From patchwork Thu Dec  9 16:48:53 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667111
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DE2B2C433FE
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234627AbhLIQzg (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40092 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236251AbhLIQzf (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:35 -0500
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
 [IPv6:2a00:1450:4864:20::52d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C11F8C0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:01 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id e3so21818982edu.4
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Oc3znJHUCEvujx6hfd1xEOQVqetFzLJCTBaljK2iw/A=;
        b=T/gsNImGeOx//m0aCyO3BWkNe/mIHFAvh2ZxpnIEYKuhewpgTSFBgjlYp9EIJFNAuF
         i0yWyCZ4xtxvjeYGdFjAMlmvOF1s1AwwAtpMjX5z6+neuqLr45k7UGFV4O8ylVDz7mr6
         QaR9+dPDIew+9Q0JHOKXorjnN+e2kwa5M95S4nXG50iKTIfJweGDCHTNVDOkVKVBHxL6
         nt4aIJTDugRsHbxDc6XK2apIvXnXR0FJUfmDwiYr2BjL86rjj9Co6B7RgiPstaAZ9spm
         XiZgFUfrRQFLorgFJcJtmxquBQndwlUFuI0t+RHTi9v3vdi1Bir48wPD35mocoIM40kC
         msog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Oc3znJHUCEvujx6hfd1xEOQVqetFzLJCTBaljK2iw/A=;
        b=46JKkRcLk6ha/IS0Zlw1ZW61a0oVmwgQ2uzkPMgq2o8vGGz734d8HKuRv2qSicUIxn
         A7yC/dZPabpZrVcn8jL40uvC4YrZl3v70KNT/OhNi3EljT6DucwBEiRROWawdCDu2hk4
         qsZs456hyw/t/yGeOk6ZuvEs9HmK9b8wCavsuuxU0m6xjkTEeMz4LcDv8FM1sfjRNsr5
         87F9xbgma2lesnxUI8KLX0K+lD95JusNwXRzP7hl3d2PlQ55sgAb291wVQS9KuzZQn5H
         JhuhSMeskb51iUW308bLa9vY7rG32an4zpGQW8vjSzjr7CnGLl7+Tk8yuWzf7nQJz88F
         o8Fw==
X-Gm-Message-State: AOAM533hlkc1ZpkKywzprPMPGVukI8w3yhiFHWfnaWkbQcl1CArxTlrG
        bsJPzFHMS+PMZTIBY1+Lp/WKTs/ngHQ=
X-Google-Smtp-Source: 
 ABdhPJzaKS/JA5a74Z9Wh3HCRNhG41jo4X5rPn6lzkEnNBxoqGAU9M/SOccPT4XWxR3sruKaoQ3D7g==
X-Received: by 2002:a17:906:c14b:: with SMTP id
 dp11mr16964579ejc.294.1639068576305;
        Thu, 09 Dec 2021 08:49:36 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.35
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:35 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 01/36] cifuzz: enable report-unreproducible-crashes
Date: Thu,  9 Dec 2021 17:48:53 +0100
Message-Id: <20211209164928.87459-2-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Fail and report unreproducible fuzzing crashes and leaks. Such failures
are probably related to some global state not properly reset in the
fuzzer and can cause OSS-Fuzz to report flaky issues.

Suggested-by: Evgeny Vereshchagin
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 .github/workflows/cifuzz.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 5c2233a2..b28eb71a 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -30,6 +30,7 @@ jobs:
           oss-fuzz-project-name: 'selinux'
           fuzz-seconds: 180
           dry-run: false
+          report-unreproducible-crashes: true
           sanitizer: ${{ matrix.sanitizer }}
       - name: Upload Crash
         uses: actions/upload-artifact@v1

From patchwork Thu Dec  9 16:48:54 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667085
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 01FAEC433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238009AbhLIQzJ (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:09 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39936 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232578AbhLIQzI (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:08 -0500
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com
 [IPv6:2a00:1450:4864:20::52e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6E51C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:34 -0800 (PST)
Received: by mail-ed1-x52e.google.com with SMTP id o20so21701253eds.10
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=fNb1TvcUD2aDc/iSCEfcSHcpWweiw/5MjB5LTKFUIX8=;
        b=gfzHJRlDPtkggaWW+J0zxSfk4dvtkoEiS5wRP7MWgrkUjtnoldzT7JCx5dbDUiyf5x
         Xfd6YM9t8XaSenicoMiZHmpAokbDzIOYXAFe2Lrkx58TbxGnuonaW4K0vbNdufD2erOz
         kyKKBln0x9oUlE9J5QJzOARhDIer83i+KblV1tC1m68iQA7REHAumz80WfhDf83cn+XT
         1owDMJ4Nu3t9cLFW53Ry2hYE0IkIt0JoaWlIdipW0ZQ8KS91FnRh8VBk22mYft7ZcQUy
         aZqOAfUg1SQ/tkkkdGitMdwpa2y0lN7eiIYt6KU2gcgRIYGph8MqNWEtpM9Yf0e9aomn
         tvQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=fNb1TvcUD2aDc/iSCEfcSHcpWweiw/5MjB5LTKFUIX8=;
        b=q778uJKbieTgYZbbUFRyyQMDauq8snPySEi+8zvR4++ONpEF5sNLGihlt+mSQQIB4u
         +uLdq5H7nxhAjr6yaV2g1ku/2GYnPHHWG3Atkofj2Auko3qQ5cJ0DbQi/o27Rv2G15B2
         /c30E8G2IE8ex9KGeP6jt/hdGe7NzRNpE724/NhdS937f3jKZJhsOw+RDMDsw8Q8QNH2
         pK5X/BmMiEavfXEPfZIw3z4mLnoHZd59GHOw/1avlN9rMhmOE3hCH9qk25HX4QFfjquz
         6zt4lZqG5v48SGP0UCuXSpuAQ4W5EKViKB0E7Ru16GalmtSdcIxow+T1dhdsWR6zHMA4
         1JbA==
X-Gm-Message-State: AOAM532iTKf0oftATPxKGbijOhBzTb3LIcIkqFcLveKEnCm/3i+HAhyw
        6xiV9qTo6gGbKvQzZU92+tekRrUDveA=
X-Google-Smtp-Source: 
 ABdhPJzRUOLACYdd2L5qEkyNM6gqfqYiAY0+MjfMNEZ1FFpjjHsjn4dVNnmZev0B2JhLFgBhM0eLCA==
X-Received: by 2002:a17:906:730f:: with SMTP id
 di15mr16973533ejc.22.1639068576852;
        Thu, 09 Dec 2021 08:49:36 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.36
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:36 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 02/36] cifuzz: use the default runtime of 600 seconds
Date: Thu,  9 Dec 2021 17:48:54 +0100
Message-Id: <20211209164928.87459-3-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

The default runtime for CIFuzz[1] is 600 seconds; use it.

Since GitHub pull-requests are not the main contribution workflow the
number of runs should be manageable.

[1]: https://google.github.io/oss-fuzz/getting-started/continuous-integration/

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 .github/workflows/cifuzz.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index b28eb71a..92523db4 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -28,7 +28,7 @@ jobs:
         uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
         with:
           oss-fuzz-project-name: 'selinux'
-          fuzz-seconds: 180
+          fuzz-seconds: 600
           dry-run: false
           report-unreproducible-crashes: true
           sanitizer: ${{ matrix.sanitizer }}

From patchwork Thu Dec  9 16:48:55 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667117
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 89424C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241246AbhLIQzz (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:55 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40186 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232406AbhLIQzz (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:55 -0500
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com
 [IPv6:2a00:1450:4864:20::52b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39143C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:21 -0800 (PST)
Received: by mail-ed1-x52b.google.com with SMTP id x10so4327881edd.5
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=PwEtZwwXhuDHJLRC2ZP8P3LRIB6TXkGzitxoJYvbelE=;
        b=Qu0HpiMuHIivCBrz7bsNLuD+Ez8Ahkt/bXaK0z/hcra5qSfgEtUhZKDyM6AW1hUy1S
         jY0hjFkG/QNZT/Ic/nNPgcmQgHouY7hYLmq30C3R+h2t7uN/usgFQneN1MOZOiWvx6g6
         pXgaQn/UnrhNKDjjPcdTdevEwaNfffl/76pGtQwVdSYcxZ2Q/vSenHoUsajpSmNE5E/o
         4rHKBBkOkNh/0u0kIHNtDn9t1d4BKzWBl6xd8AP0/Gyx3blG5XFI3T284x9S5Ge4YMU8
         65P2jW8us5tqm7pYN/yaYshcy2KMncAVwUBAFvrN+ktGDaRkmoecP2gjpw1or5jU45Am
         EOsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=PwEtZwwXhuDHJLRC2ZP8P3LRIB6TXkGzitxoJYvbelE=;
        b=KeIOiRfISce0RHM2+5KbwxHnWl1Wf3ii5otaojqPCeFecH756nwumhdf0I/DwC+a7u
         BBHuhy1U+LeKM4ZkribBRgeKd4H/CXaw/BowuUZCm9sPZa2kmu+VQzwI21vrs1cWJ6BG
         BSOLsxK3W99nZz3BUC5dwvMQYuy4fuilJuG4YnF7zGeeQAvMe+X227ViGVcuC/QJmLe5
         +erb2bgQeCzXHtEGQNdB5zdUm25710NlQi5q9e72ndLJf2y/lMvIpsvojnYOih+9nyBe
         wpJ27041CqUMIrYe2Yzw+t0ZyVHRWF4xpL8sM1ywlHvXHRff0LS6pOoq48ctlOZ1+wRa
         lWwg==
X-Gm-Message-State: AOAM531dPKYgolIv63HWbiAixvsoNLo1hdEf/rhxsCn6h2KRj+6YLPW/
        7iM26bDsZWpsBY1t7Edka8YhPyaq3bU=
X-Google-Smtp-Source: 
 ABdhPJzNxS1BahqytADPsxOBviUl2sKsIXBbxJSKwVa3v/93UxntOx9pUJL+4npkYBXmwSsmMtvkeA==
X-Received: by 2002:a17:907:608b:: with SMTP id
 ht11mr17554636ejc.80.1639068577399;
        Thu, 09 Dec 2021 08:49:37 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.36
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:37 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 03/36] libsepol/fuzz: silence secilc-fuzzer
Date: Thu,  9 Dec 2021 17:48:55 +0100
Message-Id: <20211209164928.87459-4-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Do not output CIL log messages while fuzzing, since their amount are
huge, e.g. for neverallow or typebounds violations.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/fuzz/secilc-fuzzer.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libsepol/fuzz/secilc-fuzzer.c b/libsepol/fuzz/secilc-fuzzer.c
index 255b3241..9a1a16de 100644
--- a/libsepol/fuzz/secilc-fuzzer.c
+++ b/libsepol/fuzz/secilc-fuzzer.c
@@ -8,6 +8,10 @@
 #include <sepol/cil/cil.h>
 #include <sepol/policydb.h>
 
+static void log_handler(__attribute__((unused)) int lvl, __attribute__((unused)) const char *msg) {
+	/* be quiet */
+}
+
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	enum cil_log_level log_level = CIL_ERR;
 	struct sepol_policy_file *pf = NULL;
@@ -24,6 +28,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	sepol_policydb_t *pdb = NULL;
 
 	cil_set_log_level(log_level);
+	cil_set_log_handler(log_handler);
 
 	cil_db_init(&db);
 	cil_set_disable_dontaudit(db, disable_dontaudit);

From patchwork Thu Dec  9 16:48:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667081
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7D7A1C433FE
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232457AbhLIQzG (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:06 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39914 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236044AbhLIQzF (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:05 -0500
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
 [IPv6:2a00:1450:4864:20::52d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07B10C0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:32 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id l25so21579351eda.11
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=thmUdQlFoJs9efM2nchB5gnDJZxq/4Vysko9GqLtnH4=;
        b=QVd0f/Wr+4KHdsQvrBV9Yi8nfpPsu21oSqwlp0kojl5g0TRBPhAAIbkQEAWIkdEN0N
         tEOknC+V5w+lLHfqigRJNT0jpU9Un5dgeab6H3hFNm2SVNA8SxctaiqOHEG8m/Jqsi3J
         sOi7YbygbzbDn+J8aGyRCPSUz6PNLAcpqU4xdVEThJvNx+Rdlvm8OkP6HNUDCon9ffs7
         1tPPwDytit3yGNgkrZfoLUVN+11yN521Whz3gtUq3DRW6IGkP40FaV8Nf3e5R6gTBnPV
         1UCdSfjHo6IwVMvS+h8ft2CN7XUBTHCbC0z3MOHAHJd8nOqYIuuKKZ9tIPI/l77hBeKk
         5wRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=thmUdQlFoJs9efM2nchB5gnDJZxq/4Vysko9GqLtnH4=;
        b=whhQ4+lMDy8/ezkSY9AC4xWvtOux3Jj5nxgjzgtTZUF+6bAeKadOJTBN99sDnKygLX
         vy2GogWfjb0xEtFmfEc0NizvzC5/e8xFPplFuAie1B6YSbJj0ryrm4LwUdNkNcbcoTK9
         2OxqaEOXSDaox73TOet51HkHVpdRsTKuQAI1LHY0skEO22+129v8P14eJTW7Y6riLRpG
         oSv5zOLSkVkv3bWS2bYK3IgwH2iozONCEs1+6WstV3ZimYjAEjeMxiAmLWZ+Jkk1tpLi
         INkr5Rw/KWKPmaLegYS2Ah8JMA5JQwiru6R5BY0h2u3X1/UU3Li/jwZezf0kPuBwCoUf
         jPyg==
X-Gm-Message-State: AOAM531bWKrHvneHo5CpTxSV4pVF1Pvnlt8Ort4f3voL6jMGxJxx5ijF
        K/CJxknNV5fGoJveTFjpu9cG60/tBV4=
X-Google-Smtp-Source: 
 ABdhPJxItLt3LlnUJukY3P72bR0YFI13EtIKBgU7R9+YwM6w9qpzFkqCQY42PiUuSHzMWulH0L5f2w==
X-Received: by 2002:a05:6402:1ca2:: with SMTP id
 cz2mr29574158edb.302.1639068577926;
        Thu, 09 Dec 2021 08:49:37 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.37
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:37 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 04/36] libsepol: add libfuzz based fuzzer for reading
 binary policies
Date: Thu,  9 Dec 2021 17:48:56 +0100
Message-Id: <20211209164928.87459-5-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Introduce a libfuzz[1] based fuzzer testing the parsing of a binary
policy.

Build the fuzzer in the oss-fuzz script.

