQSL0xRqbccqrxqxc6BWikmTdvRj9QzjrHZ6/ Km8INeD+4XITasZfOTmHAEhfD3STbtjyVlorsDjSroxXxCl0kRZB51gVMZjfbGM3yuAt flrsAq3r0O6BycPEh28ZvRwfAEkGjU590PHL+l9BvXmXvUoIQFUVgMN/ho99uZbjhLy5 tulvhB1L77kQEVDhPyfP78T0cVwqlmwUNIrTLfBhlQ8Njk/rl7Jpn7EI6YsR/k8K4bgW BIcA== X-Gm-Message-State: AOAM533VQ/p6Gk38Zx4Siq+M/tk6euCgaW5/5L9nObOnLrfSnykWMF22 E3eryO31I53qnJbLSpcNWfcO1L0+ZVU= X-Google-Smtp-Source: ABdhPJwrLB3fh3sWo4DjUmxbsyIyzP9tvSYV9+Vh3FTIdweZmjkizUQVFsYOww8b0MeInhOWR8tQXw== X-Received: by 2002:a17:906:608e:: with SMTP id t14mr26409159ejj.441.1633969592013; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:31 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 20/35] libsepol: do not crash on class gaps Date: Mon, 11 Oct 2021 18:25:18 +0200 Message-Id: <20211011162533.53404-21-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Handle gaps in the class table while printing a policy configuration. ==21763==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x00000055b696 bp 0x7ffe69e8ab50 sp 0x7ffe69e8aa60 T0) ==21763==The signal is caused by a READ memory access. ==21763==Hint: address points to the zero page. #0 0x55b696 in constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:361:14 #1 0x55ac80 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3063:7 #2 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #3 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #4 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #5 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #6 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #7 0x7fc60d39e7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #8 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_cil.c | 9 +++++++++ libsepol/src/kernel_to_conf.c | 10 ++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index 305567a5..bb167647 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -358,6 +358,7 @@ static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->constraints) { name = pdb->p_class_val_to_name[i]; rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs); @@ -383,6 +384,7 @@ static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_st for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->validatetrans) { name = pdb->p_class_val_to_name[i]; rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs); @@ -461,6 +463,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) /* class */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = pdb->p_class_val_to_name[i]; perms = class_or_common_perms_to_str(&class->permissions); if (perms) { @@ -488,6 +491,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) /* classcommon */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = pdb->p_class_val_to_name[i]; if (class->comkey != NULL) { sepol_printf(out, "(classcommon %s %s)\n", name, class->comkey); @@ -503,6 +507,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = class->comkey; if (name != NULL) { common = hashtab_search(pdb->p_commons.table, name); @@ -727,6 +732,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_user */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_user != 0) { rc = write_default_user_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -738,6 +744,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_role */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_role != 0) { rc = write_default_role_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -749,6 +756,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_type */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_type != 0) { rc = write_default_type_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -764,6 +772,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_range */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_range) { rc = write_default_range_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index eb72e4ac..b2a42606 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -358,7 +358,7 @@ static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; - if (class->constraints) { + if (class && class->constraints) { name = pdb->p_class_val_to_name[i]; rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs); if (rc != 0) { @@ -383,7 +383,7 @@ static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_st for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; - if (class->validatetrans) { + if (class && class->validatetrans) { name = pdb->p_class_val_to_name[i]; rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs); if (rc != 0) { @@ -551,6 +551,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = class->comkey; if (!name) continue; common = hashtab_search(pdb->p_commons.table, name); @@ -577,6 +578,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) /* class */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = pdb->p_class_val_to_name[i]; sepol_printf(out, "class %s", name); if (class->comkey) { @@ -702,6 +704,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_user */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_user != 0) { rc = write_default_user_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -713,6 +716,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_role */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_role != 0) { rc = write_default_role_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -724,6 +728,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_type */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_type != 0) { rc = write_default_type_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -739,6 +744,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_range */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_range != 0) { rc = write_default_range_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { From patchwork Mon Oct 11 16:25:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550543 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C81FC43217 for ; Mon, 11 Oct 2021 16:26:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8767760EE5 for ; Mon, 11 Oct 2021 16:26:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232181AbhJKQ2i (ORCPT ); Mon, 11 Oct 2021 12:28:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232228AbhJKQ2e (ORCPT ); Mon, 11 Oct 2021 12:28:34 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 141D7C061745 for ; Mon, 11 Oct 2021 09:26:34 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id r18so70104662edv.12 for ; Mon, 11 Oct 2021 09:26:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=va5+10Ouy3lto9yBcETjc5kuae+zwr1wmlUfqCuLosA=; b=O6Dbj9NPRyjY802AfOVwuieFJvv6rosufoQoLlHs1/XSSy2bLNQ8aqxa2NOOg3oL4b EzPFY1sjLPSW73ip+UILO6uRU4GyII576w8mgVWWdJaxsKgYAcvViUyh/6QjFviE/GbT 7u/5MZaKMghHVwezUmHrhFiXnMgZ743HGXqNYFosbOxDZK0TJIogc8SX6ToNm8GOta8H YwO0BNb6AT3UkgmCN8KFC3HJoVXUxJgmFLg7OB1zvnkVBg9QhVlyibWKMfBvetUXeWBn SblFW9p+Y/NFCmSPw9m7W+n1B6jE3Ta1UCEm/5Qh9vVlsTBpLjFE53iMeKVKppY1OdE0 lKpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=va5+10Ouy3lto9yBcETjc5kuae+zwr1wmlUfqCuLosA=; b=plRu+r0FfHtk5v+cszE60sBdJ47HOeyHRQY+17SFDUNjVRgnwhzcknWg/1r5kTFuk4 Us16lcTQWlLy3MXumAQQ/VxvVXi3jPfoB/LM5eQ9y6HA4pvPpRinXYkD+T2V6mcsNVvs 6jAhXhjBiqxgN/6Izp91w+AYiqAzG7nEKmdAbJc5Eb5NyvOolgHMvigj2yQO+v4Y/f4F xr8oVzb8vtwwHmQL5VrxduZiYsr74/z3/aRl46gXynJJyBNy+ElYURx5hsDfnnUsqlGs cyqLwvlXTcJDAdf/GG8VqH9rQtIw0fX+9nJjSODJTai0cLilI/Acn1QsCcASQEADtUsu /3Sw== X-Gm-Message-State: AOAM533Ln3HFR0lEFkby+s5dTI/Bjqu3eA1e/ML0tZjF7xSlOcjoJC/F iV0vHTR/74rEoay36khiapoay4cqB2o= X-Google-Smtp-Source: ABdhPJym1wNyvVRO7aF7RUCkdU07h3AvFeBwQ6NBRF9ARaUmq5y8B6T2HjSLhSwIL8H3NlQpYp8Bdg== X-Received: by 2002:a17:907:3352:: with SMTP id yr18mr26401824ejb.32.1633969592549; Mon, 11 Oct 2021 09:26:32 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:32 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 21/35] libsepol: do not crash on user gaps Date: Mon, 11 Oct 2021 18:25:19 +0200 Message-Id: <20211011162533.53404-22-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Handle gaps in the user table while printing a policy configuration. ==24424==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004bdc55 bp 0x7ffc8790b810 sp 0x7ffc8790afb0 T0) ==24424==The signal is caused by a READ memory access. ==24424==Hint: address points to the zero page. #0 0x4bdc55 in __interceptor_strcmp (./out/binpolicy-fuzzer+0x4bdc55) #1 0x5ebdf6 in strs_cmp ./libsepol/src/kernel_to_common.c:253:9 #2 0x505669 in __interceptor_qsort (./out/binpolicy-fuzzer+0x505669) #3 0x5ebd84 in strs_sort ./libsepol/src/kernel_to_common.c:261:2 #4 0x564550 in write_user_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:2333:2 #5 0x55b137 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3190:7 #6 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #7 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #8 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #9 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #10 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #11 0x7f530128d7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #12 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_cil.c | 1 + libsepol/src/kernel_to_conf.c | 1 + 2 files changed, 2 insertions(+) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index bb167647..d9dc3f73 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -2392,6 +2392,7 @@ static int write_user_decl_rules_to_cil(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_users.nprim; i++) { + if (!pdb->p_user_val_to_name[i]) continue; rc = strs_add(strs, pdb->p_user_val_to_name[i]); if (rc != 0) { goto exit; diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index b2a42606..68dd2d32 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -2324,6 +2324,7 @@ static int write_user_decl_rules_to_conf(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_users.nprim; i++) { + if (!pdb->p_user_val_to_name[i]) continue; rc = strs_add(strs, pdb->p_user_val_to_name[i]); if (rc != 0) { goto exit; From patchwork Mon Oct 11 16:25:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550539 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3B4CC43219 for ; Mon, 11 Oct 2021 16:26:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BC68560E8B for ; Mon, 11 Oct 2021 16:26:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232151AbhJKQ2i (ORCPT ); Mon, 11 Oct 2021 12:28:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44038 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232238AbhJKQ2f (ORCPT ); Mon, 11 Oct 2021 12:28:35 -0400 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B180C061570 for ; Mon, 11 Oct 2021 09:26:34 -0700 (PDT) Received: by mail-ed1-x536.google.com with SMTP id i20so53524654edj.10 for ; Mon, 11 Oct 2021 09:26:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Dgevm551HvTqam31mONyJqFn16TI6hX8bq0US910bjE=; b=FI4RPZWhSuY2iYZkTzP6OVnOd8aMPrm7OpZGPy03dPbE3I/tNJI0bJZSleGTkJ3ah9 SBhtOHMJT9z/712sEwlvt5Ejl9DN3rPrsvnJTO6/QsVpGUZKLeZbpZttnIGaXwKtFenR si5jUHIERnc1Eje0Zz04BCa85vWkuu8MDGMMr5bYu+MKcFaSd0+CPbwF+P8RZ05SDqCI NNcolxapw1cWmKueVAb4izp3CFV/eDIAdlHuredWF6RUS/qpGg1YyjGhnH6bEAJPqKjU R7pp3RYGBZpR75f3tbH6U7kpveBF7YYDbKHJFuuAiqigkstifD3YJuV3GscUb0i4fpe8 1FWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Dgevm551HvTqam31mONyJqFn16TI6hX8bq0US910bjE=; b=8KnPgw9CMzAD8pHnhal9mwE4crOipJq1fgPfNF9CBRTXP1kp5CYFflR93Djlz2eHs+ FKbmpC3WjcVu8C2HwCXaOq+w7PF4CHSkssE9Rxzztt0xXZOSbAft8lrfXwsCwZihsIvy pUJtVe3XqnUKWlPJ869aW3sTSeym5T3xoZRZ/g1aSfcY0ulj/FGg/uo9d/rry40TMWqA X2eDV20MUkRvittxeKG3Lk+hrjt6hIRTZ5aPe8Z9eS9vdGpL95K66t3Kq1hGlsr79nWR kPucHf8heevj2AZI6OhkapkYiKrtJdpFwnT2kMS4b0oOgpyuzYCpQR+8FTzcNTZPrWFn 3NRQ== X-Gm-Message-State: AOAM5316wT4qzk2N2jjZ1YQw1OPFdkqGJAR5/M1tEG0zOmtXSi/GPks1 JcMvHWrSMM6AB3czpl7JRBbMWFGJWyc= X-Google-Smtp-Source: ABdhPJztMLIzUc0SjwtU/K1cw1s+Dv1dq4zPQi1XZzN8Z0ypOjItJ1Jwiw1BpxJBz0v6LwiD0MLtMw== X-Received: by 2002:a17:906:d1d6:: with SMTP id bs22mr27042485ejb.554.1633969593101; Mon, 11 Oct 2021 09:26:33 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:32 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 22/35] libsepol: validate permission count of classes Date: Mon, 11 Oct 2021 18:25:20 +0200 Message-Id: <20211011162533.53404-23-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check a class has not more than the supported 32 permissions. ==28413==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f74ec3341a3 bp 0x7ffd0b7e5030 sp 0x7ffd0b7e47e8 T0) ==28413==The signal is caused by a READ memory access. ==28413==Hint: address points to the zero page. #0 0x7f74ec3341a3 string/../sysdeps/x86_64/multiarch/../strchr.S:32 #1 0x4bfc78 in strchr (./out/binpolicy-fuzzer+0x4bfc78) #2 0x55b7f2 in class_constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:288:7 #3 0x55b7f2 in constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:364:9 #4 0x55ac80 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3071:7 #5 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #6 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #7 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #8 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #9 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #10 0x7f74ec2be7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #11 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index c9700399..7ec0675c 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -203,6 +203,8 @@ static int validate_class_datum(sepol_handle_t *handle, class_datum_t *class, va goto bad; if (validate_constraint_nodes(handle, class->validatetrans, flavors)) goto bad; + if (class->permissions.nprim > PERM_SYMTAB_SIZE) + goto bad; return 0; From patchwork Mon Oct 11 16:25:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550547 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31279C4332F for ; Mon, 11 Oct 2021 16:26:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1CFAB60EE5 for ; Mon, 11 Oct 2021 16:26:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232230AbhJKQ2j (ORCPT ); Mon, 11 Oct 2021 12:28:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232215AbhJKQ2g (ORCPT ); Mon, 11 Oct 2021 12:28:36 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D452C061749 for ; Mon, 11 Oct 2021 09:26:35 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id g10so69242331edj.1 for ; Mon, 11 Oct 2021 