[1]: https://llvm.org/docs/LibFuzzer.html

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/fuzz/binpolicy-fuzzer.c |  63 +++++++++++++++++++++++++++++++
 libsepol/fuzz/policy.bin         | Bin 0 -> 1552 bytes
 scripts/oss-fuzz.sh              |  17 ++++++++-
 3 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 libsepol/fuzz/binpolicy-fuzzer.c
 create mode 100644 libsepol/fuzz/policy.bin

diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c
new file mode 100644
index 00000000..85c59645
--- /dev/null
+++ b/libsepol/fuzz/binpolicy-fuzzer.c
@@ -0,0 +1,63 @@
+#include <sepol/debug.h>
+#include <sepol/kernel_to_cil.h>
+#include <sepol/kernel_to_conf.h>
+#include <sepol/policydb/policydb.h>
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static int write_binary_policy(policydb_t *p, FILE *outfp)
+{
+	struct policy_file pf;
+
+	policy_file_init(&pf);
+	pf.type = PF_USE_STDIO;
+	pf.fp = outfp;
+	return policydb_write(p, &pf);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	policydb_t policydb = {};
+	sidtab_t sidtab = {};
+	struct policy_file pf;
+	FILE *devnull = NULL;
+
+	sepol_debug(0);
+
+	policy_file_init(&pf);
+	pf.type = PF_USE_MEMORY;
+	pf.data = (char *) data;
+	pf.len = size;
+
+	if (policydb_init(&policydb))
+		goto exit;
+
+	if (policydb_read(&policydb, &pf, /*verbose=*/0))
+		goto exit;
+
+	if (policydb_load_isids(&policydb, &sidtab))
+		goto exit;
+
+	if (policydb.policy_type == POLICY_KERN)
+		(void) policydb_optimize(&policydb);
+
+	devnull = fopen("/dev/null", "w");
+	if (!devnull)
+		goto exit;
+
+	(void) write_binary_policy(&policydb, devnull);
+
+	(void) sepol_kernel_policydb_to_conf(devnull, &policydb);
+
+	(void) sepol_kernel_policydb_to_cil(devnull, &policydb);
+
+exit:
+	if (devnull != NULL)
+		fclose(devnull);
+
+	policydb_destroy(&policydb);
+	sepol_sidtab_destroy(&sidtab);
+
+	/* Non-zero return values are reserved for future use. */
+	return 0;
+}
diff --git a/libsepol/fuzz/policy.bin b/libsepol/fuzz/policy.bin
new file mode 100644
index 0000000000000000000000000000000000000000..6f977ef34479daa9bf2e848c502ecea8d96f7912
GIT binary patch
literal 1552
zcma)5OLBuS3?==4PtZ+{&?9)$U3WbIlYnX65X0D})6Db;y>M5p9{5ov4Nx%;$<mW$
z3H<r}@pX|T$<xE~(b(pFDfU7D-=#naD2m2Fg9jW(-^m~bGdGSNY)e53<fv2qdtGkQ
z!jzhhLpdx(PWIwvbIwVQy0qhU$VF|O4}e{}D%0NI#$~><!L6(}!BqAt@_s$c!a#sw
zC$j7XLx!Aos(%-zs7Bl3l+Sv4XN--GML2e*`6?Tq1A9jjY>40a)K#TcVgu}o@qItz
z*n@Vpe$`n>9k>)lLo|5!#vC+5dA)f~edbIZ(r^=r47z&T$5@O7acJXBjy1qIauI91
zZV#hm%^Wra%{;^@N(_Mfp@x57&=A0V{XH^N#4uZ2$+ZB!To<dR3|?FRA3At3Wr~g%
zz~016vi3X+@#ERQVqoAOx)TgDxswt<g<podAL6jTDGsjGTrHewj)RLe$3eey9G;aL
td_V~(^i6Tdr3M$kUC#Ae9okPlwF6@KhlL%sbur5q>K{?!0dQgn^$*KOS$hBg

literal 0
HcmV?d00001

diff --git a/scripts/oss-fuzz.sh b/scripts/oss-fuzz.sh
index 16cc3c0a..72d275e8 100755
--- a/scripts/oss-fuzz.sh
+++ b/scripts/oss-fuzz.sh
@@ -32,7 +32,7 @@ SANITIZER=${SANITIZER:-address}
 flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"
 
 export CC=${CC:-clang}
-export CFLAGS=${CFLAGS:-$flags}
+export CFLAGS="${CFLAGS:-$flags} -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
 
 export CXX=${CXX:-clang++}
 export CXXFLAGS=${CXXFLAGS:-$flags}
@@ -49,11 +49,24 @@ make -C libsepol clean
 # shellcheck disable=SC2016
 make -C libsepol V=1 LD_SONAME_FLAGS='-soname,$(LIBSO),--version-script=$(LIBMAP)' -j"$(nproc)" install
 
+## secilc fuzzer ##
+
 # CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by
 # the compiler/linker so they shouldn't be quoted
 # shellcheck disable=SC2086
-$CC $CFLAGS -I"$DESTDIR/usr/include" -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c
+$CC $CFLAGS -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c
 # shellcheck disable=SC2086
 $CXX $CXXFLAGS $LIB_FUZZING_ENGINE secilc-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/secilc-fuzzer"
 
 zip -r "$OUT/secilc-fuzzer_seed_corpus.zip" secilc/test
+
+## binary policy fuzzer ##
+
+# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by
+# the compiler/linker so they shouldn't be quoted
+# shellcheck disable=SC2086
+$CC $CFLAGS -c -o binpolicy-fuzzer.o libsepol/fuzz/binpolicy-fuzzer.c
+# shellcheck disable=SC2086
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE binpolicy-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/binpolicy-fuzzer"
+
+zip -j "$OUT/binpolicy-fuzzer_seed_corpus.zip" libsepol/fuzz/policy.bin

From patchwork Thu Dec  9 16:48:57 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667119
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 09814C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230389AbhLIQz5 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:57 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40190 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241356AbhLIQz4 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:56 -0500
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com
 [IPv6:2a00:1450:4864:20::531])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99478C0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:22 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id x10so4328020edd.5
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=56ERkEPPB0NDyae5UcCDF97OxHrlRxY7HkGnvnU0+ww=;
        b=gnlcSgMThv+tO2awNYgkMReYqKgYscnVlvElAU9WCesehQn4utdUfTqY4fdtw5O7QJ
         4wPfcnv1HlUmH96wg4p5XB8l+kg8/ZWo6L51qX1yjdzxvfEtgERCuL+9Su3O4xSQDJ8w
         /eSeAqnTCQsos4Bflv+3k9kBiVLc2nlC8LWDDHJ43fELp1a9bttCgu4m7soSHpSuZpfn
         YdPgCkfkD33YNhKqp92q5cSDCOieSNabu6xnsA2uOhVefT8V+5YyD/fGIn72WtmpROcx
         6NCEU4Bh5jR9qj15rGoivl+MsjohmCCOCY6c1jzlm+RbZ9uOyLZA7k/zpUlE0GbpSBH1
         gt7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=56ERkEPPB0NDyae5UcCDF97OxHrlRxY7HkGnvnU0+ww=;
        b=jFBzslsXf7FAI103i3mH77T6RjI9kMXfvU7JyBmtrgBbA0Wel2QeaFI5ESAWpZa9HC
         vBEnmPnWankEDQsWAsFO8FPrRocJEYlDpZAOL0tu+6pNSSqanYlfc1AXF+cmIZVDzLzT
         21pNH1zNkveNhdiQGjImvBZANGGhfHSmh1S0pb50HP9Y5twjHb5chJPTCycB0LkFrZlh
         noLUzTB067LgkT9DWg1vlCtOxGGfk1t09A3dtL95/TqmgP84JKG5DLHv3EYsDhIFKz3g
         gdhhFPUPglX0hmudWqYRfARuTwtYtje+IKtXV5dZmz8rdsBzPQ4nhyBMA/e/WT1SSbql
         XDeg==
X-Gm-Message-State: AOAM533Rn4uljz5Pdt+wY5kK2ceKDx3IX1jKSNhrL92KLtqgXBBY5aub
        rKEDb7iTLQPSIf0qBU8IOyB5kz8dz5Y=
X-Google-Smtp-Source: 
 ABdhPJybHNPkE+4ORsh1JXrlad926wD4yIMFdlDCC4l2dLYIaojxrKKl7RP+7S9LpO+r601bTj+i3A==
X-Received: by 2002:a05:6402:2210:: with SMTP id
 cq16mr30870883edb.32.1639068578511;
        Thu, 09 Dec 2021 08:49:38 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.37
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:38 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 05/36] libsepol/fuzz: limit element sizes for fuzzing
Date: Thu,  9 Dec 2021 17:48:57 +0100
Message-Id: <20211209164928.87459-6-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Limit the maximum length of read sizes, like string length of module
version and name or keys and number of symtab entries.  This avoids the
fuzzer to report oom events for huge allocations (it also improves the
number of executions per seconds of the fuzzer).

This change only affects the fuzzer build.

    ==15211== ERROR: libFuzzer: out-of-memory (malloc(3115956666))
       To change the out-of-memory limit use -rss_limit_mb=<N>

        #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61)
        #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o
        #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o
        #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o
        #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557)
        #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7)
        #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143)
        #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb)
        #8 0x59d307 in str_read ./libsepol/src/services.c:1746:8
        #9 0x585b97 in perm_read ./libsepol/src/policydb.c:2063:5
        #10 0x581f8a in common_read ./libsepol/src/policydb.c:2119:7
        #11 0x576681 in policydb_read ./libsepol/src/policydb.c:4417:8
        #12 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6
        #13 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #14 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #15 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #16 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #17 0x7fe1ec88a7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #18 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

    ==12683== ERROR: libFuzzer: out-of-memory (malloc(2526451450))
       To change the out-of-memory limit use -rss_limit_mb=<N>

        #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61)
        #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o
        #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o
        #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o
        #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557)
        #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7)
        #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143)
        #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb)
        #8 0x575f8a in policydb_read ./libsepol/src/policydb.c:4356:18
        #9 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6
        #10 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #11 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #12 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #13 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #14 0x7fa737b377ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #15 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/private.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libsepol/src/private.h b/libsepol/src/private.h
index 71287282..6146f59f 100644
--- a/libsepol/src/private.h
+++ b/libsepol/src/private.h
@@ -44,7 +44,12 @@
 
 #define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
 
-#define is_saturated(x) (x == (typeof(x))-1)
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+# define is_saturated(x) (x == (typeof(x))-1 || (x) > (1U << 16))
+#else
+# define is_saturated(x) (x == (typeof(x))-1)
+#endif
+
 #define zero_or_saturated(x) ((x == 0) || is_saturated(x))
 
 #define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b)))

From patchwork Thu Dec  9 16:48:58 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667129
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E0F0BC4332F
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232406AbhLIQ4E (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:04 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40232 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241357AbhLIQ4E (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:04 -0500
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com
 [IPv6:2a00:1450:4864:20::52e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C9930C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:30 -0800 (PST)
Received: by mail-ed1-x52e.google.com with SMTP id g14so20891280edb.8
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=njRU7bLxjyOwbsy17KQnmIWSmP19HRbpEcxQ2c0CijM=;
        b=UQdwQcErCXLeQZZcGbIQ/QPsilWrJPsMuXhJFhUNoJP6qLaHrZtjGoEJOuemxoCUeR
         f3u2ASYfEHLLxYaiWkPgbpjcKYwgxWl2jqs5CynIj6qavqVibPVBWNRAtKnUeT7o0lmA
         H/B0QEAPMpkcG58xjOB4mIBU1bS8CkQX4bryVII2VllH7KIHPjGbIzONunlRlGN3eXne
         OH/IuFrHkAkYUXd5gEZWjFJRONruIMhJujpXSrx2LAy+ALjkoyGZnnOSadCrPxI/WZUB
         RYdLr8hebvlA/ZBH/+xHIC/Dq86bIO7FeZ4p1aBix/9m+hrIbOr/sQ/MINJWJYixe0ua
         T94A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=njRU7bLxjyOwbsy17KQnmIWSmP19HRbpEcxQ2c0CijM=;
        b=ZHVRRyesrQsg21jb4q6dawFo6NSM3Tb8BfE06JLX2jad4vny2/BXS5TNrnrgJ7/RuP
         Mbs+aXtnT9V/USaKbmOdkNpidfXNNJcJ2dlzz7drPiv0fmAz4UB+tnmGJSLJ4RoR3rrN
         Q5wHBsmsWN6TPHRPfYjQu5qC/6ITOktVcgGa760RmStWR17KmG7gLkhyVvWPAhv0xU1N
         Cfl7LtmW5bKJIubTFJhaTaF82wqTnY2WGGUdMf2ky9zOGruLQ5f2HYn7MyHhSgy5L5Ot
         aM5x1SJ5bQPBUy3j34ygSOGVR1cYp6kz9DKGce47r/L0dBuZ4mG6bTQMqOkDR9vYJ1H3
         D0VA==
X-Gm-Message-State: AOAM530S1zE4SLSawHEwaTa1N8PQGW5A4pivxcQcbJri3BkADSlNcNne
        4N4Gfu5iXdhP3rgNyyI67W36Q85SlQc=
X-Google-Smtp-Source: 
 ABdhPJxm2//srjy7kMPBVQPa/zmCoQDcG6T0mPFUWJHLFV484rbo8Ipc+XASSCCXoqfJ0cXZSse2mQ==
X-Received: by 2002:a50:fc10:: with SMTP id i16mr30357048edr.84.1639068579148;
        Thu, 09 Dec 2021 08:49:39 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.38
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:38 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 06/36] libsepol: use logging framework in conditional.c
Date: Thu,  9 Dec 2021 17:48:58 +0100
Message-Id: <20211209164928.87459-7-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Use the internal logging framework instead of directly writing to
stdout as it might be undesired to do so within a library.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   replace INFO calls by WARN since they are reasons of failure
---
 libsepol/src/conditional.c | 30 +++++++++++-------------------
 1 file changed, 11 insertions(+), 19 deletions(-)

diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
index 037dc7e2..1edac65d 100644
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@@ -25,6 +25,7 @@
 #include <sepol/policydb/conditional.h>
 
 #include "private.h"
+#include "debug.h"
 
 /* move all type rules to top of t/f lists to help kernel on evaluation */
 static void cond_optimize(cond_av_list_t ** l)
@@ -314,8 +315,7 @@ static int evaluate_cond_node(policydb_t * p, cond_node_t * node)
 	if (new_state != node->cur_state) {
 		node->cur_state = new_state;
 		if (new_state == -1)
-			printf
-			    ("expression result was undefined - disabling all rules.\n");
+			WARN(NULL, "expression result was undefined - disabling all rules.\n");
 		/* turn the rules on or off */
 		for (cur = node->true_list; cur != NULL; cur = cur->next) {
 			if (new_state <= 0) {
@@ -368,8 +368,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
 		if (ne) {
 			ne->next = NULL;
 		} else {	/* ne should never be NULL */
-			printf
-			    ("Found expr with no bools and only a ! - this should never happen.\n");
+			ERR(NULL, "Found expr with no bools and only a ! - this should never happen.\n");
 			return -1;
 		}
 		/* swap the true and false lists */
@@ -421,8 +420,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
 			}
 			k = cond_evaluate_expr(p, cn->expr);
 			if (k == -1) {
-				printf
-				    ("While testing expression, expression result "
+				ERR(NULL, "While testing expression, expression result "
 				     "was undefined - this should never happen.\n");
 				return -1;
 			}
@@ -635,8 +633,7 @@ static int cond_insertf(avtab_t * a
 	 */
 	if (k->specified & AVTAB_TYPE) {
 		if (avtab_search(&p->te_avtab, k)) {
-			printf
-			    ("security: type rule already exists outside of a conditional.");
+			WARN(NULL, "security: type rule already exists outside of a conditional.");
 			goto err;
 		}
 		/*
@@ -652,8 +649,7 @@ static int cond_insertf(avtab_t * a
 			if (node_ptr) {
 				if (avtab_search_node_next
 				    (node_ptr, k->specified)) {
-					printf
-					    ("security: too many conflicting type rules.");
+					ERR(NULL, "security: too many conflicting type rules.");
 					goto err;
 				}
 				found = 0;
@@ -664,15 +660,13 @@ static int cond_insertf(avtab_t * a
 					}
 				}
 				if (!found) {
-					printf
-					    ("security: conflicting type rules.\n");
+					ERR(NULL, "security: conflicting type rules.\n");
 					goto err;
 				}
 			}
 		} else {
 			if (avtab_search(&p->te_cond_avtab, k)) {
-				printf
-				    ("security: conflicting type rules when adding type rule for true.\n");
+				ERR(NULL, "security: conflicting type rules when adding type rule for true.\n");
 				goto err;
 			}
 		}
@@ -680,7 +674,7 @@ static int cond_insertf(avtab_t * a
 
 	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
 	if (!node_ptr) {
-		printf("security: could not insert rule.");
+		ERR(NULL, "security: could not insert rule.");
 		goto err;
 	}
 	node_ptr->parse_context = (void *)1;
@@ -742,14 +736,12 @@ static int cond_read_av_list(policydb_t * p, void *fp,
 static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
 {
 	if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
-		printf
-		    ("security: conditional expressions uses unknown operator.\n");
+		WARN(NULL, "security: conditional expressions uses unknown operator.\n");
 		return 0;
 	}
 
 	if (expr->bool > p->p_bools.nprim) {
-		printf
-		    ("security: conditional expressions uses unknown bool.\n");
+		WARN(NULL, "security: conditional expressions uses unknown bool.\n");
 		return 0;
 	}
 	return 1;