09:26:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=j90EYZcqqF1wB5E7bK0Mtcxhi5SeIjBfNkP6EzOzIAo=; b=PHwJWgXUQ3koI7r3BcBSa8Yk67dt01368xSwDl4MZI+iJ0mS0Xz/VtpMD437UHuMDu 2uE9iKbd02UzuVyAMhetRwW5lAICuJknUnXqjnw9H5kWBi7koXQ22Qi07dudlShLoUbW X1Vq/tp78CXn4o2nSOJFQy+a4hhxmWqWfHrG4XXzr0Bytml0PfG8DAlLDMWsxdiMs2gY x9xbsNvTEM4MiVQH+NkZfLAUOioYbvbVO7/vNIthfBLWQUmyM6WxYYOncleix2XseeUv nAGSZ2dERj5ldfemycGV7NIuMyB9SLqVpn/kS473lhHnPx4y+hediRopBCuXcEpHqp0G qQ1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j90EYZcqqF1wB5E7bK0Mtcxhi5SeIjBfNkP6EzOzIAo=; b=ToK+QbFzU1U83FfPYUHcn5ks40gcckV+CGeT1bpx+q/QqJD/Bw2b1noqBKomMsS40G XvIaGMd2FeKDjEAoW83jV1dgYyRzdAh0uvsTJ4YD9KC6AQi0dwRAqzJFm2RoTRdpYQSz FDRsOrmMt8RR+9uJLaIkt1IgKbXXIlgorOot2ko8PmPEWtC7VFEvWBA0N5GOy9DMYCPa q0KqPKa9UgmANcDrlenSQhaQGHGNd9E3lvbh1R524GAZ7AfiBxaZLaunIfOZi9lLKv/7 oYNuq20lXMEjy8qBkzveWL9sgMssMPLeNSUcqIsolbdOsek15+0hTPBwf4mQQE7VMDeQ ZMVg== X-Gm-Message-State: AOAM531x15jw8JE4VeTEbYNKt0DZg6ln655f6O1EilW9vpych9TFpvQ4 9gorpnokXm+Fr8za+8qy4f/RQmj7Ihk= X-Google-Smtp-Source: ABdhPJzwu4yJZtosl4Xa9SmvlbZNpgNX8yN2BX3iBE3sR/Jbtu4MMj1L5apPsx3ChIKgIdC1EdxDfA== X-Received: by 2002:a17:907:7803:: with SMTP id la3mr27559960ejc.235.1633969593639; Mon, 11 Oct 2021 09:26:33 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:33 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 23/35] libsepol: resolve log message mismatch Date: Mon, 11 Oct 2021 18:25:21 +0200 Message-Id: <20211011162533.53404-24-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 7ec0675c..fa128794 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -229,7 +229,7 @@ static int validate_role_datum(sepol_handle_t *handle, role_datum_t *role, valid return 0; bad: - ERR(handle, "Invalid class datum"); + ERR(handle, "Invalid role datum"); return -1; } From patchwork Mon Oct 11 16:25:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550549 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6F04C433F5 for ; Mon, 11 Oct 2021 16:26:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D33B660EE5 for ; Mon, 11 Oct 2021 16:26:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232228AbhJKQ2j (ORCPT ); Mon, 11 Oct 2021 12:28:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44048 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232242AbhJKQ2g (ORCPT ); Mon, 11 Oct 2021 12:28:36 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AAEF1C061762 for ; Mon, 11 Oct 2021 09:26:35 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id w14so18197755edv.11 for ; Mon, 11 Oct 2021 09:26:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=5y0Drt15itF2C/GZnjFvFERiJrniCQG2zJxSpdTv2As=; b=PNs+UAExMsz+aCvo9zlVBwgIxuAhChZMabFVi6jsLMxS/298rLZjG1S6GRg6g3+QEY zYC1ZLpGPErzyvGxFve45lyGR3/Y+AvoE3lBy7jJ0jwBSOKaK5bJC6MuITs9xGuw+EK5 Fo7pxvTOqkTVANrWj4AkuFD4KApBapIG7rEYp1N3cFA+85/8IHB3v2zIrAT7jAb/xwg4 4pdlnXWXllA7Lu/bCX3CDSRmxdJhNHmAEUxD6SUt904pVvTE1XdZ1xNuu0LIXty42DgE xR7Z2hSJM9pcdZ8cssaXQNbX2aynqaC7xYQDAngQiV278+DQn+83rZmBmmisO5EvMivQ l07w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=5y0Drt15itF2C/GZnjFvFERiJrniCQG2zJxSpdTv2As=; b=r52Db/WIjAUMBhaWy1V8bA/JHli/Up944y/1i42AOmAwDPBDa28nMPhu0j/NOmCh4b 1HBhvB4geDMdnTW4Y8mGgoRHJ0maIPTMEyWuojVg8Q7LljNS3ql1vG4/e/d19steKk8b /P1LVVaTlOcsQiy67lZY9fiBy6Fg2j9sPoqar2Mm/OmPuuOpznscsfmcpCDcEN0ermBo TMu7r0w7ivhck/eiOR7Az3KA5/mIv6QOZTRflawnoGzr3G6D/lEyfKXuAfRswJb8kpkr 5V9c5aOqOxDCGmP4dbJNmyWr+wN2LKH7YWp5bi1ku4h1f0xMAxvSAUkNldsySBQknsjZ PEoQ== X-Gm-Message-State: AOAM532GgUtRxuy5Q4edLtf2p7qSdPeCcaKOiYtoNUWMwlfq/lKOyBge V1E2oNe49YP3bqau98Ae0hY/P16Ycec= X-Google-Smtp-Source: ABdhPJyuVqF6gNG00NIomRfN2rTsqVSh95AkTPyEX117M2qsQf+HlV07sEbamx02tr9uDOB3ALELww== X-Received: by 2002:a05:6402:51d0:: with SMTP id r16mr43166287edd.353.1633969594129; Mon, 11 Oct 2021 09:26:34 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:33 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 24/35] libsepol: zero member before potential dereference Date: Mon, 11 Oct 2021 18:25:22 +0200 Message-Id: <20211011162533.53404-25-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The `next` member might be checked against NULL and dereferenced before it gets assigned, due to jumps from failure gotos to the cleanup section. ==31017==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x000000579654 bp 0x7ffd3a07d110 sp 0x7ffd3a07d000 T0) ==31017==The signal is caused by a READ memory access. ==31017==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used. #0 0x579654 in filename_trans_read_one ./libsepol/src/policydb.c:2874:55 #1 0x579654 in filename_trans_read ./libsepol/src/policydb.c:2902:9 #2 0x5771b7 in policydb_read ./libsepol/src/policydb.c:4509:7 #3 0x55a1f5 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6 #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #8 0x7f2a4e7f97ec in __libc_start_main csu/../csu/libc-start.c:332:16 #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 51fbd7c8..d246918b 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2815,6 +2815,7 @@ static int filename_trans_read_one(policydb_t *p, struct policy_file *fp) if (!datum) goto err; + datum->next = NULL; *dst = datum; /* ebitmap_read() will at least init the bitmap */ @@ -2832,7 +2833,6 @@ static int filename_trans_read_one(policydb_t *p, struct policy_file *fp) dst = &datum->next; } - *dst = NULL; if (ndatum > 1 && filename_trans_check_datum(first)) goto err; From patchwork Mon Oct 11 16:25:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550551 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1586C43219 for ; Mon, 11 Oct 2021 16:26:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8E34060EE5 for ; Mon, 11 Oct 2021 16:26:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232215AbhJKQ2k (ORCPT ); Mon, 11 Oct 2021 12:28:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232115AbhJKQ2g (ORCPT ); Mon, 11 Oct 2021 12:28:36 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B2C9C061768 for ; Mon, 11 Oct 2021 09:26:36 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id d9so46038123edh.5 for ; Mon, 11 Oct 2021 09:26:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=YXdIaf8BZVgkvF8pv1il9HYwdhvEGYJUq/hszZK8Q44=; b=Pofmt67r8xwn9GWYdhWlTvKbRG4FuE0NotKhNpGa2eidvGFzyDmoD/pGWy90p11eNF LAE+JKmw0obpFLa00Ei3hWa6WI/fUvc72njElGGZy6oQJu7Zv/yfpyRZdxTcoIKb179J vtrj3CePCBbzDI6sN2l5AOQ28wY10ky5w88ars9XDwr+MhyfGoLlj4HLC3Fn/t1vBlWw bBg24p501qy9SMzZg0AC1frQchdP6jy/lS+4U1R33/pp5I7PoDgfaMfnfrC9epC1DZdJ yAJTYehclIUCYjV+A/tpYVfSzec9HUg/KUU676PgVtv/pmmYojpfHZmwSJkV76bi4tEA 4ccQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YXdIaf8BZVgkvF8pv1il9HYwdhvEGYJUq/hszZK8Q44=; b=tZuTP3zhoXB7DIRz+99keUPoDKlfE7QU1EHJKTZc9UW6J6xny3t51TqnV25LtE80YK D277E+zwBr0WMJckoj7Eq5IB0jlz+NTgUtsp+OiDQhJYf/ZtMloX2zy/jIaTcE95vcJW 2mFlAM5EOxAVF4QwxNiBgHKHDLspIUggdiEagQSUHbuuIot7J7ZFTRDOyKTmSyFGDbQw 2s8mplmFqfzaOhFzBM6aCPJr6G44Ox7Fv+WNBn0zNb/Otk9kLN2jPaEii3f1kgbwOEgS 0UTX35rWaQWlkwXlF1vCqZI4nxWdaBPIlMK7hLJaXr3FzxPzMFMyRRItBFR5dH9UA9YC BKrA== X-Gm-Message-State: AOAM531l4ZMc8A2c5nuWMT1D/FcFZOYvii7nc1rCGXagC9tkNsC8dDYt FtCsU0V5FPg6owUzo4NzdRIt1OX2RmM= X-Google-Smtp-Source: ABdhPJx4uYdYbsvVH9GWHVhPdCnSxwmCWaIN2e4YMRI1oCaI7d5bvSf7LddBN9kC2VqWfLaV4aFtFg== X-Received: by 2002:a50:d8cf:: with SMTP id y15mr43556383edj.66.1633969594744; Mon, 11 Oct 2021 09:26:34 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:34 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 25/35] libsepol: validate avtab types Date: Mon, 11 Oct 2021 18:25:23 +0200 Message-Id: <20211011162533.53404-26-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check for invalid avtab types. Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index fa128794..89830ff3 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -441,6 +441,20 @@ static int validate_avtab_key(avtab_key_t *key, validate_t flavors[]) goto bad; if (validate_value(key->target_class, &flavors[SYM_CLASSES])) goto bad; + switch (0xFFF & key->specified) { + case AVTAB_ALLOWED: + case AVTAB_AUDITALLOW: + case AVTAB_AUDITDENY: + case AVTAB_XPERMS_ALLOWED: + case AVTAB_XPERMS_AUDITALLOW: + case AVTAB_XPERMS_DONTAUDIT: + case AVTAB_TRANSITION: + case AVTAB_MEMBER: + case AVTAB_CHANGE: + break; + default: + goto bad; + } return 0; From patchwork Mon Oct 11 16:25:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550553 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F4233C433FE for ; Mon, 11 Oct 2021 16:26:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DEC0760EE5 for ; Mon, 11 Oct 2021 16:26:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232263AbhJKQ2k (ORCPT ); Mon, 11 Oct 2021 12:28:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232259AbhJKQ2g (ORCPT ); Mon, 11 Oct 2021 12:28:36 -0400 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97296C061570 for ; Mon, 11 Oct 2021 09:26:36 -0700 (PDT) Received: by mail-ed1-x52d.google.com with SMTP id y12so57080411eda.4 for ; Mon, 11 Oct 2021 09:26:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=JVQIquMuJHiPVwX0HMvB2TldICYhNfD17LPr8jPECLg=; b=HEiMcYeANtep4PMWPZCqiXV3218b/IFIRwavxeNExbb8IMMdIeLghh9Fhv5Lwa15pv xmJIMq7XzqZJ0F5JAb620QAcmEiIyLKnMFIkugYN1Tt4pvx3zQKZxKt09i2FiEfUkZPX Tbo9UxYpHbr/zC/bQaBpCDAwy4hVN2PlfL8DxamebCMmn78NaFpN4vQQipgsDrCCZy9w Yo0xZlL1bfhCW5M8GSqyaDxPFK8RQbiqHXc9io2cSGScqrqBIYnpBetTfvbo9cpH/Kyc 09mHpdiikXWbrIm5dCrNhBtYn36ExWawezhBQaAAs9Kn4HQ0kZV1Y2an2Z1TZ1dtV1ry JSYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JVQIquMuJHiPVwX0HMvB2TldICYhNfD17LPr8jPECLg=; b=wLVcYLDiJqKqR30OW/48kdXIVHeEB/e4/fn4W6YwNcovZQnlNyi6is5Icg47so+LLn HhF8RWpPt4L9IeAigL0SJ3uxZQuU4dIrkMBw2XKGlo4ceJ0GadBGWOCZXrppt1kwO4Pf DvIl0a9boUDhDtZHU7Fs1f32h4nX00iio/7mAcsDA2/4umAbt6DO6xtIJXmRHyCN+2mF JqCdTX/Aj2lalXBgFOq6YtJV6hm9/FG7mQSqPrZhUVbPaRMwg2fEjPTpkLT/0t4Lj4U0 QDgFziIK4ADOMYpG3O43o98H4mRAPNCbxjSw/AgcooVkhrrsou4CC+LxwE0n3Jnfxy8i QxDA== X-Gm-Message-State: AOAM532WruQB3WBEahyKlBVzbrjMCE6OVRhQuok1UjWGtVLNTbOO3aPC fKt2yanzwLnVqQabrVSKHr+A7I49RwA= X-Google-Smtp-Source: ABdhPJyhE2pWHlMGkwE93FOVbKXV9SKxpBGzjOSFhUp1AFUoHL+Y9cZ8lh8T736t/Xd7C8hudjqc/Q== X-Received: by 2002:a17:906:1f95:: with SMTP id t21mr25815179ejr.234.1633969595234; Mon, 11 Oct 2021 09:26:35 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:34 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 26/35] libsepol: validate constraint expression operators and attributes Date: Mon, 11 Oct 2021 18:25:24 +0200 Message-Id: <20211011162533.53404-27-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 43 ++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 89830ff3..f0456583 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -185,6 +185,49 @@ static int validate_constraint_nodes(sepol_handle_t *handle, constraint_node_t * if (validate_type_set(cexp->type_names, &flavors[SYM_TYPES])) goto bad; } + + if (cexp->expr_type == CEXPR_ATTR || cexp->expr_type == CEXPR_NAMES) { + switch (cexp->op) { + case CEXPR_EQ: + case CEXPR_NEQ: + case CEXPR_DOM: + case CEXPR_DOMBY: + case CEXPR_INCOMP: + break; + default: + goto bad; + } + + switch (cexp->attr) { + case CEXPR_USER: + case CEXPR_USER | CEXPR_TARGET: + case CEXPR_USER | CEXPR_XTARGET: + case CEXPR_ROLE: + case CEXPR_ROLE | CEXPR_TARGET: + case CEXPR_ROLE | CEXPR_XTARGET: + case CEXPR_TYPE: + case CEXPR_TYPE | CEXPR_TARGET: + case CEXPR_TYPE | CEXPR_XTARGET: + case CEXPR_L1L2: + case CEXPR_L1H2: + case CEXPR_H1L2: + case CEXPR_H1H2: + case CEXPR_L1H1: + case CEXPR_L2H2: + break; + default: + goto bad; + } + } else { + switch (cexp->expr_type) { + case CEXPR_NOT: + case CEXPR_AND: + case CEXPR_OR: + break; + default: + goto bad; + } + } } } From patchwork Mon Oct 11 16:25:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550555 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A437FC43217 for ; Mon, 11 Oct 2021 16:26:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8CB8160E8B for ; Mon, 11 Oct 2021 16:26:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232248AbhJKQ2k (ORCPT ); Mon, 11 Oct 2021 12:28:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232202AbhJKQ2h (ORCPT ); Mon, 11 Oct 2021 12:28:37 -0400 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 22C9EC06161C for ; Mon, 11 Oct 2021 09:26:37 -0700 (PDT) Received: by mail-ed1-x536.google.com with SMTP id w14so18198022edv.11 for ; Mon, 11 Oct 2021 09:26:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=yc2fx4Ap1/tkoI87XprMV0RFXJcki7CxCBRfYmH7xak=; b=BDzfXNdhgKi3hE/2dwENWzDwZ9SaN+qE9TfOv1nPpvVLVctM+zGn73GPwxQnP7XpFg sH3EJnQE+MmnYXtPQDoN8C7jgxqdTIRz01foEhVuFqGbG7fDmCwxhFahLQt05RRW9Txq /4n63HcdBMe9Wgad9EiTpa2HsYoT88bPugKSYPQpH44OF090RVj7yl2YusVk5NpCN50H HL6Eqi/AzPU9OIWWMM80FKGNBiSAnQ2BD12Gy/c0ZVwqMN3lldGdMEaySKgy80+jEZqW STSt3hQpXzvlNEcDhRpOo2rJw7aKc/1cUqHPjYmR3ineQJRR5reaS/w/nSaZ1QKvX+vc 4sZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yc2fx4Ap1/tkoI87XprMV0RFXJcki7CxCBRfYmH7xak=; b=dqFEd5vBsXfDqLmxvn0+GW+yC86/p2CzQyKhU4fV7bcgoz5xAbHYoBZXa1qukZSebx EXnsSqHS9J60YxeQmVB30GQeWCXVS5HTCQMFkG01EatNh0Evw4YTsnCCBaECWXqgjvof LNRblqv8+47lIVvdN/DfSD9hIKdSaYLXJ9K0eLDllw35IJ+fAZMdovQBgtUq1XhZsD6o lHKEUTmZ1rfTQ9vruDv1I1Gadete/8Gl05Cww7rr3NhdRi40tZPTY86I5Ul5Scv9iyVn 6hfnSzWbkCa7jDEXo/rfn9J3SUT/7ekwxkcE2yMjUKL3cED7M93ATE86ijU7+N1hfqX4 ZsKw== X-Gm-Message-State: AOAM533gsNhQcVVmFnMOjbnYGmwvPqCFdlYVHpD2DfVg73JxYD8jqCCJ fClaOES4YKX6Jq2ZyoGEKCEpiY7QHCQ= X-Google-Smtp-Source: ABdhPJyppy9KTgAkOAm3p0Vgh1X8r5Iwn4N1XemPY+5uOHPjDexzx/t/JOXEuWajMPHU6uJLXyTxow== X-Received: by 2002:a17:906:9a07:: with SMTP id ai7mr26859532ejc.55.1633969595726; Mon, 11 Oct 2021 09:26:35 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:35 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 27/35] libsepol: validate type of avtab type rules Date: Mon, 11 Oct 2021 18:25:25 +0200 Message-Id: <20211011162533.53404-28-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org ==80903==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000005c0 at pc 0x0000005696c8 bp 0x7ffdb11ea560 sp 0x7ffdb11ea558 READ of size 8 at 0x6020000005c0 thread T0 #0 0x5696c7 in avtab_node_to_str ./libsepol/src/kernel_to_conf.c:1736:9 #1 0x569013 in map_avtab_write_helper ./libsepol/src/kernel_to_conf.c:1767:10 #2 0x5ab837 in avtab_map ./libsepol/src/avtab.c:347:10 #3 0x561f9a in write_avtab_flavor_to_conf ./libsepol/src/kernel_to_conf.c:1798:7 #4 0x561f9a in write_avtab_to_conf ./libsepol/src/kernel_to_conf.c:1819:8 #5 0x55afba in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3159:7 #6 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #7 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #8 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #9 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #10 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #11 0x7f97a83fd7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #12 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index f0456583..9134e541 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -505,15 +505,22 @@ bad: return -1; } -static int validate_avtab_key_wrapper(avtab_key_t *k, __attribute__ ((unused)) avtab_datum_t *d, void *args) +static int validate_avtab(avtab_key_t *k, avtab_datum_t *d, void *args) { validate_t *flavors = (validate_t *)args; - return validate_avtab_key(k, flavors); + + if (validate_avtab_key(k, flavors)) + return -1; + + if ((k->specified & AVTAB_TYPE) && validate_value(d->data, &flavors[SYM_TYPES])) + return -1; + + return 0; } -static int validate_avtab(sepol_handle_t *handle, avtab_t *avtab, validate_t flavors[]) +static int validate_avtabs(sepol_handle_t *handle, avtab_t *avtab, validate_t flavors[]) { - if (avtab_map(avtab, validate_avtab_key_wrapper, flavors)) { + if (avtab_map(avtab, validate_avtab, flavors)) { ERR(handle, "Invalid avtab"); return -1; } @@ -845,7 +852,7 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) goto bad; if (p->policy_type == POLICY_KERN) { - if (validate_avtab(handle, &p->te_avtab, flavors)) + if (validate_avtabs(handle, &p->te_avtab, flavors)) goto bad; if (p->policyvers >= POLICYDB_VERSION_BOOL) if (validate_cond_list(handle, p->cond_list, flavors)) From patchwork Mon Oct 11 16:25:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550557 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E690FC433EF for ; Mon, 11 Oct 2021 16:26:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D319860E8B for ; Mon, 11 Oct 2021 16:26:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232115AbhJKQ2l (ORCPT ); Mon, 11 Oct 2021 12:28:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232203AbhJKQ2i (ORCPT ); Mon, 11 Oct 2021 12:28:38 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ADF82C061749 for ; Mon, 11 Oct 2021 09:26:37 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id g10so69242854edj.1 for ; Mon, 11 Oct 2021 09:26:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=kEBfmT9jgU+Aqy1jYOZ17mJBPMg0AKJ6tM/dwyfLLyg=; b=jmuTyZToOSdlzcbvhuN8asqNffRdy7faocnYDluR745g2F/Wti18iIjghmkIjBk/r1 oXoCm7/e/67KRKxBk3fSeKC/YvdrImYQn9qHJkuhxEbCNWaJZiOKkmWkrOq4RF5PVSic 1IR5pTGcvOxS4NcHTzwUGzBF/j05QOUAQ3dlGnxuBuYM/dZI7S/xZDBKSmbqQ1ETerfd mq9tJw7X3107WQkKSQNsHgpL9/U9PokxfNp9pqEC3fkIzv7mP3ZKDETLuEfaYCcVeC+N tQU83Z7gIsoQ8Icq9cyCrwiY3dAtsMBaxd1XFdwM7KsKHaORf2rsE37Mv2XslMKTh8Gj Vj2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kEBfmT9jgU+Aqy1jYOZ17mJBPMg0AKJ6tM/dwyfLLyg=; b=UMb1D+umHuglQSL4abKaNj06bBbpI8xWX4y1O/udFVhiRLA2RAS1MyIvd9qnZAcLq0 lB7MT2Yg0NH9nqpbeXImUx7CnOGlCzoi4Ka/v9uyb8If+Rw+uial76LmGnZmY7/RcTu+ nPNvTVYWGgD668XocwIIKZIxTYNyuGcVI1TaqM1UPPewgsHCxXv7onZsYTmW1U8yb/bS efE9LwPFrf6LB9iiu2yrKVTWFb8rh/tnmu2Zuuur9FQMYUWjOrv2fG7gJ3ZsI6HJmWqn ahWKRA6gRsrbRMsSqCHN5JvZnyGxZtrqB8yo05lpsizfq+Zyu25VNDb+434n/hEYKuMV pC9g== X-Gm-Message-State: AOAM532rGpGbcn5LcVUe/dcX2lvuiGpj4WkEaO6kpp7tULSPotqFu91r Cwq3MEz3LHEDOO7PzNY3T2PGEnn5lJ4= X-Google-Smtp-Source: ABdhPJwDXTKOzum+EPBaYjDXu7lj73TXxuIGBAOC4Bol/XnNeS/g3JeUlzHedMvMNbgfB3lPVfEPhg== X-Received: by 2002:a50:d4cd:: with SMTP id e13mr42108470edj.29.1633969596224; Mon, 11 Oct 2021 09:26:36 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:35 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 28/35] libsepol: validate ocontexts Date: Mon, 11 Oct 2021 18:25:26 +0200 Message-Id: <20211011162533.53404-29-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org ==91274==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f60b0afe8c6 bp 0x7ffd42edc990 sp 0x7ffd42edc148 T0) ==91274==The signal is caused by a READ memory access. ==91274==Hint: address points to the zero page. #0 0x7f60b0afe8c6 string/../sysdeps/x86_64/multiarch/../strlen.S:120 #1 0x4bd128 in __interceptor_strlen (./out/binpolicy-fuzzer+0x4bd128) #2 0x5eb387 in create_str_helper ./libsepol/src/kernel_to_common.c:69:10 #3 0x5eb11e in create_str ./libsepol/src/kernel_to_common.c:99:8 #4 0x56ad7b in context_to_str ./libsepol/src/kernel_to_conf.c:2408:9 #5 0x56a717 in write_sid_context_rules_to_conf ./libsepol/src/kernel_to_conf.c:2441:9 #6 0x55b26c in write_selinux_isid_rules_to_conf ./libsepol/src/kernel_to_conf.c:2476:9 #7 0x55b26c in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3206:8 #8 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #9 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #10 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #11 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #12 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #13 0x7f60b0a887ec in __libc_start_main csu/../csu/libc-start.c:332:16 #14 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 37 ++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 9134e541..5c06e6f4 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -677,6 +677,41 @@ static int validate_filename_trans_hashtab(sepol_handle_t *handle, hashtab_t fil return 0; } +static int validate_context(context_struct_t *con, validate_t flavors[], int mls) +{ + if (validate_value(con->user, &flavors[SYM_USERS])) + return -1; + if (validate_value(con->role, &flavors[SYM_ROLES])) + return -1; + if (validate_value(con->type, &flavors[SYM_TYPES])) + return -1; + if (mls && validate_mls_range(&con->range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + return -1; + + return 0; +} + +static int validate_ocontexts(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + ocontext_t *octx; + unsigned int i; + + for (i = 0; i < OCON_NUM; i++) { + for (octx = p->ocontexts[i]; octx; octx = octx->next) { + if (validate_context(&octx->context[0], flavors, p->mls)) + goto bad; + if ((i == OCON_FS || i == OCON_NETIF) && validate_context(&octx->context[1], flavors, p->mls)) + goto bad; + } + } + + return 0; + +bad: + ERR(handle, "Invalid ocontext"); + return -1; +} + /* * Functions to validate a module policydb */ @@ -861,6 +896,8 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) goto bad; if (validate_role_allows(handle, p->role_allow, flavors)) goto bad; + if (validate_ocontexts(handle, p, flavors)) + goto bad; if (p->policyvers >= POLICYDB_VERSION_FILENAME_TRANS) if (validate_filename_trans_hashtab(handle, p->filename_trans, flavors)) goto bad; From patchwork Mon Oct 11 16:25:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B112C433F5 for ; Mon, 11 Oct 2021 16:26:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4965E60E8B for ; Mon, 11 Oct 2021 16:26:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232203AbhJKQ2l (ORCPT ); Mon, 11 Oct 2021 12:28:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232235AbhJKQ2i (ORCPT ); Mon, 11 Oct 2021 12:28:38 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1AC3EC06174E for ; Mon, 11 Oct 2021 09:26:38 