From patchwork Thu Dec  9 16:48:59 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667083
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E1D6CC4332F
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237297AbhLIQzH (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39926 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236044AbhLIQzH (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:07 -0500
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
 [IPv6:2a00:1450:4864:20::52d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 918E2C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:33 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id l25so21579740eda.11
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=SGoF1911AB4EV0Iv4ri18U1rOWqcokV6jCeV3aa52j4=;
        b=TYw6ZyLAg9ev/lXLKqfninUqlnmszcxR9h5y3Bde/Y3zZ5TIQHZeTMpf0RP18/8Oci
         5TERczKgFxAGMeBTQzVwH9ysyPtEmDfVpzB2eUuGpZYw8KTO6XW3Rzl/aXI+4K3Trbcy
         kp5W9iT1v/PU1+NnI3Xq6h6Nc30ijT4nt7jh6d/hVY1DyFE6msjhM7dDRBWHA4dJvFQ/
         uN2ZWPKt2+lUieLv8Z6ZiNu2Zk7BIxiyIm0hkmbhAsHnZnms1/7oqEflyZB4LfBDilOx
         Xw5LCwIVtwxfKBNDA1t5tGCNwayXr7Gqvg9Ui0tuZ30C8zGXAzoM6Bm9eXTxipo8/9hi
         T5PA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=SGoF1911AB4EV0Iv4ri18U1rOWqcokV6jCeV3aa52j4=;
        b=rgjP8Dbg9/FbCK1sV2Mn9t3SXsfdCENBA7sMIVrsmOJjYU9GNxEd7GgBmw7Bt/LzLq
         JYWVb+nd6D0HHkPY9VZSSP0Cru4SQ4H1ixVO2R618odF1S0K3vSf2y7ToVnLTBldiTbY
         mdtLFmQqPyQV/X+j1IZ9Rj2kA6OGBEOmCtTvaS/qFRoFWy4PLw1cY58ZXIqD71HTfXh7
         LUExhMsd8QilZfzb2uCT2vGHzA5b+MdRm/2oVAuPGW2mvOKbyDzboN52Fcp3LdoaH+10
         eZ2baIV8Adl88JJTjQuSQTp0Z561HUUL+9U4Wp2PX1C5145RQFfvNNLYe8IA6bgVv7ny
         8vnw==
X-Gm-Message-State: AOAM533LpqLjCWtAmk54hcV/6BZbu/oKJPgxZGPqURK4jBG6ywI+YutB
        HxaRAg8LmnsCUt8kvZtEC2h3cWq5+Io=
X-Google-Smtp-Source: 
 ABdhPJz03b/8gdcuTLpqKvwKx/vQJgEF2/dcHdhM1Mip3m7llAJmxyrwZO0b6HsmzV4D+99A6/xCeQ==
X-Received: by 2002:a05:6402:3596:: with SMTP id
 y22mr31057828edc.297.1639068579778;
        Thu, 09 Dec 2021 08:49:39 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.39
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:39 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 07/36] libsepol: use logging framework in ebitmap.c
Date: Thu,  9 Dec 2021 17:48:59 +0100
Message-Id: <20211209164928.87459-8-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Use the internal logging framework instead of directly writing to
stdout as it might be undesired to do so within a library.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/ebitmap.c | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c
index 1de3816a..fa728558 100644
--- a/libsepol/src/ebitmap.c
+++ b/libsepol/src/ebitmap.c
@@ -406,8 +406,7 @@ int ebitmap_read(ebitmap_t * e, void *fp)
 	count = le32_to_cpu(buf[2]);
 
 	if (mapsize != MAPSIZE) {
-		printf
-		    ("security: ebitmap: map size %d does not match my size %zu (high bit was %d)\n",
+		ERR(NULL, "security: ebitmap: map size %d does not match my size %zu (high bit was %d)\n",
 		     mapsize, MAPSIZE, e->highbit);
 		goto bad;
 	}
@@ -416,8 +415,7 @@ int ebitmap_read(ebitmap_t * e, void *fp)
 		goto ok;
 	}
 	if (e->highbit & (MAPSIZE - 1)) {
-		printf
-		    ("security: ebitmap: high bit (%d) is not a multiple of the map size (%zu)\n",
+		ERR(NULL, "security: ebitmap: high bit (%d) is not a multiple of the map size (%zu)\n",
 		     e->highbit, MAPSIZE);
 		goto bad;
 	}
@@ -429,12 +427,12 @@ int ebitmap_read(ebitmap_t * e, void *fp)
 	for (i = 0; i < count; i++) {
 		rc = next_entry(buf, fp, sizeof(uint32_t));
 		if (rc < 0) {
-			printf("security: ebitmap: truncated map\n");
+			ERR(NULL, "security: ebitmap: truncated map\n");
 			goto bad;
 		}
 		n = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t));
 		if (!n) {
-			printf("security: ebitmap: out of memory\n");
+			ERR(NULL, "security: ebitmap: out of memory\n");
 			rc = -ENOMEM;
 			goto bad;
 		}
@@ -443,34 +441,30 @@ int ebitmap_read(ebitmap_t * e, void *fp)
 		n->startbit = le32_to_cpu(buf[0]);
 
 		if (n->startbit & (MAPSIZE - 1)) {
-			printf
-			    ("security: ebitmap start bit (%d) is not a multiple of the map size (%zu)\n",
+			ERR(NULL, "security: ebitmap start bit (%d) is not a multiple of the map size (%zu)\n",
 			     n->startbit, MAPSIZE);
 			goto bad_free;
 		}
 		if (n->startbit > (e->highbit - MAPSIZE)) {
-			printf
-			    ("security: ebitmap start bit (%d) is beyond the end of the bitmap (%zu)\n",
+			ERR(NULL, "security: ebitmap start bit (%d) is beyond the end of the bitmap (%zu)\n",
 			     n->startbit, (e->highbit - MAPSIZE));
 			goto bad_free;
 		}
 		rc = next_entry(&map, fp, sizeof(uint64_t));
 		if (rc < 0) {
-			printf("security: ebitmap: truncated map\n");
+			ERR(NULL, "security: ebitmap: truncated map\n");
 			goto bad_free;
 		}
 		n->map = le64_to_cpu(map);
 
 		if (!n->map) {
-			printf
-			    ("security: ebitmap: null map in ebitmap (startbit %d)\n",
+			ERR(NULL, "security: ebitmap: null map in ebitmap (startbit %d)\n",
 			     n->startbit);
 			goto bad_free;
 		}
 		if (l) {
 			if (n->startbit <= l->startbit) {
-				printf
-				    ("security: ebitmap: start bit %d comes after start bit %d\n",
+				ERR(NULL, "security: ebitmap: start bit %d comes after start bit %d\n",
 				     n->startbit, l->startbit);
 				goto bad_free;
 			}
@@ -481,8 +475,7 @@ int ebitmap_read(ebitmap_t * e, void *fp)
 		l = n;
 	}
 	if (count && l->startbit + MAPSIZE != e->highbit) {
-		printf
-		    ("security: ebitmap: high bit %u has not the expected value %zu\n",
+		ERR(NULL, "security: ebitmap: high bit %u has not the expected value %zu\n",
 		     e->highbit, l->startbit + MAPSIZE);
 		goto bad;
 	}

From patchwork Thu Dec  9 16:49:00 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667091
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A0E9C4332F
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241336AbhLIQzP (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:15 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39966 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241341AbhLIQzO (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:14 -0500
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
 [IPv6:2a00:1450:4864:20::52d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9044FC0617A2
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:40 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id z5so21856810edd.3
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Tptt1XYnKK4VnC7WfrbyMGt/V5OsI4E5Jsd9LI6xliQ=;
        b=dhXx7wHbFY1X/8hDPZVcIsftWmB7lqmxejncUfL4Ddz7QyqG7zYbyAxbOPhnQX4r9Z
         wOuDDoYhe7VoIQhM1SfImcDt4WguMofRJIewBFCSDmWo8FlwBeI1OPi64uNyzFW0eobw
         eh15+aE6ciinWSmWInNqE1sDuhuatQKdZdpjpHuw8D/Nk/CUf8rEVn6iDKLnHP2BeUch
         8JHUF/n5pUStR34hRxNRhBnwUMMfLXXcXJuM+K/fPUtqOuYof2C3qnNb8fiHPiXArvD/
         9f9+2KKvXu/nkhtVbsKXe4rk8CwRUgc6hVl6nCjkIeGwfYebaCkrJSPcn5BUT/QEuif8
         d8eg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Tptt1XYnKK4VnC7WfrbyMGt/V5OsI4E5Jsd9LI6xliQ=;
        b=RijJdzQ5aB+2VcvzucHRmJp2Dhi1+vJojD236BcH4SB45ffjKUeM1IoAkMl7Ke7dUL
         +J8c0kkfZauXXk2ieLX6tTnTNCly08MJq2BRtwFUyB+h46t/ZcyMJEv/6tD0IgrPC3Am
         6jZgdYnED8F8nZv0A6IxyUt9jiqQjOcxwP1VU53OEFIbM9LI8ZctzheCHPZuz6F3f4GQ
         8X6jQ/CMYe9V7BtuvmGuq4czX7cxOnPMBwVq2JDXA4T6W2DUkHJoyn6BaqTLQqIvAFn9
         4JOR4BvS47FO2aFJjD6+tVBsvyMU3PD8wEGnLj9/uIUvCAA836qHtMSEJEN+j/zcw1P9
         rkew==
X-Gm-Message-State: AOAM530Bhdvuj0rR1BP+ouTZo/cIAy7jpEsSECvc5IIj4BQ94AVKyDM0
        hYGG9xpa9YRm95LFexsPl7/ub6KFIMw=
X-Google-Smtp-Source: 
 ABdhPJw197IQoh/Z7lapMAxcVDb+otHXjGUqn+D+pmPbxZtcVjVBqausmEXavzZhsZXXdxgWrVt9sw==
X-Received: by 2002:a50:8d47:: with SMTP id t7mr29598256edt.14.1639068580843;
        Thu, 09 Dec 2021 08:49:40 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.39
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:40 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 08/36] libsepol: use mallocarray wrapper to avoid overflows
Date: Thu,  9 Dec 2021 17:49:00 +0100
Message-Id: <20211209164928.87459-9-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Use a wrapper to guard `malloc(a * b)` type allocations, to detect
multiplication overflows, which result in too few memory being
allocated.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/conditional.c   | 2 +-
 libsepol/src/expand.c        | 4 ++--
 libsepol/src/hashtab.c       | 4 +++-
 libsepol/src/link.c          | 3 ++-
 libsepol/src/module.c        | 4 ++--
 libsepol/src/module_to_cil.c | 4 ++--
 libsepol/src/optimize.c      | 6 ++++--
 libsepol/src/policydb.c      | 6 +++---
 libsepol/src/private.h       | 9 +++++++++
 libsepol/src/services.c      | 6 +++---
 libsepol/src/sidtab.c        | 3 ++-
 libsepol/src/user_record.c   | 3 ++-
 libsepol/src/write.c         | 2 +-
 13 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
index 1edac65d..cc3f4d82 100644
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@@ -522,7 +522,7 @@ int cond_init_bool_indexes(policydb_t * p)
 	if (p->bool_val_to_struct)
 		free(p->bool_val_to_struct);
 	p->bool_val_to_struct = (cond_bool_datum_t **)
-	    malloc(p->p_bools.nprim * sizeof(cond_bool_datum_t *));
+	    mallocarray(p->p_bools.nprim, sizeof(cond_bool_datum_t *));
 	if (!p->bool_val_to_struct)
 		return -1;
 	return 0;
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index a6a466f7..8a7259a0 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -3146,9 +3146,9 @@ int expand_module(sepol_handle_t * handle,
 		goto cleanup;
 
 	/* Build the type<->attribute maps and remove attributes. */
-	state.out->attr_type_map = malloc(state.out->p_types.nprim *
+	state.out->attr_type_map = mallocarray(state.out->p_types.nprim,
 					  sizeof(ebitmap_t));
-	state.out->type_attr_map = malloc(state.out->p_types.nprim *
+	state.out->type_attr_map = mallocarray(state.out->p_types.nprim,
 					  sizeof(ebitmap_t));
 	if (!state.out->attr_type_map || !state.out->type_attr_map) {
 		ERR(handle, "Out of memory!");
diff --git a/libsepol/src/hashtab.c b/libsepol/src/hashtab.c
index 21143b76..2eb35212 100644
--- a/libsepol/src/hashtab.c
+++ b/libsepol/src/hashtab.c
@@ -32,6 +32,8 @@
 #include <string.h>
 #include <sepol/policydb/hashtab.h>
 
+#include "private.h"
+
 hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
 						     const_hashtab_key_t key),
 			 int (*keycmp) (hashtab_t h,
@@ -52,7 +54,7 @@ hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
 	p->nel = 0;
 	p->hash_value = hash_value;
 	p->keycmp = keycmp;
-	p->htable = (hashtab_ptr_t *) malloc(sizeof(hashtab_ptr_t) * size);
+	p->htable = (hashtab_ptr_t *) mallocarray(size, sizeof(hashtab_ptr_t));
 	if (p->htable == NULL) {
 		free(p);
 		return NULL;
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
index b14240d5..dfcb0673 100644
--- a/libsepol/src/link.c
+++ b/libsepol/src/link.c
@@ -34,6 +34,7 @@
 #include <assert.h>
 
 #include "debug.h"
+#include "private.h"
 
 #undef min
 #define min(a,b) (((a) < (b)) ? (a) : (b))
@@ -1680,7 +1681,7 @@ static int copy_scope_index(scope_index_t * src, scope_index_t * dest,
 	}
 
 	/* next copy the enabled permissions data  */
-	if ((dest->class_perms_map = malloc(largest_mapped_class_value *
+	if ((dest->class_perms_map = mallocarray(largest_mapped_class_value,
 					    sizeof(*dest->class_perms_map))) ==
 	    NULL) {
 		goto cleanup;
diff --git a/libsepol/src/module.c b/libsepol/src/module.c
index b718751e..d93d08a2 100644
--- a/libsepol/src/module.c
+++ b/libsepol/src/module.c
@@ -409,14 +409,14 @@ static int module_package_read_offsets(sepol_module_package_t * mod,
 		goto err;
 	}
 
-	off = (size_t *) malloc((nsec + 1) * sizeof(size_t));
+	off = (size_t *) mallocarray(nsec + 1, sizeof(size_t));
 	if (!off) {
 		ERR(file->handle, "out of memory");
 		goto err;
 	}
 
 	free(buf);
-	buf = malloc(sizeof(uint32_t) * nsec);
+	buf = mallocarray(nsec, sizeof(uint32_t));
 	if (!buf) {
 		ERR(file->handle, "out of memory");
 		goto err;
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index b231d7f8..33a11a15 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -430,7 +430,7 @@ static int stack_init(struct stack **stack)
 		goto exit;
 	}
 
-	s->stack = malloc(sizeof(*s->stack) * STACK_SIZE);
+	s->stack = mallocarray(STACK_SIZE, sizeof(*s->stack));
 	if (s->stack == NULL) {
 		goto exit;
 	}
@@ -1008,7 +1008,7 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n
 		goto exit;
 	}
 
-	name_arr = malloc(sizeof(*name_arr) * num);
+	name_arr = mallocarray(num, sizeof(*name_arr));
 	if (name_arr == NULL) {
 		log_err("Out of memory");
 		rc = -1;
diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c
index 6826155c..f8298fb7 100644
--- a/libsepol/src/optimize.c
+++ b/libsepol/src/optimize.c
@@ -31,6 +31,8 @@
 #include <sepol/policydb/policydb.h>
 #include <sepol/policydb/conditional.h>
 
+#include "private.h"
+
 #define TYPE_VEC_INIT_SIZE 16
 
 struct type_vec {
@@ -42,7 +44,7 @@ static int type_vec_init(struct type_vec *v)
 {
 	v->capacity = TYPE_VEC_INIT_SIZE;
 	v->count = 0;
-	v->types = malloc(v->capacity * sizeof(*v->types));
+	v->types = mallocarray(v->capacity, sizeof(*v->types));
 	if (!v->types)
 		return -1;
 	return 0;
@@ -93,7 +95,7 @@ static struct type_vec *build_type_map(const policydb_t *p)
 {
 	unsigned int i, k;
 	ebitmap_node_t *n;
-	struct type_vec *map = malloc(p->p_types.nprim * sizeof(*map));
+	struct type_vec *map = mallocarray(p->p_types.nprim, sizeof(*map));
 	if (!map)
 		return NULL;
 
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 587ba64a..dcea1807 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -4111,7 +4111,7 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
 		goto cleanup;
 	}
 	if ((scope->decl_ids =
-	     malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
+	     mallocarray(scope->decl_ids_len, sizeof(uint32_t))) == NULL) {
 		goto cleanup;
 	}
 	rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len);
@@ -4500,8 +4500,8 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
 	}
 
 	if (policy_type == POLICY_KERN) {
-		p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
-		p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
+		p->type_attr_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t));
+		p->attr_type_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t));
 		if (!p->type_attr_map || !p->attr_type_map)
 			goto bad;
 		for (i = 0; i < p->p_types.nprim; i++) {
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
index 6146f59f..d3d65a57 100644
--- a/libsepol/src/private.h
+++ b/libsepol/src/private.h
@@ -83,3 +83,12 @@ extern int next_entry(void *buf, struct policy_file *fp, size_t bytes);
 extern size_t put_entry(const void *ptr, size_t size, size_t n,
 		        struct policy_file *fp);
 extern int str_read(char **strp, struct policy_file *fp, size_t len);
+
+static inline void* mallocarray(size_t nmemb, size_t size) {
+	if (size && nmemb > (size_t)-1 / size) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	return malloc(nmemb * size);
+}
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 3407058f..edcdde21 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -712,7 +712,7 @@ mls_ops:
 	 * Generate the same number of answer buffer entries as expression
 	 * buffers (as there will never be more).
 	 */
-	answer_list = malloc(expr_count * sizeof(*answer_list));
+	answer_list = mallocarray(expr_count, sizeof(*answer_list));
 	if (!answer_list) {
 		ERR(NULL, "failed to allocate answer stack");
 		rc = -ENOMEM;
@@ -2163,7 +2163,7 @@ int sepol_get_user_sids(sepol_security_id_t fromsid,
 	}
 	usercon.user = user->s.value;
 
-	mysids = malloc(maxnel * sizeof(sepol_security_id_t));
+	mysids = mallocarray(maxnel, sizeof(sepol_security_id_t));
 	if (!mysids) {
 		rc = -ENOMEM;
 		goto out;
@@ -2199,7 +2199,7 @@ int sepol_get_user_sids(sepol_security_id_t fromsid,
 			} else {
 				maxnel += SIDS_NEL;
 				mysids2 =
-				    malloc(maxnel *
+				    mallocarray(maxnel,
 					   sizeof(sepol_security_id_t));
 
 				if (!mysids2) {
diff --git a/libsepol/src/sidtab.c b/libsepol/src/sidtab.c
index 255e0725..adeae6eb 100644
--- a/libsepol/src/sidtab.c
+++ b/libsepol/src/sidtab.c
@@ -15,6 +15,7 @@
 #include <sepol/policydb/sidtab.h>
 
 #include "flask.h"
+#include "private.h"
 
 #define SIDTAB_HASH(sid) \
 (sid & SIDTAB_HASH_MASK)
@@ -27,7 +28,7 @@ int sepol_sidtab_init(sidtab_t * s)
 {
 	int i;
 
-	s->htable = malloc(sizeof(sidtab_ptr_t) * SIDTAB_SIZE);
+	s->htable = mallocarray(SIDTAB_SIZE, sizeof(sidtab_ptr_t));
 	if (!s->htable)
 		return -ENOMEM;
 	for (i = 0; i < SIDTAB_SIZE; i++)
diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c
index ac520060..c1356a6b 100644
--- a/libsepol/src/user_record.c
+++ b/libsepol/src/user_record.c
@@ -4,6 +4,7 @@
 
 #include "user_internal.h"
 #include "debug.h"
+#include "private.h"
 
 struct sepol_user {
 	/* This user's name */
@@ -265,7 +266,7 @@ int sepol_user_get_roles(sepol_handle_t * handle,
 
 	unsigned int i;
 	const char **tmp_roles =
-	    (const char **)malloc(sizeof(char *) * user->num_roles);
+	    (const char **)mallocarray(user->num_roles, sizeof(char *));
 	if (!tmp_roles)
 		goto omem;
 
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index 3bd034d6..9df5b0bd 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -2117,7 +2117,7 @@ static int scope_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
 		 * buffer.  this would have been easier with C99's
 		 * dynamic arrays... */
 		rc = POLICYDB_ERROR;
-		dyn_buf = malloc(items * sizeof(*dyn_buf));
+		dyn_buf = mallocarray(items, sizeof(*dyn_buf));
 		if (!dyn_buf)
 			goto err;
 		buf = dyn_buf;

From patchwork Thu Dec  9 16:49:01 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667073
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EA557C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:20 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234323AbhLIQyx (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:54:53 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39848 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231635AbhLIQyx (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:54:53 -0500
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com
 [IPv6:2a00:1450:4864:20::532])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0800C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:19 -0800 (PST)
Received: by mail-ed1-x532.google.com with SMTP id x15so21953475edv.1
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=eNwA3EUJFE+m3irceKXjnopYjD8/reD5rPigCO8qSjA=;
        b=pFxXXbBz14u5Ou0Gtq97LDORZDocIcnUhWKZFjZ/12iqDfTJMMzlfumOfiQWp3diES
         P3jsg2Qmib+2IhrEiYmbh8hdc+pYHMICVCF8JLeU0ue1wBGLkrhefYaISyNQi92Ihxgq
         QBazmzPozbG7kDtVvUkX4FLrLNigbn7geRSz6SmH/A/ymncbvBwtHodPskcpKChnradg
         Q5RuTbdzTuxdELthEw+sz0N+9AvIGrG9PnNhEcHHtW47mIC9ZZ204JhQQhCXCw6z1MDa
         j3KA80oAYmvUuS7bth7DNOKK1gSxeuyn4/D65oZdvBKt/BFvVutFgsAiWlKAhPDiJuh4
         l3kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=eNwA3EUJFE+m3irceKXjnopYjD8/reD5rPigCO8qSjA=;
        b=AgtkyCMli7nqmluOLDadSAAtC+m4Z4ucWn4GUq3mFCJyt9jCVgOZObPBhHtwDWbydr
         PISwcqHuMYX3bhL63bA69goSIAwMyZMCQHwzfKV1bWigf0QCE9dm65orxVxHNF95Rql6
         5zA10sGvYoS90pSdWTl0ehcIVFtvDf5DBQT+FghoDMGep5aaFpaHwZSeuTZideC4SHn0
         bD6JNEZEeoLysBWaQ1/2qeh9DTZuJ3nvkileuRsOL8E8zdkhBsFk0Ffir0hGOauTFeYf
         mhw7MtXF1Hr1M0WWaY3L6xJES3OuBNUb+OfCzSplUH0Ai53n3a5M0v2nfyW+AG7HPixp
         zJWQ==
X-Gm-Message-State: AOAM533zbhthMcQ+UK4ai9z40iKnoB8UpUC8YbtAFIrTyrz00r+FwIkx
        e2FqX795BOb32vzv9pX64+JySY8hxW8=
X-Google-Smtp-Source: 
 ABdhPJwqJJUzwiLS21bsCmdtWn0V0Q2usXxGUQLnP1FI3bPW4MaZG4lJSTPfB67BGRyPmE17AHjXMQ==
X-Received: by 2002:a17:906:dbef:: with SMTP id
 yd15mr16555338ejb.354.1639068581564;
        Thu, 09 Dec 2021 08:49:41 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.40
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:41 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 09/36] libsepol: use reallocarray wrapper to avoid
 overflows
Date: Thu,  9 Dec 2021 17:49:01 +0100
Message-Id: <20211209164928.87459-10-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Use a wrapper to guard `realloc(p, a * b)` type allocations, to detect
multiplication overflows, which result in too few memory being
allocated.

Use a custom implementation if the used C library does not offer one.

Also use temporary variables for realloc(3) results in add_i_to_a() and
fp_to_buffer().

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/Makefile           |  6 ++++++
 libsepol/src/kernel_to_common.c |  4 ++--
 libsepol/src/module_to_cil.c    |  9 +++++----
 libsepol/src/optimize.c         |  5 +++--
 libsepol/src/private.h          | 11 +++++++++++
 libsepol/src/services.c         |  6 +++---
 libsepol/src/user_record.c      |  5 +++--
 libsepol/src/users.c            | 12 ++++++------
 libsepol/src/util.c             | 11 +++++++----
 9 files changed, 46 insertions(+), 23 deletions(-)

diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index dc8b1773..13410c67 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -29,6 +29,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(sort $(wildcard $(CILDIR)/src/*.c)) $(CIL_
 override CFLAGS += -I$(CILDIR)/include
 endif
 
+# check for reallocarray(3) availability
+H := \#
+ifeq (yes,$(shell printf '${H}define _GNU_SOURCE\n${H}include <stdlib.h>\nint main(void){void*p=reallocarray(NULL, 1, sizeof(char));return 0;}' | $(CC) -x c -o /dev/null - >/dev/null 2>&1 && echo yes))
+override CFLAGS += -DHAVE_REALLOCARRAY
+endif
+
 LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=$(LIBMAP),-z,defs
 
 LN=ln
diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
index a7453d3c..51df8c25 100644
--- a/libsepol/src/kernel_to_common.c
+++ b/libsepol/src/kernel_to_common.c
@@ -161,7 +161,7 @@ int strs_add(struct strs *strs, char *s)
 		char **new;
 		unsigned i = strs->size;
 		strs->size *= 2;
-		new = realloc(strs->list, sizeof(char *)*strs->size);
+		new = reallocarray(strs->list, strs->size, sizeof(char *));
 		if (!new) {
 			sepol_log_err("Out of memory");
 			return -1;
@@ -220,7 +220,7 @@ int strs_add_at_index(struct strs *strs, char *s, unsigned index)
 		while (index >= strs->size) {
 			strs->size *= 2;
 		}
-		new = realloc(strs->list, sizeof(char *)*strs->size);
+		new = reallocarray(strs->list, strs->size, sizeof(char *));
 		if (!new) {
 			sepol_log_err("Out of memory");
 			return -1;
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 33a11a15..5f762aba 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -453,7 +453,7 @@ static int stack_push(struct stack *stack, void *ptr)
 	void *new_stack;
 
 	if (stack->pos + 1 == stack->size) {
-		new_stack = realloc(stack->stack, sizeof(*stack->stack) * (stack->size * 2));
+		new_stack = reallocarray(stack->stack, stack->size * 2, sizeof(*stack->stack));
 		if (new_stack == NULL) {
 			goto exit;
 		}
@@ -4117,7 +4117,7 @@ exit:
 static int fp_to_buffer(FILE *fp, char **data, size_t *data_len)
 {
 	int rc = -1;
-	char *d = NULL;
+	char *d = NULL, *d_tmp;
 	size_t d_len = 0;
 	size_t read_len = 0;
 	size_t max_len = 1 << 17; // start at 128KB, this is enough to hold about half of all the existing pp files
@@ -4133,12 +4133,13 @@ static int fp_to_buffer(FILE *fp, char **data, size_t *data_len)
 		d_len += read_len;
 		if (d_len == max_len) {
 			max_len *= 2;
-			d = realloc(d, max_len);
-			if (d == NULL) {
+			d_tmp = realloc(d, max_len);
+			if (d_tmp == NULL) {
 				log_err("Out of memory");
 				rc = -1;
 				goto exit;
 			}
+			d = d_tmp;
 		}
 	}
 
diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c
index f8298fb7..8a048702 100644
--- a/libsepol/src/optimize.c
+++ b/libsepol/src/optimize.c
@@ -59,8 +59,9 @@ static int type_vec_append(struct type_vec *v, uint32_t type)
 {
 	if (v->capacity == v->count) {
 		unsigned int new_capacity = v->capacity * 2;
-		uint32_t *new_types = realloc(v->types,
-					      new_capacity * sizeof(*v->types));
+		uint32_t *new_types = reallocarray(v->types,
+						   new_capacity,
+						   sizeof(*v->types));
 		if (!new_types)
 			return -1;
 
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
index d3d65a57..a8cc1472 100644
--- a/libsepol/src/private.h
+++ b/libsepol/src/private.h
@@ -92,3 +92,14 @@ static inline void* mallocarray(size_t nmemb, size_t size) {
 
 	return malloc(nmemb * size);
 }
+
+#ifndef HAVE_REALLOCARRAY
+static inline void* reallocarray(void *ptr, size_t nmemb, size_t size) {
+	if (size && nmemb > (size_t)-1 / size) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	return realloc(ptr, nmemb * size);
+}
+#endif
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index edcdde21..0f36ac53 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -94,7 +94,7 @@ static void push(char *expr_ptr)
 		else
 			new_stack_len = stack_len * 2;
 
-		new_stack = realloc(stack, new_stack_len * sizeof(*stack));
+		new_stack = reallocarray(stack, new_stack_len, sizeof(*stack));
 		if (!new_stack) {
 			ERR(NULL, "unable to allocate stack space");
 			return;
@@ -449,8 +449,8 @@ static int constraint_expr_eval_reason(context_struct_t *scontext,
 			else
 				new_expr_list_len = expr_list_len * 2;
 
-			new_expr_list = realloc(expr_list,
-					new_expr_list_len * sizeof(*expr_list));
+			new_expr_list = reallocarray(expr_list,
+					new_expr_list_len, sizeof(*expr_list));
 			if (!new_expr_list) {
 				ERR(NULL, "failed to allocate expr buffer stack");
 				rc = -ENOMEM;
diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c
index c1356a6b..404fa3a8 100644
--- a/libsepol/src/user_record.c
+++ b/libsepol/src/user_record.c
@@ -183,8 +183,9 @@ int sepol_user_add_role(sepol_handle_t * handle,
 	if (!role_cp)
 		goto omem;
 
-	roles_realloc = realloc(user->roles,
-				sizeof(char *) * (user->num_roles + 1));
+	roles_realloc = reallocarray(user->roles,
+				     user->num_roles + 1,
+				     sizeof(char *));
 	if (!roles_realloc)
 		goto omem;
 
diff --git a/libsepol/src/users.c b/libsepol/src/users.c
index b895b7f5..a7406214 100644
--- a/libsepol/src/users.c
+++ b/libsepol/src/users.c
@@ -226,17 +226,17 @@ int sepol_user_modify(sepol_handle_t * handle,
 		void *tmp_ptr;
 
 		/* Ensure reverse lookup array has enough space */
-		tmp_ptr = realloc(policydb->user_val_to_struct,
-				  (policydb->p_users.nprim +
-				   1) * sizeof(user_datum_t *));
+		tmp_ptr = reallocarray(policydb->user_val_to_struct,
+				  policydb->p_users.nprim + 1,
+				  sizeof(user_datum_t *));
 		if (!tmp_ptr)
 			goto omem;
 		policydb->user_val_to_struct = tmp_ptr;
 		policydb->user_val_to_struct[policydb->p_users.nprim] = NULL;
 
-		tmp_ptr = realloc(policydb->sym_val_to_name[SYM_USERS],
-				  (policydb->p_users.nprim +
-				   1) * sizeof(char *));
+		tmp_ptr = reallocarray(policydb->sym_val_to_name[SYM_USERS],
+				  policydb->p_users.nprim + 1,
+				  sizeof(char *));
 		if (!tmp_ptr)
 			goto omem;
 		policydb->sym_val_to_name[SYM_USERS] = tmp_ptr;
diff --git a/libsepol/src/util.c b/libsepol/src/util.c
index 902c63c5..b7230564 100644
--- a/libsepol/src/util.c
+++ b/libsepol/src/util.c
@@ -40,6 +40,8 @@ struct val_to_name {
  * 0).  Return 0 on success, -1 on out of memory. */
 int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a)
 {
+	uint32_t *new;
+
 	if (cnt == NULL || a == NULL)
 		return -1;
 