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id g8so70007130edt.7 for ; Mon, 11 Oct 2021 09:26:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=2ussXvBkiHxOnVE22Z7y8uj3KdpqA+FqXCU69KIusE4=; b=fC5XbmI14E4Gej50rf7P5deSlweJE6BayYBuuvQv7OhGjQ3U7LHg/ZQM1LfN4qjHWF IpOFTVScY2stVKBpoOMcLTNNWxBEAScY64DnBiM5raPBCHA+dZbMUXphED9+ugLJDciP eY3oPG1ykh7TYPrulNkGLMocQc3eOzxvNMBpWysh/Wwx+mVAux6ZtaB2DTBl1bw7Ydjd TGI9H9LnGlZ8RJDMhqZjJ4iWJMqucHJndJ8In13b0VkmVpS56xAkEvK3U/9zAMEnv2+t G/yrz2GCRqcAkWzkHtBHgZbf5rgv/4f7Ko4bycNiycxfPY7tyBl6IIp1kkMV59jvhjKb jLUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2ussXvBkiHxOnVE22Z7y8uj3KdpqA+FqXCU69KIusE4=; b=vYLcYy1e1drlLlM0ldCmz66Qz1B9KlPqX6CDPc3KwbWaNLmC3ytIVe28dgWfW2gvv0 k8hE4inY3X0I8zBO5GqeV8Bn7i0ydMgo1BTMx4IkcOJ0aYw9T5+C0cWoGAbdRLpgWrgw kS0ArbN9BGSfDayeP8xKBBScOeM5b+cQIPtYdGyyQheuMKpu+UFboefAewQwzKnJv7QT Nfj8h2bQdkOMoIp6qOZIbClnDmWBVY+fofJSP9OsVksZhSwvbjIUMJzl0EfAe6up+O4e ISVySEDYvPokgRcIRa9f1lCIkotVA2M2OFdJcQOO4OISp9Xr7PDFTuO3ukcXK9kY20Ja GXzg== X-Gm-Message-State: AOAM532XD0AzUPweyiNgNzYWyLlnzZi+hjdeXFkFsDu4e91flAYS07eU JdBUnqTk3Y0ZHuxJxR85KanXLMo/M/o= X-Google-Smtp-Source: ABdhPJwUeybu0WVnuNMFekCPgACLq3uddadKiK7Hj+WKAuaBFVJWjCiUOIhRzjtdnc3fWEoJbtsC0w== X-Received: by 2002:a17:906:48c8:: with SMTP id d8mr27375396ejt.420.1633969596715; Mon, 11 Oct 2021 09:26:36 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:36 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 29/35] libsepol: validate genfs contexts Date: Mon, 11 Oct 2021 18:25:27 +0200 Message-Id: <20211011162533.53404-30-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 5c06e6f4..63fd935c 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -712,6 +712,25 @@ bad: return -1; } +static int validate_genfs(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + genfs_t *genfs; + ocontext_t *octx; + + for (genfs = p->genfs; genfs; genfs = genfs->next) { + for (octx = genfs->head; octx; octx = octx->next) { + if (validate_context(&octx->context[0], flavors, p->mls)) + goto bad; + } + } + + return 0; + +bad: + ERR(handle, "Invalid genfs"); + return -1; +} + /* * Functions to validate a module policydb */ @@ -898,6 +917,8 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) goto bad; if (validate_ocontexts(handle, p, flavors)) goto bad; + if (validate_genfs(handle, p, flavors)) + goto bad; if (p->policyvers >= POLICYDB_VERSION_FILENAME_TRANS) if (validate_filename_trans_hashtab(handle, p->filename_trans, flavors)) goto bad; From patchwork Mon Oct 11 16:25:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550561 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0790C4332F for ; Mon, 11 Oct 2021 16:26:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9B55D60EE5 for ; Mon, 11 Oct 2021 16:26:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232281AbhJKQ2l (ORCPT ); Mon, 11 Oct 2021 12:28:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232238AbhJKQ2j (ORCPT ); Mon, 11 Oct 2021 12:28:39 -0400 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1900C06161C for ; Mon, 11 Oct 2021 09:26:38 -0700 (PDT) Received: by mail-ed1-x52a.google.com with SMTP id ec8so20271178edb.6 for ; Mon, 11 Oct 2021 09:26:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=LNEcH2BVojNhAPW0dk9x+vN5dXFVO/AhbO3elN6T2yU=; b=mFUp6x+yxXnvs/SMPI5jSDo4jsAEqoyrWTp/yEMK4bh9tPi94l+t9+AJOD922WkSXg U4LOo8ZeVibouafBI66D/s/M/caybxv/CbEGXVsaP7MYWDMkuhmWdoLEUIERol6cA7fk WbWyP7ghYNNPEv77uGANNV6BdVIcoVrvb7fE3rnO2mR3QCB3MsSICWmLeGvKPGVpByYo tJ/zPLawbkGzxnSCaPaljpXyz5XrIigJ9nxGnGIgTTY/bJSNoT78beJgGYsMHziiFs1k QayMNNG4rCJ7iyJL62vMZwz/3MFL1r/UE7pirmbfQgYRVy0v4PEZx2Dk6oTSXA/1RCbd P/HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LNEcH2BVojNhAPW0dk9x+vN5dXFVO/AhbO3elN6T2yU=; b=0EUBFO2AsDhbT4fLVjujK7AVOUuFsOYPD/BVbO3ZwJ4iq2hXEuc094PZBJ/dh133og zCGuvsclGX5tvjXlMhNy5vWM8OzZPrEQ9ugZup5ZQgc7n5iGfQr6/QxFCM2l8yuXE6co yAB6gYl1LTEvu+C2wr0P3iO8y3deXoDMkOt413DdCIkdMgB7QpOkP8u3kxFkD4Uc0Eey ZQPEbfedXL4qW/iFciAkqzC0uJeRqTkN3QQSPO+O3kUzyHv8BmP/oxQal2UdqvrydMfs yRwLZAQYpTgnW24G7sAQNLkFhyuEkVZ6MNyf3QjSEeGNsVoIKHHTnQ6p6TOFCanoWMPE Xfjg== X-Gm-Message-State: AOAM533plewtm4zdmxI3nAccL2/ONLW/Yrm+M7lWquDMV/yEQNM/GtU9 eSfBg+9ykTpNneSLInyT2PBVuQ0dgew= X-Google-Smtp-Source: ABdhPJxOLuvWrGSi8/MD/2d8Ed2pB6oFUMuGgSbowCk7LXTtUpYBNH1lJM6kGoMX1XxjatT2Y5i/4w== X-Received: by 2002:a05:6402:785:: with SMTP id d5mr13086863edy.117.1633969597216; Mon, 11 Oct 2021 09:26:37 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:36 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 30/35] libsepol: validate permissive types Date: Mon, 11 Oct 2021 18:25:28 +0200 Message-Id: <20211011162533.53404-31-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 63fd935c..b1dacdad 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -886,6 +886,23 @@ bad: return -1; } +static int validate_permissives(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + ebitmap_node_t *node; + unsigned i; + + ebitmap_for_each_positive_bit(&p->permissive_map, node, i) { + if (validate_value(i, &flavors[SYM_TYPES])) + goto bad; + } + + return 0; + +bad: + ERR(handle, "Invalid permissive type"); + return -1; +} + static void validate_array_destroy(validate_t flavors[]) { unsigned int i; @@ -933,6 +950,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_datum_arrays(handle, p, flavors)) goto bad; + if (validate_permissives(handle, p, flavors)) + goto bad; + validate_array_destroy(flavors); return 0; From patchwork Mon Oct 11 16:25:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550563 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01434C43219 for ; Mon, 11 Oct 2021 16:26:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DE09160EE5 for ; Mon, 11 Oct 2021 16:26:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231791AbhJKQ2m (ORCPT ); Mon, 11 Oct 2021 12:28:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232242AbhJKQ2j (ORCPT ); Mon, 11 Oct 2021 12:28:39 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59509C061570 for ; Mon, 11 Oct 2021 09:26:39 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id d3so42461794edp.3 for ; Mon, 11 Oct 2021 09:26:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=U5rAOO5bnnml2hW62beszDghEdJvnAtLGC5HBonMbyw=; b=EkHU0zDr1pmxzKoTOhwZ2QF2RcFUbySMYwKguPmjh8KxLYvODNI/LTpix9t9p+9k7D dC85pBG2oCwN3h8sMsMX+SMKfqht9c0Z/FwdS//v62NJ0QOfqnqz6QdqKv8ZDwpBFgtX /SQWTMq3LtukP5TGEUnTYAjZCdfeBomR3PitsOlfsKVYvTbo7KMtKqawaiebKKvxeaVo nqvTjvLJ9tgN3Hb4LXMW9YplipZUOUglis622I4o3FbOGp86LLLWZ0L9JjRAQjupTRW2 +f60U+7H2o55BMZo9pR3qEv+Ar+uuUX6mNNSLy1sbUpBN9ZcOEoZKLFZ5MZQqGcmaprD pT3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=U5rAOO5bnnml2hW62beszDghEdJvnAtLGC5HBonMbyw=; b=PONt6fSFDrVR+e+4xs+POsWuoPYiz2D3YjLA4k5mB2lBzD4ERAhW32uW/qAEmX3nTV ItjZrcvEnvfd3MlVsKlqzZm6gCXX6OwszKMAX7/au+Wyf1EvpevAFME7P+fk3uGoPkjl KuWgoRGXf28uyySu+Zh1dXCldTTY3MDedm5gj6lCsFE8vksJCdXngo5uz4j8hg+H+F2V sRvuOX8qVle2mh/3IXrzq1KBubZpX7s/DYxKk8OJ/giBOyXRLgMvisatNWOZlKolrw3T mC8MfyqBtenDLXEWeMl/bZElwHFpEkqdqkcP5HFjqK9+cAsuEqIYL/INDZ70hqiK+Rkb WYEA== X-Gm-Message-State: AOAM532yBmT5vuUv3ONUvpgvxkCM5xiWv/Wjz9KeQhEuexbuhw6yCuNn TKHuF3SfJPQ/YK6QdZw1HD3wOdc4S4c= X-Google-Smtp-Source: ABdhPJyp+4ctIq13tA8k7pu6TShXIh6128qR7zYWdvORDmMHf5YjRk3Imwy2/ynal27H5jDwImIrrw== X-Received: by 2002:a05:6402:190f:: with SMTP id e15mr30257681edz.310.1633969597713; Mon, 11 Oct 2021 09:26:37 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:37 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 31/35] libsepol: validate policy properties Date: Mon, 11 Oct 2021 18:25:29 +0200 Message-Id: <20211011162533.53404-32-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index b1dacdad..860f9647 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -903,6 +903,54 @@ bad: return -1; } +static int validate_properties(sepol_handle_t *handle, policydb_t *p) +{ + switch (p->policy_type) { + case POLICY_KERN: + if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX) + goto bad; + break; + case POLICY_BASE: + case POLICY_MOD: + if (p->policyvers < MOD_POLICYDB_VERSION_MIN || p->policyvers > MOD_POLICYDB_VERSION_MAX) + goto bad; + break; + default: + goto bad; + } + + switch (p->target_platform) { + case SEPOL_TARGET_SELINUX: + case SEPOL_TARGET_XEN: + break; + default: + goto bad; + } + + switch (p->mls) { + case 0: + case 1: + break; + default: + goto bad; + } + + switch (p->handle_unknown) { + case SEPOL_DENY_UNKNOWN: + case SEPOL_REJECT_UNKNOWN: + case SEPOL_ALLOW_UNKNOWN: + break; + default: + goto bad; + } + + return 0; + +bad: + ERR(handle, "Invalid policy property"); + return -1; +} + static void validate_array_destroy(validate_t flavors[]) { unsigned int i; @@ -922,6 +970,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_array_init(p, flavors)) goto bad; + if (validate_properties(handle, p)) + goto bad; + if (p->policy_type == POLICY_KERN) { if (validate_avtabs(handle, &p->te_avtab, flavors)) goto bad; From patchwork Mon Oct 11 16:25:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550565 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10849C433EF for ; Mon, 11 Oct 2021 16:26:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E3D0160EE5 for ; Mon, 11 Oct 2021 16:26:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232238AbhJKQ2m (ORCPT ); Mon, 11 Oct 2021 12:28:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232251AbhJKQ2k (ORCPT ); Mon, 11 Oct 2021 12:28:40 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5447C061749 for ; Mon, 11 Oct 2021 09:26:39 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id w19so10008862edd.2 for ; Mon, 11 Oct 2021 09:26:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=sC8cwKG+2oCE7BgfnouvfvbA61CTdboV/LZj7svDuTg=; b=np4HMosfk4WYFT31XqjmgJtK0cavhnkwvcS4egLp1jeMtTc8SHYFm5jCnh2b3O65w3 x7KlQjOwY4j7C8eXpB6iBvoHpaWXaekaeC9jBZDBNTPKq6lljfbza9MIa5wWBCz9PiVw CYOtRjpOrW8ntHFQe+hgyZDP2PrUMGn56ver6a+Fs3XHUhsixq//ESVfNtppD+CDj904 ZV8PTtWpOi4zXjaEMGJKAFN3UE4k6RImab420dJkAcbdEQO9UXTYB3I2mIOwwQ89WRH/ dVeCTQltOZsl5kJePR9MOJHcEYfZNPOrueWtxkGEdtFWVPq9fFowagT7pRHgPGQ4mfin AUYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sC8cwKG+2oCE7BgfnouvfvbA61CTdboV/LZj7svDuTg=; b=cKaHryLg1U+v6gpOyXqhRDW6WIfsiOzNNoYxYwJJPpi5qIjwqmyl2jmywP1RPs/7md Ouh2QKUuKT13p6ApS2Yc+fHs7CnctKiNo4CHvQ5S9uk+6aOPpCaQzvg5jKbL3s6gwSVK YAGFkKl9FjEIAmZfYPeiDz4wPW7cMlpykFQgxQa3QtOz0P2k7ktm3HHrS9secN/70m3s LeMHhT3/3HKVLGSxXmVZfZltG0e358MGhLPgyy/I2kwdHz1t/PfjonO0rZIbpw6d5Q0e n+qMt0sx7pVmUfYq/heOLLYl5e8NqHNbgi+hx4De/d/ecHSudRUf4abyWZ1c6RCMClaH 5Iew== X-Gm-Message-State: AOAM530Hvd8QOsoXTrzC9bnkJp9BkGjQ8CFGzefrzBCojrB6p5Ai6lwN Jjjm6VUibD80DrZbeGVOnMecvSM9vn8= X-Google-Smtp-Source: ABdhPJxwuUdipVINgFMA1UhXRHgOoEuRdYQMEeISoV4zpp48aRuP58Cm1eE1G+XvC4UkQt84bUY/iQ== X-Received: by 2002:a17:906:4895:: with SMTP id v21mr27504585ejq.299.1633969598214; Mon, 11 Oct 2021 09:26:38 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:37 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 32/35] libsepol: do not underflow on short format arguments Date: Mon, 11 Oct 2021 18:25:30 +0200 Message-Id: <20211011162533.53404-33-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Handle format arguments that do not have a size of at least 2. kernel_to_common.c:69:20: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long' #0 0x557b0b in create_str_helper ./libsepol/src/kernel_to_common.c:69:20 #1 0x5577b8 in create_str ./libsepol/src/kernel_to_common.c:99:8 #2 0x56448c in cond_expr_to_str ./libsepol/src/kernel_to_conf.c:82:15 #3 0x56448c in write_cond_nodes_to_conf ./libsepol/src/kernel_to_conf.c:2103:10 #4 0x55bd9b in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3171:7 #5 0x4f9d79 in main ./checkpolicy/checkpolicy.c:684:11 #6 0x7fe2a342b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #7 0x41f3a9 in _start (./checkpolicy/checkpolicy+0x41f3a9) Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 47c02d61..152f2816 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -57,7 +57,7 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs) va_list vargs2; char *str = NULL; char *s; - size_t len; + size_t len, s_len; int i, rc; va_copy(vargs2, vargs); @@ -66,7 +66,8 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs) for (i=0; i 1 ? s_len - 2 : 0; /* -2 for each %s in fmt */ } str = malloc(len); From patchwork Mon Oct 11 16:25:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550567 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 423A1C433F5 for ; Mon, 11 Oct 2021 16:26:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F7F560EE5 for ; Mon, 11 Oct 2021 16:26:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232272AbhJKQ2n (ORCPT ); Mon, 11 Oct 2021 12:28:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44084 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232268AbhJKQ2k (ORCPT ); Mon, 11 Oct 2021 12:28:40 -0400 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A9A1C061570 for ; Mon, 11 Oct 2021 09:26:40 -0700 (PDT) Received: by mail-ed1-x52d.google.com with SMTP id g8so70007485edt.7 for ; Mon, 11 Oct 2021 09:26:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=AvGFnDSP4huMwwlGfEPMr9vrEcQGsJVBfOizJMkBNL8=; b=lvgexPQVhYJFZz8v1cU98hx3QELU264CMNVs0DTaQ1OXTGKzYCDqHDUDM2ow2FSQ0e hbtOYKNXaCm8LEFy+l/6PVZOam9pqYlF+hsr4MUE+cUjfWxBO+3jgkDxoP1uyQGPYfYK D8n4YrKVcXokwrI3SYZ5ZfgHnN0bk1XG/ebSiUtxYr9PZPGOvb581me0TX20kQRFwm0/ lp4I4zi84QaSmaGaCeSQPfMQ54d1isciPdurK3/ab7TidTQ7yEXvduK5d4lNQBU4oMUq Tf6NBd8FyJR9FN8OYBpoDYG/sWkqEJNJCGRvw1cBEqmRe3CqFdPnOK64kj+TZIB/EEgW e9EQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AvGFnDSP4huMwwlGfEPMr9vrEcQGsJVBfOizJMkBNL8=; b=2suBCqou/pLGW5pw9A/Y8EXlPXbHQd/wBk62cTobubG/V26T1eAdHhvueKVYSBNJpX zMl8xP5/XlnJh//f0O4JDjcWSvvWjwCktIYZTVYZKlReCMQWkzypC60qxg1tum1AbKuC 2hJjzC9ZCE2giw6l7UaIpDbBpd5TIwAL+kgCSOz1VJ9g3yoBRfUzMaVUbZq2Vz2Fcj/c PXKVuIKf9P36Gu/pswUwuuJsehpQFVgoZRj5TcGXmMZN3ckpcH9AdRabrvXdgR5Oskd8 WHz+3zvHkcNY9xxljOSLMy+jKEAinQLBd1Nt3O7MpuOz0+5F0h4vdDBD0t1OluKOFXll hceQ== X-Gm-Message-State: AOAM533B36FzjKpgPvqVGcLlXwZHYAvnQqbg2PCv1mgwcDHupfKyivwS KFWzmV+UYhdLkd8IsVbokkn1WbJzKGo= X-Google-Smtp-Source: ABdhPJyZpbmRyEPldMfXOwwSbHiuttExoWXQJxvQwX38ehFr7gHUi9OJI079f+qZuHZcoHu6EtUbmw== X-Received: by 2002:a05:6402:1b8a:: with SMTP id cc10mr42142798edb.313.1633969598775; Mon, 11 Oct 2021 09:26:38 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:38 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 