@@ -48,17 +50,18 @@ int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a)
 	 * than be smart about it, for now we realloc() the array each
 	 * time a new uint32_t is added! */
 	if (*a != NULL)
-		*a = (uint32_t *) realloc(*a, (*cnt + 1) * sizeof(uint32_t));
+		new = (uint32_t *) reallocarray(*a, *cnt + 1, sizeof(uint32_t));
 	else {			/* empty list */
 
 		*cnt = 0;
-		*a = (uint32_t *) malloc(sizeof(uint32_t));
+		new = (uint32_t *) malloc(sizeof(uint32_t));
 	}
-	if (*a == NULL) {
+	if (new == NULL) {
 		return -1;
 	}
-	(*a)[*cnt] = i;
+	new[*cnt] = i;
 	(*cnt)++;
+	*a = new;
 	return 0;
 }
 

From patchwork Thu Dec  9 16:49:02 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667075
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7583AC433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:21 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237987AbhLIQyy (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:54:54 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39850 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231635AbhLIQyy (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:54:54 -0500
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com
 [IPv6:2a00:1450:4864:20::529])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60CA4C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:20 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id x15so21953588edv.1
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Dt1Evq91akr68arcCNxx+ZiMHVKLkU4ZfPXM5NAeNBM=;
        b=NEtx3PH7cV0Ft1Gru0MqNjzszFxu8JxnuQo9XhOr/QSyYXUzlbEIE75KIg7klP7vOm
         uL1OIDc25n78xcQEsldwTpJlWcA0jp1XF8Xqb1pFvo5ZKXo+nv429E81Tiu1VHYvwUWa
         7tgx72EEaju+oV90/SjrTsPsebnfe6zdhJeRZ5j5n9CXz8e0CKbZRr8irwky2XMt0Baj
         nZ6LtSrT7rid8B22ldRFHFLyh/NmMW9dWQG7Kt2QQkaF8Yd5RBKZIFzGMYO2oO9RnvZZ
         oCyTnYsf34Re/CyCaqg0a+k7mnf4HboednqYWQbKdOQO97P3clkP6qzZSCg8MLjiyYoY
         GZwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Dt1Evq91akr68arcCNxx+ZiMHVKLkU4ZfPXM5NAeNBM=;
        b=rJItTTlDtQDVtfLorYzeouAAH0URsNtVeTk+C/yIdzHe/0WxRBH0Rn+IfSgOWVllrD
         Rv+fh0XzbFLgG3OmxrpQXtaHR/HlWhHWwEWHhEJIbmx3nmUQNyiSauEMQiYQLWBE5/8Z
         xBvXbmfvDk+e/13xIzr+0kbTULwhnXwMYo6XoVCldAJalitclLp6CHSw1sl2Ker9MuKH
         QvnGG7eLNDcgwvR/mV/1GjYgCNsHYallze/1URsi9oxYv4UM80DUhiY/I15Qj88pS7x/
         5BqI35qJGVfdaEnhJ9WlTQywIGs9rJ0GV0BTSlUlOYQviTC+d/kw8vOjwI2EV6ZeSgCA
         Ja/g==
X-Gm-Message-State: AOAM530ou2TmnIgXlQY7YNMxS5iHC2dMbqOcEM6A0xAKjSsD4Oy02v9h
        A6L3qtdLEdJJy6XKu5gJBFy39R0vZJc=
X-Google-Smtp-Source: 
 ABdhPJwm0B1Nm2pat1VacWgc0qH7O5YCmjh3+BCkkfdL/dJ2Ss3cneLkgLhEDrO2mwkHb4iqOXg+QQ==
X-Received: by 2002:a50:a6ca:: with SMTP id f10mr30157998edc.81.1639068582216;
        Thu, 09 Dec 2021 08:49:42 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.41
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:41 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 10/36] libsepol: add checks for read sizes
Date: Thu,  9 Dec 2021 17:49:02 +0100
Message-Id: <20211209164928.87459-11-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Add checks for invalid read sizes from a binary policy to guard
allocations.

The common and class permission counts needs to be limited more strict
otherwise a too high count of common or class permissions can lead to
permission values with a too high value, which can lead to overflows
in shift operations.

In the fuzzer build the value will also be bounded to avoid oom reports.

    ==29857== ERROR: libFuzzer: out-of-memory (malloc(17179868160))
       To change the out-of-memory limit use -rss_limit_mb=<N>

        #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61)
        #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o
        #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o
        #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o
        #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557)
        #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7)
        #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143)
        #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb)
        #8 0x580b5d in mallocarray ./libsepol/src/./private.h:93:9
        #9 0x57c2ed in scope_read ./libsepol/src/policydb.c:4120:7
        #10 0x576b0d in policydb_read ./libsepol/src/policydb.c:4462:9
        #11 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6
        #12 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #13 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #14 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #15 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #16 0x7ffad6e107ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #17 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

    ==19462== ERROR: libFuzzer: out-of-memory (malloc(18253611008))
       To change the out-of-memory limit use -rss_limit_mb=<N>

        #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61)
        #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o
        #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o
        #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o
        #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557)
        #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7)
        #6 0x4aa999 in __asan::asan_calloc(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa999)
        #7 0x525b63 in __interceptor_calloc (./out/binpolicy-fuzzer+0x525b63)
        #8 0x570938 in policydb_index_others ./libsepol/src/policydb.c:1245:6
        #9 0x5771f3 in policydb_read ./src/policydb.c:4481:6
        #10 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6
        #11 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #12 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #13 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #14 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #15 0x7f4d933157ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #16 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v3:
   - use PERM_SYMTAB_SIZE instead of bare 32 as limit
---
 libsepol/src/policydb.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index dcea1807..0b2edf51 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2103,6 +2103,8 @@ static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
 	if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE))
 		goto bad;
 	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
+	if (comdatum->permissions.nprim > PERM_SYMTAB_SIZE)
+		goto bad;
 	nel = le32_to_cpu(buf[3]);
 
 	key = malloc(len + 1);
@@ -2251,6 +2253,8 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp)
 	if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE))
 		goto bad;
 	cladatum->permissions.nprim = le32_to_cpu(buf[3]);
+	if (cladatum->permissions.nprim > PERM_SYMTAB_SIZE)
+		goto bad;
 	nel = le32_to_cpu(buf[4]);
 
 	ncons = le32_to_cpu(buf[5]);
@@ -3980,6 +3984,8 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
 		if (rc < 0) 
 			return -1;
 		nprim = le32_to_cpu(buf[0]);
+		if (is_saturated(nprim))
+			return -1;
 		nel = le32_to_cpu(buf[1]);
 		for (j = 0; j < nel; j++) {
 			if (read_f[i] (p, decl->symtab[i].table, fp)) {
@@ -4106,7 +4112,7 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
 		goto cleanup;
 	scope->scope = le32_to_cpu(buf[0]);
 	scope->decl_ids_len = le32_to_cpu(buf[1]);
-	if (scope->decl_ids_len == 0) {
+	if (zero_or_saturated(scope->decl_ids_len)) {
 		ERR(fp->handle, "invalid scope with no declaration");
 		goto cleanup;
 	}
@@ -4396,6 +4402,8 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
 		if (rc < 0)
 			goto bad;
 		nprim = le32_to_cpu(buf[0]);
+		if (is_saturated(nprim))
+			goto bad;
 		nel = le32_to_cpu(buf[1]);
 		if (nel && !nprim) {
 			ERR(fp->handle, "unexpected items in symbol table with no symbol");

From patchwork Thu Dec  9 16:49:03 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667123
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9903FC433FE
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:29 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241014AbhLIQ4C (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:02 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40200 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241361AbhLIQz6 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:58 -0500
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com
 [IPv6:2a00:1450:4864:20::535])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42E65C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:24 -0800 (PST)
Received: by mail-ed1-x535.google.com with SMTP id r25so21071582edq.7
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=Kmz/hM8L/FCDEwk+gpm5Na9cTojqkPoX7csANTjH09A=;
        b=IYJuYW/ieR+cxjHoVc1NlXS4G4Nq9zj4qmJFyFF1z/+rHFtbhFZvpOry76pEnM9W4i
         w3EMao39sWk6tbhpw8gITLM2X+osyvk6Vx7BHkbcT6O9cUDQ/Iv7YC0PZbUMQN253Qv5
         vRLKRbHyBZn26vbTwefvjwPwNYyexpw+Es0ad2zBcDc6YP8iyWUJJaHzLcZdBAZtvrzy
         2i3HqNxerU75fgb+kyW91VnM23NOIUt4vYlVHodj7okiuTwbt+xpOL3jF4mPb0MAKjHL
         d5gpll+z5A7yBX3tJb2KvE4t+Vf0cMpSi2+bPUGU5y0y9xE774UMaYL6XhUsdIS2E8Yl
         4kog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Kmz/hM8L/FCDEwk+gpm5Na9cTojqkPoX7csANTjH09A=;
        b=J5jcYO5Yh7wAxpYesB/okGAP+Q4zL3vG0PdQNuZYZuceCBCfqHKF9iXg8a4qS+R2eF
         0csVVU8v7Sb1AcXVDWit8zEXalXWmRlnmLE6OEQeCdFDI2KIHfqfIM7vJOw0evv5odkp
         hHyMidO5K96uVzAGAUmdNz34ijdmG+3sW6ICDYZQuCFgfpAyyLTWCPsTkQvlpiYv0bJP
         hVdLib36UDZBrdJpRb+S4+4bc3J6PRYxyWYeeWftr7kpmT9+uNIcEhEL7Gvf3wrM+zQ4
         i5Zk4a25ilO5zymGo1e1BtOSBlowCNSYV56OHeeDHKkzVfmi+xyqi+QmAhOrQ1FEIxjZ
         hc6A==
X-Gm-Message-State: AOAM531xxg+I7JE/ACmP6KdhqtbXb184ZmYV7g9vwGlLDvWkrNXDqZwI
        g/5MXc6n7u1QufAt0YvLhPBAMqFhSeg=
X-Google-Smtp-Source: 
 ABdhPJxSt6kuNuIZC1EQWHMkWkoSwv2+iuJdRFztzCaaT663Yb4RuWVG0A81qqu/jRCEj01EtQU5ww==
X-Received: by 2002:a05:6402:27cf:: with SMTP id
 c15mr26153053ede.128.1639068582779;
        Thu, 09 Dec 2021 08:49:42 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.42
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:42 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 11/36] libsepol: enforce avtab item limit
Date: Thu,  9 Dec 2021 17:49:03 +0100
Message-Id: <20211209164928.87459-12-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check the current item count does not exceed the maximum allowed to
avoid stack overflows.

    ==33660==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fa64b8fc070 at pc 0x0000005acba0 bp 0x7ffc1f0b2870 sp 0x7ffc1f0b2868
    READ of size 4 at 0x7fa64b8fc070 thread T0
        #0 0x5acb9f in avtab_read_item ./libsepol/src/avtab.c:507:18
        #1 0x5acec4 in avtab_read ./libsepol/src/avtab.c:611:8
        #2 0x576ae3 in policydb_read ./libsepol/src/policydb.c:4433:7
        #3 0x55a1fe in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6
        #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #8 0x7fa64cc867ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

    Address 0x7fa64b8fc070 is located in stack of thread T0 at offset 112 in frame
        #0 0x5aabdf in avtab_read_item ./libsepol/src/avtab.c:437

      This frame has 6 object(s):
        [32, 33) 'buf8' (line 438)
        [48, 56) 'buf16' (line 439)
        [80, 112) 'buf32' (line 440) <== Memory access at offset 112 overflows this variable
        [144, 152) 'key' (line 441)
        [176, 192) 'datum' (line 442)
        [208, 244) 'xperms' (line 443)
    HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
          (longjmp and C++ exceptions *are* supported)
    SUMMARY: AddressSanitizer: stack-buffer-overflow ./libsepol/src/avtab.c:507:18 in avtab_read_item
    Shadow bytes around the buggy address:
      0x0ff5497177b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0ff5497177c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0ff5497177d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0ff5497177e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0ff5497177f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    =>0x0ff549717800: f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 00 00[f2]f2
      0x0ff549717810: f2 f2 00 f2 f2 f2 00 00 f2 f2 00 00 00 00 04 f3
      0x0ff549717820: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
      0x0ff549717830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0ff549717840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      0x0ff549717850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
    ==33660==ABORTING

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v3:
   take zero based numbering of variable items into account
---
 libsepol/src/avtab.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
index 46e1e75d..e9b17664 100644
--- a/libsepol/src/avtab.c
+++ b/libsepol/src/avtab.c
@@ -503,6 +503,12 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
 
 		for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
 			if (val & spec_order[i]) {
+				if (items >= items2) {
+					ERR(fp->handle,
+					    "entry has too many items (%d/%d)",
+					    items + /* zero based numbered */ 1, items2);
+					return -1;
+				}
 				key.specified = spec_order[i] | enabled;
 				datum.data = le32_to_cpu(buf32[items++]);
 				rc = insertf(a, &key, &datum, p);

From patchwork Thu Dec  9 16:49:04 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667089
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0F367C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241335AbhLIQzO (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:14 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39964 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241336AbhLIQzO (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:14 -0500
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com
 [IPv6:2a00:1450:4864:20::529])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C27EC061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:40 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id v1so21770526edx.2
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=zdWRNyLai4spI46glBVLPT/JuMrRSd2gud4gD7rflgY=;
        b=ogOagTvkfVIvcFE7n41CrG+Xl8d0sMpfn2jHjGaEQEzHHB3goLcifXxeXJG4J7B+Jn
         JcBQ4iPpyq/HdnhPQAp3cYaNcnWXD3sRTxVHYPyTBGHFnsayTBSMnpxleEzAjkwMQCuD
         u9f4ntU9zxw/iMzi1Xwvng9s8xwzmHu+rygJfWNveoKsg5w3sw3lpGuI7wJFuTRzNT8o
         XHfnY9/AP8EwXJR6uRvhsyGoMI81rquaNwsn8sqdhuoEFiWSh3S0rUIec1eSwDdb7VDb
         KHCi5oy3bI2bsLPVsFZMuWxWziHdjtV3rjboyyOwv6/6zdzK8YGAWwNJBJwsJ0LclsTk
         /Szw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=zdWRNyLai4spI46glBVLPT/JuMrRSd2gud4gD7rflgY=;
        b=Cw4ZKMCTEG9GGHwhISwqpZOrKB+rcfeAcRAmWpLFtc7E7X14gnNoFwVSWWLNvh2tYV
         JrJLFzed0+BNCZnzU76edDUspdVzOxyalPKkWn6STxEOFrEaAOEfnyYRGcbhA79cK/Og
         5D9c1/ornk4oP9xCjehGs+eWyG+AGFtqbvaKYAN+aFLkTr6CkNYIiP5t3rWhZL2fxk5M
         bEeYPl1oXxh6leGGQiira8idmf5XcIs1P4aDlYskQxvJGiOu/XQg2cB0R7dEyt+zpkQn
         EoZuPKYKUvYGQWSqwhYnPdakuY+NQ8nrbKXMzD5Moa7BeACQ/uHsOAnmAmwcJa2/hfEE
         5Xtw==
X-Gm-Message-State: AOAM5333ZExkyvqlgGkZh/XIsusNS46Udq6T3oSJDq915Sr296XXLf6D
        HD94DFBdJk4y5edWpbvJTVn0+yPbUtc=
X-Google-Smtp-Source: 
 ABdhPJwCDGmoca60zyB52sj2joW8yzQoHblxBwmNYCTR1Ks+IBBFAuG/bsLCBr2NUHsoqzzIg10rCw==
X-Received: by 2002:a17:906:3b84:: with SMTP id
 u4mr16405859ejf.310.1639068583371;
        Thu, 09 Dec 2021 08:49:43 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.42
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:43 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 12/36] libsepol: clean memory on conditional insertion
 failure
Date: Thu,  9 Dec 2021 17:49:04 +0100
Message-Id: <20211209164928.87459-13-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Free the local access vector list on failure as it does not get moved
into the policy structure.
Drop the now redundant, but non-exhaustive, resource cleanup in
cond_insertf().

    Direct leak of 16 byte(s) in 1 object(s) allocated from:
        #0 0x52596d in malloc (./out/binpolicy-fuzzer+0x52596d)
        #1 0x5b30d2 in cond_insertf ./libsepol/src/conditional.c:682:9
        #2 0x5ac218 in avtab_read_item ./libsepol/src/avtab.c:583:10
        #3 0x5b21f4 in cond_read_av_list ./libsepol/src/conditional.c:725:8
        #4 0x5b21f4 in cond_read_node ./libsepol/src/conditional.c:798:7
        #5 0x5b21f4 in cond_read_list ./libsepol/src/conditional.c:847:7
        #6 0x576b6e in policydb_read ./libsepol/src/policydb.c:4436:8
        #7 0x55a1fe in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6
        #8 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #9 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #10 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #11 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #12 0x7f47abeb87ec in __libc_start_main csu/../csu/libc-start.c:332:16

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   drop redundant cleanup in cond_insertf()
---
 libsepol/src/conditional.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
index cc3f4d82..a3125fdd 100644
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@@ -634,7 +634,7 @@ static int cond_insertf(avtab_t * a
 	if (k->specified & AVTAB_TYPE) {
 		if (avtab_search(&p->te_avtab, k)) {
 			WARN(NULL, "security: type rule already exists outside of a conditional.");
-			goto err;
+			return -1;
 		}
 		/*
 		 * If we are reading the false list other will be a pointer to
@@ -650,7 +650,7 @@ static int cond_insertf(avtab_t * a
 				if (avtab_search_node_next
 				    (node_ptr, k->specified)) {
 					ERR(NULL, "security: too many conflicting type rules.");
-					goto err;
+					return -1;
 				}
 				found = 0;
 				for (cur = other; cur != NULL; cur = cur->next) {
@@ -661,13 +661,13 @@ static int cond_insertf(avtab_t * a
 				}
 				if (!found) {
 					ERR(NULL, "security: conflicting type rules.\n");
-					goto err;
+					return -1;
 				}
 			}
 		} else {
 			if (avtab_search(&p->te_cond_avtab, k)) {
 				ERR(NULL, "security: conflicting type rules when adding type rule for true.\n");
-				goto err;
+				return -1;
 			}
 		}
 	}
@@ -675,13 +675,13 @@ static int cond_insertf(avtab_t * a
 	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
 	if (!node_ptr) {
 		ERR(NULL, "security: could not insert rule.");
-		goto err;
+		return -1;
 	}
 	node_ptr->parse_context = (void *)1;
 
 	list = malloc(sizeof(cond_av_list_t));
 	if (!list)
-		goto err;
+		return -1;
 	memset(list, 0, sizeof(cond_av_list_t));
 
 	list->node = node_ptr;
@@ -691,11 +691,6 @@ static int cond_insertf(avtab_t * a
 		data->tail->next = list;
 	data->tail = list;
 	return 0;
-
-      err:
-	cond_av_list_destroy(data->head);
-	data->head = NULL;
-	return -1;
 }
 
 static int cond_read_av_list(policydb_t * p, void *fp,
@@ -724,8 +719,10 @@ static int cond_read_av_list(policydb_t * p, void *fp,
 	for (i = 0; i < len; i++) {
 		rc = avtab_read_item(fp, p->policyvers, &p->te_cond_avtab,
 				     cond_insertf, &data);
-		if (rc)
+		if (rc) {
+			cond_av_list_destroy(data.head);
 			return rc;
+		}
 
 	}
 

From patchwork Thu Dec  9 16:49:05 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667141
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E3511C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:55 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238064AbhLIQ43 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:29 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40358 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231162AbhLIQ42 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:28 -0500
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com
 [IPv6:2a00:1450:4864:20::530])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E939C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:55 -0800 (PST)
Received: by mail-ed1-x530.google.com with SMTP id y12so21044526eda.12
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=frlviyJXFNx5SKoj1wdqZpP6jId7QYPzL0wI+Qm7ytc=;
        b=IDPhyIUSihfqhRQx6rw/4OYHgPiMchby9pen/+cCxxdPr/cVECC7o/67CeAkis3mS4
         QdnPkv7k9zE9ai+QkR4jhEvVneNAQFBWYpbPaVhSF9NnFxqL6t4iTPyfUes8lgDMHBcX
         xx1ecqkt+MzfBzs5AvRnmtyAiftiPQxnSFkeNI7UINoKLcdxj1vZoWkA2ckV/iv9VH6G
         sLW17ITsXlDJg1ojJyYmtLqI33dPkqNOCJIZkuUX+lavtj45tQdXxbirKka+sIISXUad
         6EAKnurWJ94VMB//ZtvRV8KUnzq1TetZWq3IpeYG0EvQqyLqyg7YHDeDkWgaaqVGDFXT
         su4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=frlviyJXFNx5SKoj1wdqZpP6jId7QYPzL0wI+Qm7ytc=;
        b=IEzipMsL22Vhh1Cw0Yo0iP/goAAklAxUkv0bmAjKYibe+6zSDu5JFmeUss48H3Oq44
         /86qcwHuW7dUP/9NyKzmQ+6cZ/1KZ96cud2WKpCpctvDIdGlj/c6CuIc1UVRvAbIvLdg
         wa8Y97HWUGBIycrQ2CRV3xTOl7AqQELnS1f9FHDUk1EHBGiJyiE76LMrCgIgqpsvETKU
         OFSQ3GlpY0Dctq/LTrPy/mgPSl26XwGdrXn68ecmwEJ5c/zazaPRbQs1AObkMy50gXBG
         t+hWQtz5Tge9ijldMKNXHMFsv+jEuT58uvjIRKEStdaN2G76boSGHuT6JNoGhmkh+9TJ
         3x2g==
X-Gm-Message-State: AOAM533m5yr6wIg+CoKC7M+E+JfzPx43FHLN1da+z4mz6Z64lf/4lQ0a
        mZpblT6zC8P2ZAwjMNrB42KSoc1/kDA=
X-Google-Smtp-Source: 
 ABdhPJw2nJMrP3XGJr4TOXsBd9pOBh0Cm9uWaZTzO7ki1xi5SPoOuMi9MGIK3D1LJf+8DqIuH1kFtw==
X-Received: by 2002:aa7:dc14:: with SMTP id
 b20mr30383067edu.133.1639068584134;
        Thu, 09 Dec 2021 08:49:44 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.43
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:43 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 13/36] libsepol: reject abnormal huge sid ids
Date: Thu,  9 Dec 2021 17:49:05 +0100
Message-Id: <20211209164928.87459-14-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check if the sid value is saturated to guard dependent allocations.

    ==19967== ERROR: libFuzzer: out-of-memory (malloc(7784628224))
        #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61)
        #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o
        #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o
        #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o
        #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557)
        #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7)
        #6 0x4aabe3 in __asan::Allocator::Reallocate(void*, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aabe3)
        #7 0x4aaa32 in __asan::asan_reallocarray(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aaa32)
        #8 0x525f8e in __interceptor_reallocarray (./out/binpolicy-fuzzer+0x525f8e)
        #9 0x5ebad3 in strs_add_at_index ./libsepol/src/kernel_to_common.c:224:9
        #10 0x5680eb in write_sids_to_conf ./libsepol/src/kernel_to_conf.c:466:8
        #11 0x55c1c0 in write_sid_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:498:8
        #12 0x55ad36 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3083:7
        #13 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
        #14 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #15 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #16 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #17 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #18 0x7f085ac657ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #19 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 0b2edf51..a3d34d30 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2883,6 +2883,8 @@ static int ocontext_read_xen(const struct policydb_compat_info *info,
 				if (rc < 0)
 					return -1;
 				c->sid[0] = le32_to_cpu(buf[0]);
+				if (is_saturated(c->sid[0]))
+					return -1;
 				if (context_read_and_validate
 				    (&c->context[0], p, fp))
 					return -1;
@@ -2994,6 +2996,8 @@ static int ocontext_read_selinux(const struct policydb_compat_info *info,
 				if (rc < 0)
 					return -1;
 				c->sid[0] = le32_to_cpu(buf[0]);
+				if (is_saturated(c->sid[0]))
+					return -1;
 				if (context_read_and_validate
 				    (&c->context[0], p, fp))
 					return -1;

From patchwork Thu Dec  9 16:49:06 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667115
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0AD79C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241359AbhLIQzv (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:51 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40164 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234550AbhLIQzv (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:51 -0500
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com
 [IPv6:2a00:1450:4864:20::534])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEC2FC061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:17 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id y13so21203018edd.13
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=DFcvTQogy7Mo0rOVJpnyL0BQpY03Kba3KtoBQO4aBoE=;
        b=O8v2LAsNOZl54taIipL+14hZYss8r4ts13aWhauQmv97h1oh6tFInkXJBQ8DDxzfor
         LIDjLTw+uvC60L3HHVTikhabyNSTbqfjhLZHFmLIGE5co7xj0SFrmS0YvwIIfdxWWAbC
         RXTSyccMdPgbJhoU2TIp8y+VQaER4K5DHxHUmffmyRDvehMMTqh9+P1I3Meobjn2EO7Y
         6Q/Xfr1WEbRDdjZexWYAdkNU6vFl4zGT83WNulIaS21WZY9Wc195xDzLVHMZ2+RrElvS
         xCtftL7OaD+Y6NyDT464lURJ6VbuTIsGg2FsKfVGm0aOAvn7zG7RQS2Fj7mohkaDvDKz
         kt7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=DFcvTQogy7Mo0rOVJpnyL0BQpY03Kba3KtoBQO4aBoE=;
        b=QqaFVckaUw6E7Lg+IN5zXnVa+2jdza9jQHem3xEzIcct3aRjKVK1RvPAosElg+twX1
         eD16Ya8OIJ3RfMfbuf3JkZtR3u7Sb1xStJbbBYeyAnFhOcHzP7SnM83DlcXGRjRhgjiA
         cPerDWY/iOyIixR5sYWr3dT/icktXeISpwkubVZcfMZwA3qebEDqgHHGJLlxYfBCwjQO
         LV2mEegl3ba2rAs4z9rC5rXKvyQbbguuU1bQvexzvuLUJp496rS1eGZ8ntbWV9uy1WsC
         wn5R6NL5vsRWizf0njOu7mTRPoPHk1Pi7JPFey/EQyB6pU4g1pgeY3mK1Ukggl3G8Kbj
         mTyg==
X-Gm-Message-State: AOAM533busHbmASN4xH4qd3jffPYMmU9VZZMrEqc+DqnYOQDfAvFEUyk
        XQozR7EPfyhzZ9RHDCmdPNqLr9eU9cw=
X-Google-Smtp-Source: 
 ABdhPJxmOAs8OIMDnrXWQHQEsvV81Xt4HI7F9kjLQPpxeNXqsqayiQ0TIF1f5OQLCWid/puYpr9Xgg==
X-Received: by 2002:a17:906:c114:: with SMTP id
 do20mr17443161ejc.401.1639068584739;
        Thu, 09 Dec 2021 08:49:44 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.44
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:44 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 14/36] libsepol: reject invalid filetrans source type
Date: Thu,  9 Dec 2021 17:49:06 +0100
Message-Id: <20211209164928.87459-15-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Avoid integer underflow on invalid filetrans source types.

    policydb.c:2658:47: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'
        #0 0x4cf4cb in policydb_filetrans_insert ./libsepol/src/policydb.c:2658:47
        #1 0x4d221a in filename_trans_read_one_compat ./libsepol/src/policydb.c:2691:7
        #2 0x4d221a in filename_trans_read ./libsepol/src/policydb.c:2842:9
        #3 0x4d1370 in policydb_read ./libsepol/src/policydb.c:4447:7
        #4 0x4b1ee3 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:35:6
        #5 0x43f2f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #6 0x42ae32 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #7 0x430d5b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #8 0x45a1f2 in main (./out/binpolicy-fuzzer+0x45a1f2)
        #9 0x7f8b8923a7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #10 0x407aa9 in _start (./out/binpolicy-fuzzer+0x407aa9)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index a3d34d30..25ffa07c 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2683,7 +2683,10 @@ static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp)
 	if (rc < 0)
 		goto err;
 
-	stype  = le32_to_cpu(buf[0]);
+	stype = le32_to_cpu(buf[0]);
+	if (stype == 0)
+		goto err;
+
 	ttype  = le32_to_cpu(buf[1]);
 	tclass = le32_to_cpu(buf[2]);
 	otype  = le32_to_cpu(buf[3]);

From patchwork Thu Dec  9 16:49:07 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667077
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 41AFEC433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:24 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238007AbhLIQy5 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:54:57 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39866 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231635AbhLIQy4 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:54:56 -0500
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com
 [IPv6:2a00:1450:4864:20::530])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30D45C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:23 -0800 (PST)
Received: by mail-ed1-x530.google.com with SMTP id x15so21954225edv.1
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=mfU3j7D1K4WGnf9Gm5ayLdHZ+SYqwAp5jBV+TmdK+aw=;
        b=TJnU/x7Eu0rdYff/CjWaYb5II8T2xoOUK3Ghk9yenfgYWVWTZlfUaswF6cpgANkFzw
         EkW3gYGIIPvpfXN8jGvcIBfEzxL5SUWf2W3110gf8Rvck2Mmkj/q9em7hAq4k76iki3J
         +44VOA3FQTnh/cUBdFdvoT1OSrIbWTOpZ9XMY1UvGgmz/+llIB/2V93NewbyGZuAQklF
         dQ+U/UJ7Gn4CKEbcKpYxMLsluJWq9LKrfoOQ/AsaH7tHVHqkaa7G4CJILN4rKgG6mnGF
         2OhVvtZfkEtuARt4nIUTY0w3xS9FW3hRKjXxm9hSv407QZ8Ud2zp+2fR/Fm1KydDgE6T
         bD/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=mfU3j7D1K4WGnf9Gm5ayLdHZ+SYqwAp5jBV+TmdK+aw=;
        b=IGqGSk1mLnZ9cqlwPVjfWy4UriHc4d9eq8nt/Kz8BzwLmQ06/A5jiQEof1xdDLsZd0
         U9rCmYm+69wYhn3ecnWuE+JQvEcYd5XQqXS3f9Tarvwp9zG4OJTi6Taw+YFcs/16QSzp
         MQnTV06MBv3KukYwD/lwQOd+57hBS3y5ZzECLq4vQ0e3N+8d2kfqtIKlFk9mONfZdFTY
         j1jKcSIuwUKfWvBrnyC339spwZyypbygypr1Fe/R2Ze8UV62ljrknGIngg7JREERycBj
         yN1Q7IL3rQS4VuMm0ZUXata0QHJF1LGUKxn7uqgS2zhOEyWI675Q38TJFvrEMoUBf3bo
         gSrw==
X-Gm-Message-State: AOAM5332DmZrpDZfpXlUxWVwERsMfI2ycRXwFfvEQqbduDCgVdOicnsN
        l9AgJ8xaYaehKq1voXSxTJzenluSsyw=
X-Google-Smtp-Source: 
 ABdhPJwMVpidcma+uvJ78DBtr8ZmRkoIrlLa8nHumKd3Cc09n+tEuO4oPVNbYVZumDbB+vS8V+tJQw==
X-Received: by 2002:a05:6402:4413:: with SMTP id
 y19mr30436751eda.26.1639068585342;
        Thu, 09 Dec 2021 08:49:45 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.44
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:44 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 15/36] libsepol: zero member before potential dereference
Date: Thu,  9 Dec 2021 17:49:07 +0100
Message-Id: <20211209164928.87459-16-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

The `next` member might be checked against NULL and dereferenced before
it gets assigned, due to jumps from failure gotos to the cleanup
section.