33/35] libsepol: validate categories Date: Mon, 11 Oct 2021 18:25:31 +0200 Message-Id: <20211011162533.53404-34-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check all categories have valid values, especially important for aliases. ==7888==ERROR: AddressSanitizer: SEGV on unknown address 0x602000400710 (pc 0x00000055debc bp 0x7ffe0ff2a9d0 sp 0x7ffe0ff2a8e0 T0) ==7888==The signal is caused by a READ memory access. #0 0x55debc in write_category_rules_to_conf ./libsepol/src/kernel_to_conf.c:946:9 #1 0x55debc in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1137:7 #2 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3106:7 #3 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:37:9 #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #8 0x7fe80ccaf7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 860f9647..063bde18 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -465,6 +465,9 @@ static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate if (hashtab_map(p->p_levels.table, validate_level, flavors)) goto bad; + if (hashtab_map(p->p_cats.table, validate_datum, &flavors[SYM_CATS])) + goto bad; + return 0; bad: From patchwork Mon Oct 11 16:25:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550569 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 677ABC433EF for ; Mon, 11 Oct 2021 16:26:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4A01C60E8B for ; Mon, 11 Oct 2021 16:26:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232331AbhJKQ2p (ORCPT ); Mon, 11 Oct 2021 12:28:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232202AbhJKQ2l (ORCPT ); Mon, 11 Oct 2021 12:28:41 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8C9DC061570 for ; Mon, 11 Oct 2021 09:26:40 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id d9so46038889edh.5 for ; Mon, 11 Oct 2021 09:26:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=pLu4mHkYYQc8z3tNS7PIoIR3+Xtut+2aoaCaP2I/Hvw=; b=K/jbieJlq/xUIzTZ80qfZu167/Nv8EL9Z1x4cOyFsm2oA2JBBEgiIrI64HmTvEkv6z 8ErmnfY3/DSJ1FqTww6AGNSXb7j1IrPB4xihDq8qgF4NHZZyRYylW/m8aaJYacDD/aFo G2Ig7ib3niFYGZhYbIq9jjgV7eyZYPyJWcdCfJlPDKmgCc+quwlarewhJ6XYHGuX6Jee PI+b3WgRbUyX5h8lt0MPm9StjcbIQNiPJQnHHYkLBZ9qADlUSbkFEuvjSccj/l6+NrvE NTAosSJCPjL8YhH6VrPZQGgYZ5l1MUV1sQ0Vlm1GsOVAc1AEQ3RGffgmXNlC+llzl6gD cT8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pLu4mHkYYQc8z3tNS7PIoIR3+Xtut+2aoaCaP2I/Hvw=; b=K2BMwwt8NHwuVpt7P9izwQJXnYNbGe8MyCaR8p4L4tFnSM9tDjQbwb7tDU2qT/ocOC 0mQL3sYo5kL3fj5CTzY6E9UeJWx2vuGB/lTBJ8fqQE7tYnIGvZ7EOuI8l+EqFXgn3ryx UA02w0Uz3UAeBelutRM+VznbQQbgdvR9iNHymokT/rFGqgumQlyOxMEkBWabKCnsYuuV +620X/4StBT+fMKwjFfqSuV1X2Gyw7t8VvNpdOILoTLlQErTSY+l80eme7fszo/CY+b5 yCzRrX0jQnB+C46keOnBZSeLST2Znen6JZQss9sUxO/DeuWy7SVEY9kAz1PsBDGv6ZFi tlbw== X-Gm-Message-State: AOAM531RR6f637/ltpcYa5WDs9pq+g6HStt85zhuFaYXJBso4fytUFzc v3VoXv7ejf9zWSzTFmNvabFWPBoMxhc= X-Google-Smtp-Source: ABdhPJxrHsgPupPqBgoTlHSiM8TgWUgxAFAVDvuJIgJ1fiaFZQubbkrsYYaDjBe2UICWBQUQRD/6pw== X-Received: by 2002:a50:8d85:: with SMTP id r5mr42414947edh.312.1633969599277; Mon, 11 Oct 2021 09:26:39 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:39 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 34/35] libsepol: use correct size for initial string list Date: Mon, 11 Oct 2021 18:25:32 +0200 Message-Id: <20211011162533.53404-35-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the number of categories not levels, which might be zero, for the string list initial size of categories. Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 68dd2d32..dcdd4252 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -914,7 +914,7 @@ static int write_category_rules_to_conf(FILE *out, struct policydb *pdb) unsigned i, j, num; int rc = 0; - rc = strs_init(&strs, pdb->p_levels.nprim); + rc = strs_init(&strs, pdb->p_cats.nprim); if (rc != 0) { goto exit; } From patchwork Mon Oct 11 16:25:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12550571 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1DCAC433FE for ; Mon, 11 Oct 2021 16:26:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CC42E60E8B for ; Mon, 11 Oct 2021 16:26:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232242AbhJKQ2q (ORCPT ); Mon, 11 Oct 2021 12:28:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232259AbhJKQ2l (ORCPT ); Mon, 11 Oct 2021 12:28:41 -0400 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5AD62C06161C for ; Mon, 11 Oct 2021 09:26:41 -0700 (PDT) Received: by mail-ed1-x536.google.com with SMTP id p13so70637342edw.0 for ; Mon, 11 Oct 2021 09:26:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=RZ5+gxXPH9Zd+h08Fh/97W+plWtGJeY6+EoQt7QAdMk=; b=WeWBVoW2jSbPeQ6AEo8wtegK+CzlFGbDAp84nDcQRVrNJfFVEtnw8bvmRw/tpN1mct kznpS56ZFDafkYrZT9hRE4oySSoMh7l6XuVngFWUhV2qq2o2QHZlQBw41nUrd1AIl23a bLYqDTQ4ghpX8EERdVMBz6/b/DKvkCBVRESyMxnqbGKsUClpmlUmMq0oHRRZi8q4MIFO 51B+aKGBZeAdwXzRddtJsbGqrhNcqP9aooz0A2kjb/KJO9OcEAINctISDG4t3SBG66P2 FRPaZlDdbTFxqvWb9HQffTQh4ieZR1qjfCo9p7VJRzBVmpIhXcb22tIxEvDFu2Ec4oHu uxVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RZ5+gxXPH9Zd+h08Fh/97W+plWtGJeY6+EoQt7QAdMk=; b=bag8D87IgQfpkkFsT+OXzFoM+JhtWIqxvFYc5DB5pTjT/GJGBKpeDVy3784xbe5IEd /vA3qCFV7kb8bKWv/+3Hsj9frtLbxoJrSXpykIhrSl9KGBTBAqwKRGBOfUxqKnhCMZoe cvma3UFUe6zCc2UP3n1vj6gH1B1oIyoum4ZdfTXg/Ais0s9xhBx4ejEW9XxWfl2tayYc Fi5Y0rHrN7Rs0RLaGczX9Crx4+oSCgGBAb57qseosZPoNAF20Gn+s9eWcb/+ynPttRqX DGm+lmaZPkjCRfZNovZDMVWoqR1wPXpXmPNOmr9YQr6VXxp0/BitqQGDtRlXZH/dnJ+g /Qrw== X-Gm-Message-State: AOAM531qpklJ/PoW1KhVzth+GICPjbcJ7tU2UEy6K4eqcnR7rSVDVTD3 O3JJFPciFNeM8GphGqF1AP8wVVvU1Bs= X-Google-Smtp-Source: ABdhPJx72ewRXGwldsY1BD/9bucySIEdoSkn/8TZTE9hYb9m6Zwhcvl8j8sa0cdcDcLq4YDalruLsg== X-Received: by 2002:a17:906:1e55:: with SMTP id i21mr26385522ejj.547.1633969599768; Mon, 11 Oct 2021 09:26:39 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-010-085-058.77.10.pool.telefonica.de. [77.10.85.58]) by smtp.gmail.com with ESMTPSA id a1sm4489514edu.43.2021.10.11.09.26.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 09:26:39 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH 35/35] libsepol: do not create a string list with initial size zero Date: Mon, 11 Oct 2021 18:25:33 +0200 Message-Id: <20211011162533.53404-36-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011162533.53404-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Currently is it implementation defined, due to the size being passed to calloc(3), whether the operations fails nor not. Also strs_add() does not handle a size of zero, cause it just multiplies the size by two. Use a default size of 1 if 0 is passed and swap the calloc arguments for consistency. Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 152f2816..9f5400c9 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -107,6 +107,10 @@ int strs_init(struct strs **strs, size_t size) { struct strs *new; + if (size == 0) { + size = 1; + } + *strs = NULL; new = malloc(sizeof(struct strs)); @@ -115,7 +119,7 @@ int strs_init(struct strs **strs, size_t size) return -1; } - new->list = calloc(sizeof(char *), size); + new->list = calloc(size, sizeof(char *)); if (!new->list) { sepol_log_err("Out of memory"); free(new);