    ==31017==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x000000579654 bp 0x7ffd3a07d110 sp 0x7ffd3a07d000 T0)
    ==31017==The signal is caused by a READ memory access.
    ==31017==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
        #0 0x579654 in filename_trans_read_one ./libsepol/src/policydb.c:2874:55
        #1 0x579654 in filename_trans_read ./libsepol/src/policydb.c:2902:9
        #2 0x5771b7 in policydb_read ./libsepol/src/policydb.c:4509:7
        #3 0x55a1f5 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6
        #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #8 0x7f2a4e7f97ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 25ffa07c..79aba3af 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2780,6 +2780,7 @@ static int filename_trans_read_one(policydb_t *p, struct policy_file *fp)
 		if (!datum)
 			goto err;
 
+		datum->next = NULL;
 		*dst = datum;
 
 		/* ebitmap_read() will at least init the bitmap */
@@ -2797,7 +2798,6 @@ static int filename_trans_read_one(policydb_t *p, struct policy_file *fp)
 
 		dst = &datum->next;
 	}
-	*dst = NULL;
 
 	if (ndatum > 1 && filename_trans_check_datum(first))
 		goto err;

From patchwork Thu Dec  9 16:49:08 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667127
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C96E2C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:30 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234550AbhLIQ4D (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40230 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232406AbhLIQ4D (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:03 -0500
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com
 [IPv6:2a00:1450:4864:20::536])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62250C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:29 -0800 (PST)
Received: by mail-ed1-x536.google.com with SMTP id x10so4329022edd.5
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=oF2vj0Jv8v8Kdyq57hO2V8GGlbS8mGYRgiPT4bPjkAU=;
        b=RF2bEhRKR8W5QJcEV2MkKM8hFbFcBoeJZqKYNemH309v74TbK+NIt7tcaI41MqjoMx
         jsWpGT0uXz+Y/o99zb/2evweNnCRdU+1cWiI+M/MAxW1+LJTV7Ucdm+eT9l6BZPplMV6
         Yp2zPj5qQj54cIj4XmWN7u2SHY0Ifw8BznQGQ4Nk7p35FRKtwc8dQB1osMUGYEc4/AY/
         s36amPPGZLpxkxEOBatiWnnaYDnNBLc/lMtOF3FADRiIPPpNcpMow3unrmnuTX8TE/o7
         Mh9ywAx+RsqH0+v4OdNS7xPP4DJv3v2rpNM9xruzBJuqgm9ntotbyC2TbIzAh0+iIfCr
         2KSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=oF2vj0Jv8v8Kdyq57hO2V8GGlbS8mGYRgiPT4bPjkAU=;
        b=kOgr6Q9N1n0Pbay4kNVYjKnGZOU2yTjULSTpRzd6nquZO6nLiw3TxpCuZKL976KgR4
         N717f11bz7GoOV4j/wArFtisjuHnjP59pVB/kNRs9svhUlWKy7RsQsgi6Fedal85CGTx
         eJ4VEqNVF6JUBTsVezhUKVd/rECoHeLy+jInKafnGvDG0fbscmBFDa/KCHH4buP05jGR
         BzCHnLe2oYlyRnFNbF31D36BmcdSmsRk1R7HPaUGb5pZ5LkQIZyK09VPOHmqhUEEQuIY
         LZrF750pxLQO9jOhWipoXxJrVTN6LRI0xa3epIaPh1e4D8VkKcqhB8MVsxtlydsidiCt
         3UFA==
X-Gm-Message-State: AOAM530I7oAMpq/HXZslbUtDwdW8lSsn6otymhU3ctL1trwUF4sDq5tA
        WhzmVvWARdVt9xnN42bkNv7GbCJ6sqY=
X-Google-Smtp-Source: 
 ABdhPJy+yOVNhT9ajJC//GSA2c99sWixeHi4B1eFMHA1q2QxISYYjYXqkecZBPZNhD9XpKzAkDVs9g==
X-Received: by 2002:a17:907:7ea6:: with SMTP id
 qb38mr16912662ejc.248.1639068585951;
        Thu, 09 Dec 2021 08:49:45 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.45
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:45 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 16/36] libsepol: use size_t for indexes in strs helpers
Date: Thu,  9 Dec 2021 17:49:08 +0100
Message-Id: <20211209164928.87459-17-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Use size_t, as the strs struct uses it for its size member.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/kernel_to_common.c | 8 ++++----
 libsepol/src/kernel_to_common.h | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
index 51df8c25..47c02d61 100644
--- a/libsepol/src/kernel_to_common.c
+++ b/libsepol/src/kernel_to_common.c
@@ -159,7 +159,7 @@ int strs_add(struct strs *strs, char *s)
 {
 	if (strs->num + 1 > strs->size) {
 		char **new;
-		unsigned i = strs->size;
+		size_t i = strs->size;
 		strs->size *= 2;
 		new = reallocarray(strs->list, strs->size, sizeof(char *));
 		if (!new) {
@@ -212,11 +212,11 @@ char *strs_remove_last(struct strs *strs)
 	return strs->list[strs->num];
 }
 
-int strs_add_at_index(struct strs *strs, char *s, unsigned index)
+int strs_add_at_index(struct strs *strs, char *s, size_t index)
 {
 	if (index >= strs->size) {
 		char **new;
-		unsigned i = strs->size;
+		size_t i = strs->size;
 		while (index >= strs->size) {
 			strs->size *= 2;
 		}
@@ -237,7 +237,7 @@ int strs_add_at_index(struct strs *strs, char *s, unsigned index)
 	return 0;
 }
 
-char *strs_read_at_index(struct strs *strs, unsigned index)
+char *strs_read_at_index(struct strs *strs, size_t index)
 {
 	if (index >= strs->num) {
 		return NULL;
diff --git a/libsepol/src/kernel_to_common.h b/libsepol/src/kernel_to_common.h
index 8aa483fa..e9932d30 100644
--- a/libsepol/src/kernel_to_common.h
+++ b/libsepol/src/kernel_to_common.h
@@ -99,8 +99,8 @@ int strs_add(struct strs *strs, char *s);
 __attribute__ ((format(printf, 2, 4)))
 int strs_create_and_add(struct strs *strs, const char *fmt, int num, ...);
 char *strs_remove_last(struct strs *strs);
-int strs_add_at_index(struct strs *strs, char *s, unsigned index);
-char *strs_read_at_index(struct strs *strs, unsigned index);
+int strs_add_at_index(struct strs *strs, char *s, size_t index);
+char *strs_read_at_index(struct strs *strs, size_t index);
 void strs_sort(struct strs *strs);
 unsigned strs_num_items(struct strs *strs);
 size_t strs_len_items(struct strs *strs);

From patchwork Thu Dec  9 16:49:09 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667131
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EEF4AC433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229821AbhLIQ4I (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:08 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40252 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232000AbhLIQ4H (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:07 -0500
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com
 [IPv6:2a00:1450:4864:20::529])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB9E0C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:33 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id r11so21096663edd.9
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=YCXs6Gz3cg2tgZH375fimvcsJkMhE0dVaZWHoVjvtrc=;
        b=qKVPI/xhXeTjMWJepUoPLMRKOf+U9vAHpVRzqrbVMrWOtrO1kte0QHPSQ5ExBGcaoj
         ZMQYYrKMEO7WnVO8hKwU1NPogyfbtmCHNG02EV2PFnvc5UuXzqyWOQjnlHb0aeAsIBmN
         4jMMTlSw7rwxnpUKBhBmUFa7toVhLlmd+JRHU3kF5kuf0XkhJTSmKtp4CpA+SdsWHbNh
         lO+cdziXxql/DY9bvw/vZ2aOrciX7FhMANVkTAT6ufH4RTT9z1t+uRe9NpdQw87V6H2S
         lp5XFw0iBNQkR4BW/IEGuCay3jdZc0bvXKx05mt0A5EuWIHDd7dHgRTiU4p6uoAG9oaN
         YEHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=YCXs6Gz3cg2tgZH375fimvcsJkMhE0dVaZWHoVjvtrc=;
        b=t3GmyvFIoulZHlo/HCV7jOnC597+H43TaiHDRu5io/kG41hdWcP69wglVxStRzndnu
         KCflwXSzyUK0cwQS0o93wqnotq4X3+l2kUAgWwqEgM7eXOo/Ipd4D0+OX0KX2SmtUI15
         iAW9IkAFgbe5HX+l46yu5vu0sC5g0ZG0vJbNDXR8w5bJK86ArJDC2PdlMSaY/vbl1c/o
         +4zNthQTcrqijj96wdAyRncZnpanDhcvAFxA9yHenON+jXc05q0bDJdQOffODxWv4iQV
         A6iFowZMr7QSdJV+608BjizoDSa/5Ma+pCR4t8cjwr1uAB97Yk5YICWeC6Ha3g/nKmy1
         /JQw==
X-Gm-Message-State: AOAM532r7D+LVZ9LAUbTnq7Mt9hXNiS0iCAzrFjUP2nsgVOjKUMJkxpK
        B6aQHvFgSk2eLQ3jaW8EACbKRi0oVq8=
X-Google-Smtp-Source: 
 ABdhPJwZR2wgKlAhOL4Oe4iyOPrUaLS/3jut6z8doZ5ni4orarPab0N8jbjnFT0Manpt4bW8/DFN7A==
X-Received: by 2002:a50:fb16:: with SMTP id
 d22mr30936459edq.367.1639068586736;
        Thu, 09 Dec 2021 08:49:46 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.46
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:46 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 17/36] libsepol: do not underflow on short format arguments
Date: Thu,  9 Dec 2021 17:49:09 +0100
Message-Id: <20211209164928.87459-18-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Handle format arguments that do not have a size of at least 2.

    kernel_to_common.c:69:20: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long'
        #0 0x557b0b in create_str_helper ./libsepol/src/kernel_to_common.c:69:20
        #1 0x5577b8 in create_str ./libsepol/src/kernel_to_common.c:99:8
        #2 0x56448c in cond_expr_to_str ./libsepol/src/kernel_to_conf.c:82:15
        #3 0x56448c in write_cond_nodes_to_conf ./libsepol/src/kernel_to_conf.c:2103:10
        #4 0x55bd9b in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3171:7
        #5 0x4f9d79 in main ./checkpolicy/checkpolicy.c:684:11
        #6 0x7fe2a342b7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #7 0x41f3a9 in _start (./checkpolicy/checkpolicy+0x41f3a9)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/kernel_to_common.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
index 47c02d61..152f2816 100644
--- a/libsepol/src/kernel_to_common.c
+++ b/libsepol/src/kernel_to_common.c
@@ -57,7 +57,7 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs)
 	va_list vargs2;
 	char *str = NULL;
 	char *s;
-	size_t len;
+	size_t len, s_len;
 	int i, rc;
 
 	va_copy(vargs2, vargs);
@@ -66,7 +66,8 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs)
 
 	for (i=0; i<num; i++) {
 		s = va_arg(vargs, char *);
-		len += strlen(s) - 2; /* -2 for each %s in fmt */
+		s_len = strlen(s);
+		len += s_len > 1 ? s_len - 2 : 0; /* -2 for each %s in fmt */
 	}
 
 	str = malloc(len);

From patchwork Thu Dec  9 16:49:10 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667097
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9CD55C4332F
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:47 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241342AbhLIQzU (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:20 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40000 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230221AbhLIQzU (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:20 -0500
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com
 [IPv6:2a00:1450:4864:20::52c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BB16C0617A2
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:46 -0800 (PST)
Received: by mail-ed1-x52c.google.com with SMTP id v1so21771287edx.2
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=WXG7EiXb1kMGnHSKuSVv8YNkA0eGeqB190yhbehi3aY=;
        b=NIPUxAek/LnGIzZJCHihssWgLUdw2rfK+vgkEfORMA7y/jcVNjwHQQNd/lS7b+cwyt
         Wc7KiEEDZBL1pWXpL6hh6jfq8bNvIHr4R/oa42K8vlHXUwiPvieUDiE7QQb1PX37euR1
         P3dcI8c1m6g3uZFZj3qDMgyde72O1G31f8xzW16+Q2JyVgELml30xwpe91ak/elVaPUC
         iP7PfeIpFzSkS5jkK1KlK/SSlm2VfN1Yjh1Al4b0ofxwbcVvg7nL5hw3o4yt5vfV6e32
         81WqTi+6w3A0hzZJ3jp0UIG5jUng/lv3DrDH0M2QyP/NQqb8Samzw7+AgIcr+xTHiUX0
         i3kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=WXG7EiXb1kMGnHSKuSVv8YNkA0eGeqB190yhbehi3aY=;
        b=gvfuwj/QnxkAfoC5ZcBs2AgTfG4FKIjpoqt6C6Oh4555MwoLkjTIrSmznTtMJfcqph
         e25wa64sLUD5Gu/cj3m1JHAMvmccjhHoWIsHruBYeKUdGDV9Hup7i05Rix2D18/xBqtj
         R9Voq+yLJ0OS8LiS1JqYknD+1RFAOMxthEeQ3KIg3qPGzBzn9dx4wMgv2yyVy4SthIUt
         6l2qbbOWNWOhyfqbi9tdHlnery3XcMOSV9AG+vAYkUPfl4af5xozVkPrfaNnBzdUW4/n
         JHED3ZHbSFFBGoXDhQI0jE4F50Wr56fm9IGvAM/8MO6hTBH2CkiVrDBL1L2r74ASV28g
         qLfg==
X-Gm-Message-State: AOAM532sPbFf+EONwruUjYHw5AniPbcLTPMal5sc4bapRzFtNIKTrgjS
        d6LIuYBTjqJY59ngDK1tjATmYQO+YE8=
X-Google-Smtp-Source: 
 ABdhPJxcmdrm37rUiaa7tqAedI7AWr0sx/xmdoV0620GTeSu4SYfkEcsvSYVDdh93FctTDEu/+yC6w==
X-Received: by 2002:a17:906:3b54:: with SMTP id
 h20mr16788924ejf.468.1639068587392;
        Thu, 09 Dec 2021 08:49:47 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.46
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:47 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 18/36] libsepol: do not crash on class gaps
Date: Thu,  9 Dec 2021 17:49:10 +0100
Message-Id: <20211209164928.87459-19-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Handle gaps in the class table while printing a policy configuration.

    ==21763==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x00000055b696 bp 0x7ffe69e8ab50 sp 0x7ffe69e8aa60 T0)
    ==21763==The signal is caused by a READ memory access.
    ==21763==Hint: address points to the zero page.
        #0 0x55b696 in constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:361:14
        #1 0x55ac80 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3063:7
        #2 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
        #3 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #4 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #5 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #6 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #7 0x7fc60d39e7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #8 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/kernel_to_cil.c  |  9 +++++++++
 libsepol/src/kernel_to_conf.c | 10 ++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index b81cdb22..d9afdda6 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -358,6 +358,7 @@ static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs,
 
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->constraints) {
 			name = pdb->p_class_val_to_name[i];
 			rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs);
@@ -383,6 +384,7 @@ static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_st
 
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->validatetrans) {
 			name = pdb->p_class_val_to_name[i];
 			rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs);
@@ -461,6 +463,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb)
 	/* class */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		name = pdb->p_class_val_to_name[i];
 		perms = class_or_common_perms_to_str(&class->permissions);
 		if (perms) {
@@ -488,6 +491,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb)
 	/* classcommon */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		name = pdb->p_class_val_to_name[i];
 		if (class->comkey != NULL) {
 			sepol_printf(out, "(classcommon %s %s)\n", name, class->comkey);
@@ -503,6 +507,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb)
 	}
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		name = class->comkey;
 		if (name != NULL) {
 			common = hashtab_search(pdb->p_commons.table, name);
@@ -727,6 +732,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb)
 	/* default_user */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_user != 0) {
 			rc = write_default_user_to_cil(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {
@@ -738,6 +744,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb)
 	/* default_role */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_role != 0) {
 			rc = write_default_role_to_cil(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {
@@ -749,6 +756,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb)
 	/* default_type */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_type != 0) {
 			rc = write_default_type_to_cil(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {
@@ -764,6 +772,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb)
 	/* default_range */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_range) {
 			rc = write_default_range_to_cil(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 460209c8..92a342d1 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -362,7 +362,7 @@ static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs,
 
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
-		if (class->constraints) {
+		if (class && class->constraints) {
 			name = pdb->p_class_val_to_name[i];
 			rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs);
 			if (rc != 0) {
@@ -387,7 +387,7 @@ static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_st
 
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
-		if (class->validatetrans) {
+		if (class && class->validatetrans) {
 			name = pdb->p_class_val_to_name[i];
 			rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs);
 			if (rc != 0) {
@@ -555,6 +555,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb)
 	}
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		name = class->comkey;
 		if (!name) continue;
 		common = hashtab_search(pdb->p_commons.table, name);
@@ -581,6 +582,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb)
 	/* class */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		name = pdb->p_class_val_to_name[i];
 		sepol_printf(out, "class %s", name);
 		if (class->comkey) {
@@ -706,6 +708,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb)
 	/* default_user */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_user != 0) {
 			rc = write_default_user_to_conf(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {
@@ -717,6 +720,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb)
 	/* default_role */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_role != 0) {
 			rc = write_default_role_to_conf(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {
@@ -728,6 +732,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb)
 	/* default_type */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_type != 0) {
 			rc = write_default_type_to_conf(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {
@@ -743,6 +748,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb)
 	/* default_range */
 	for (i=0; i < pdb->p_classes.nprim; i++) {
 		class = pdb->class_val_to_struct[i];
+		if (!class) continue;
 		if (class->default_range != 0) {
 			rc = write_default_range_to_conf(out, pdb->p_class_val_to_name[i], class);
 			if (rc != 0) {

From patchwork Thu Dec  9 16:49:11 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667139
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9B983C433FE
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232000AbhLIQ40 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40342 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231162AbhLIQ40 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:26 -0500
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com
 [IPv6:2a00:1450:4864:20::52c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1B66C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:52 -0800 (PST)
Received: by mail-ed1-x52c.google.com with SMTP id t5so21315057edd.0
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=myk2fagbRYo56h35dbUdYxa5cd9Ca3ACjL3X2gVcXws=;
        b=RLjBy8IqDas2j41HKrTQ1dQStYw2m4VdgY6Tz2qsimhW5pZO3rD3rFm6vKaEIg1Fn+
         TYxakuoSEgPzKCZVxRfGi3FTrx9oRxxbsn2vfvP5OnYppn44PthtX0feuZftI0T12qu7
         Q1lxGyK7vNb4fY1WbCA65IZsvXc6oQqZt6LRVge+fiQ1boP3s8a9btDO9HfuycTBWRK9
         WipFb1fq2SFKurkxaYOgBSE8KVuPZ9hfpBrDjEt/DzlSkeA3wvRTdRe+RAYrM0gQUn6b
         ld+srAABwRWs9ccuwl8vqEebY0aLdas2pFxllLDztlG7ElFd/WPs3+sKmqqFcKbHBbuZ
         w4eA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=myk2fagbRYo56h35dbUdYxa5cd9Ca3ACjL3X2gVcXws=;
        b=sNZpj0jKSAZgIuKtvIbS4JS2E3WMBpN03GP/9LG/ZSUzuMIZ1ki2/76Lqtjl1z2cye
         jiUiOuYPAjlwnBIV5JOM5woYhFPAYN0A9wpXY3KrgYsjsDfFqakrFoTfrL6TDDRwiart
         NhWItAdre5+JUjXs1Ii4kB79yBbEfGx4xty1BuCkrUfJXwPRnAbFl5NsFkx0UJiQkijP
         8L9rvGvvzfcljgb/bgeEkbaSqo2LYe3BuKsp2ow+HyTq3rPTeZDGyQbRboMrgWp6R7Aj
         sofkI/jHa0PHKb88ZEj9B9fVMsaw4osOCsupUvFwILzJcwpOAOCu4MZ3w8ALkB291j8p
         paQw==
X-Gm-Message-State: AOAM5310AkJE0DaeeWbF4izZW1rPTe5vFSo95o3+Y1P9SrxWuL7uBnRR
        71mfoyohwXmxRnLxZWzmHss2rWoBKn8=
X-Google-Smtp-Source: 
 ABdhPJyrurt4WbgY+BF4R3GCcogG6Z4GkgGfBeCOef9OWeLupuLGI7Hqo21xS+MKSCZWwF0V+ULucw==
X-Received: by 2002:a05:6402:1c01:: with SMTP id
 ck1mr30337669edb.262.1639068588134;
        Thu, 09 Dec 2021 08:49:48 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.47
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:47 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 19/36] libsepol: do not crash on user gaps
Date: Thu,  9 Dec 2021 17:49:11 +0100
Message-Id: <20211209164928.87459-20-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Handle gaps in the user table while printing a policy configuration.

    ==24424==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004bdc55 bp 0x7ffc8790b810 sp 0x7ffc8790afb0 T0)
    ==24424==The signal is caused by a READ memory access.
    ==24424==Hint: address points to the zero page.
        #0 0x4bdc55 in __interceptor_strcmp (./out/binpolicy-fuzzer+0x4bdc55)
        #1 0x5ebdf6 in strs_cmp ./libsepol/src/kernel_to_common.c:253:9
        #2 0x505669 in __interceptor_qsort (./out/binpolicy-fuzzer+0x505669)
        #3 0x5ebd84 in strs_sort ./libsepol/src/kernel_to_common.c:261:2
        #4 0x564550 in write_user_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:2333:2
        #5 0x55b137 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3190:7
        #6 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
        #7 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #8 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #9 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #10 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #11 0x7f530128d7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #12 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/kernel_to_cil.c  | 1 +
 libsepol/src/kernel_to_conf.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index d9afdda6..26868f2d 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -2397,6 +2397,7 @@ static int write_user_decl_rules_to_cil(FILE *out, struct policydb *pdb)
 	}
 
 	for (i=0; i < pdb->p_users.nprim; i++) {
+		if (!pdb->p_user_val_to_name[i]) continue;
 		rc = strs_add(strs, pdb->p_user_val_to_name[i]);
 		if (rc != 0) {
 			goto exit;
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 92a342d1..b2ad4e02 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -2327,6 +2327,7 @@ static int write_user_decl_rules_to_conf(FILE *out, struct policydb *pdb)
 	}
 
 	for (i=0; i < pdb->p_users.nprim; i++) {
+		if (!pdb->p_user_val_to_name[i]) continue;
 		rc = strs_add(strs, pdb->p_user_val_to_name[i]);
 		if (rc != 0) {
 			goto exit;

From patchwork Thu Dec  9 16:49:12 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667093
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E5694C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231567AbhLIQzT (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:19 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39994 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230221AbhLIQzT (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:19 -0500
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com
 [IPv6:2a00:1450:4864:20::531])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8647BC0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:45 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id o20so21703229eds.10
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=lSrwhiJ2ZT1Mzum6DIUxM597iA6Z7ZtmZsNVPeScfFM=;
        b=lAzzZ+6hMcZ2als8csFFL9MqQiVBcPLLXwVuezSmqmq6B1Pnb9ZL6NEe8pCyFrykER
         HtQohGPC5xHdKWaCU7j1e2evrEWo/N4L6Wn9WTMKNcuhrVsvppfV5y5QdfdoVHf8g+22
         XVxRKuTZZ2JBrAJo1KHRcVwVi0Sw4KpDlU5rEf3z/JqOcHum1965T3BRG5oJ+XXJsEV0
         10CHBbuTN4mWQf3CwNRhOJEZBXuowx40tCJ7dvJekjcGwo+gabojezoMxKX9xhm/D3WT
         K1toA1p3RYn34QVACly1huLtdAYNZJae/pLo3Q4nPMZ49m/jZ/fWKkB/5+e777jAQoMg
         wdUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=lSrwhiJ2ZT1Mzum6DIUxM597iA6Z7ZtmZsNVPeScfFM=;
        b=FbeiJ8tQ+tm1snNKN97CTYUmjg/O1O1q9EmGAZi362pPt5qAZUwECptM11OHYG/Kt0
         XpSBZHKRIDxrSpYB5UUm0+nqqG07ferlIYo8l5dQlZU2BzpHk07mAUl5o6YpG9jgvVV1
         hznJYoDIDqcFydsiNQHCVVWEgCIhsgmuVYEGi6xIEj2U5/YESkpHKOWE4vILJMOIvE/8
         g8075GzM5mjbbE95MsP2tTDqLuJubenlSWcVIYfqRgc8GWAzXlD65NvSh5xXzlQzR4eX
         aXAZmYBlD9vlGl/OGQ0YtljuzcfAT+z1/vyUM7A9tWIlUDPul3uR3lOTlTD/v8eHoLQY
         wTog==
X-Gm-Message-State: AOAM531jV+B2Zk9xnoHOp3XNesk8B5oOuLiEFtlsqS2zN1H6iz1gDpg6
        9KKH58z5vSa8KvdSqABEDVE2Jxfh9XI=
X-Google-Smtp-Source: 
 ABdhPJxGgR/jP4XU0cI2pEthBhoDWycHAX+HE5yjZzuRghbLa0Tx0ib+0cOcbN/HIkh5RcOyVbPMog==
X-Received: by 2002:a17:906:1be2:: with SMTP id
 t2mr17293129ejg.399.1639068588750;
        Thu, 09 Dec 2021 08:49:48 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.48
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:48 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 20/36] libsepol: use correct size for initial string list
Date: Thu,  9 Dec 2021 17:49:12 +0100
Message-Id: <20211209164928.87459-21-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Use the number of categories not levels, which might be zero, for the
string list initial size of categories.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/kernel_to_conf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index b2ad4e02..09c08618 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -918,7 +918,7 @@ static int write_category_rules_to_conf(FILE *out, struct policydb *pdb)
 	unsigned i, j, num;
 	int rc = 0;
 
-	rc = strs_init(&strs, pdb->p_levels.nprim);
+	rc = strs_init(&strs, pdb->p_cats.nprim);
 	if (rc != 0) {
 		goto exit;
 	}

From patchwork Thu Dec  9 16:49:13 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667113
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 46E80C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:14 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237346AbhLIQzr (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:47 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40146 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234550AbhLIQzr (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:47 -0500
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
 [IPv6:2a00:1450:4864:20::52d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49AC4C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:13 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id e3so21820803edu.4
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=lzy1nMecbbDHZ5D5hHpVg7+BKTjN8QKKUyzfNWc8G4M=;
        b=nb4nh+7OEzvdXOav8DBgg97/pU6iQ1fumZFm7k88Hoa1Y9YfoQzjKQ9hlPADZhJ0bL
         yY3YJ28q7YdYE+Fou4RGn5Nob2ijo3bwaUpHmLj/qCIMFkYXHouC8s4HN2wFJ6pJBtbU
         miCNGQFncIqmf2NVKjHJNufDQR/qBQOpbBxmqcZG5Q/LADV3kaaFOcpRlpX6p81Z2a7K
         uhicUJxKrbFEWpItchDtRL8cXZovRXJcD6MpN5EpEbov7FZgAsoXyJxYeu7/J3+eSB6p
         2qHKedHKez5oaBLsd0CD2IX6YjnD7ZcLvEMvM+M4hOclSrHmF185SOCcOKcK84OURWV2
         yxgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=lzy1nMecbbDHZ5D5hHpVg7+BKTjN8QKKUyzfNWc8G4M=;
        b=mJe/oivPSYAqMqQ4aq3Y/Gf9xqrSRk0gyW67O5RlwImGnkGuRXHU3d/wzjYpGKRo+B
         o/fkgkklDxKsiaYsXfRpO4mSi7d8+lUN+HmuRWb34orv5CbAv49o9p31K77NZt2B5Ljh
         FlLx0irkwnXWZEOLylan6OxcVVZGjrLzePSTkCvFiIuTWqsYtJNLqPTpQH5gC76ONoMs
         2N2OjHkM870TCvK4tRTYcE2GmcpftrMPBqZeMqQLvMlAVuiVjtyl7bbklNazPOEVGNdx
         lQrNbuYm4sNtfm6mflbGg+6ReGPRwX0PNmvtFmhbTYrJFUsSJ4MwgwnJTGu5kMO2zWvw
         Ph1w==
X-Gm-Message-State: AOAM531PCRZy+58WC4uPXzdqCpCqDA3CiCRG1zmZ8xORJNImkR2TPi2l
        6QhCvwhL2pzLLslzE4snZArqJnozmcw=
X-Google-Smtp-Source: 
 ABdhPJxH2KUZghCbhpSwcSf2iv8MX7+l/6ONjLQrs9So+8pkZSTPmG8NT8jdD8YhcwIwrcI/93mBsQ==
X-Received: by 2002:aa7:cc09:: with SMTP id q9mr31048831edt.102.1639068589387;
        Thu, 09 Dec 2021 08:49:49 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.48
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:49 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 21/36] libsepol: do not create a string list with initial
 size zero
Date: Thu,  9 Dec 2021 17:49:13 +0100
Message-Id: <20211209164928.87459-22-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Currently is it implementation defined, due to the size being passed to
calloc(3), whether the operations fails nor not.
Also strs_add() does not handle a size of zero, cause it just multiplies
the size by two.

Use a default size of 1 if 0 is passed and swap the calloc arguments for
consistency.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/kernel_to_common.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
index 152f2816..9f5400c9 100644
--- a/libsepol/src/kernel_to_common.c
+++ b/libsepol/src/kernel_to_common.c
@@ -107,6 +107,10 @@ int strs_init(struct strs **strs, size_t size)
 {
 	struct strs *new;
 
+	if (size == 0) {
+		size = 1;
+	}
+
 	*strs = NULL;
 
 	new = malloc(sizeof(struct strs));
@@ -115,7 +119,7 @@ int strs_init(struct strs **strs, size_t size)
 		return -1;
 	}
 
-	new->list = calloc(sizeof(char *), size);
+	new->list = calloc(size, sizeof(char *));
 	if (!new->list) {
 		sepol_log_err("Out of memory");
 		free(new);

From patchwork Thu Dec  9 16:49:14 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667101
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 98C36C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236106AbhLIQz0 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40020 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241345AbhLIQzX (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:23 -0500
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com
 [IPv6:2a00:1450:4864:20::52a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78220C0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:49 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id z5so21858336edd.3
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=oO1z/sdb+6MKKOccuPbUWTe/s1K4E+DsLzWKOcVaE9U=;
        b=q0Dfj4oL8mKtaIbxumPk9Alybl4Yon47PpD4IZny8ETa/5w1UnPpDQAEKxLP6E+xDz
         l2Wytf7EszkJPFD04hH8yNxwRvg95d1yCSHxP6/sLeTWNFm5spqiATrDdd2Cl3PfHWHo
         TcjAeJUcZlU2pynvg2zFk1yjAWrCM2wuGTl7XvcnWze7o/fSh/cIGdvbvrA4cT9HwhLM
         b1bXTQ7Ur5dKvN1WIqAq2Hxtpds+DfzPimP5B18+xzJyMSR+d5RvAU99TMntpct1Iuto
         Dz3snqMqk/VUWuTU1SCQIrTCQiEAICnt7LEDTu+NkPVWO+CWtKpmGseMaxEzC37dg2h/
         AIKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=oO1z/sdb+6MKKOccuPbUWTe/s1K4E+DsLzWKOcVaE9U=;
        b=jcHReVXoQHjrMmuF8jgGfwGkecmtrpzQYfmLq5TEDNTOW/Uo/JcHXfdbCkswLt9Gtr
         4mMErc0xYs5AS3V5rUnxk/TNbz3TF5Kjx7sGphsrbGc4YUJie3MDjJzFGi+Iw0roRO3s
         SfKvgO83bHNrDsHBDji2WCAMqzN/LZsQYPGwUaBdMLElY32HF/eem8t4O9q0GBlx6kCg
         YrwLhWCbMXNpBCBmoAH+mxLbFanpMkispdBAF5bOnGkJBEI90ckesAd82IpoSOUnNmmh
         KadtAo1i3dI/C3JIyPjFg30Zt5Eh6u5cDkJaaPEbP/jc2uRHKwAGwJTXVfXk7yraTA5r
         xH7A==
X-Gm-Message-State: AOAM530giQIepRZuhTszHr/P+dffz62v59D5qy+G/jrx9LzHwTVkUWFd
        XhxwqFhIej1Uy6LKbg4un6zCFrYOYcQ=
X-Google-Smtp-Source: 
 ABdhPJzKpD8P6FtQ56tY49svoHHXB6u6qKpqlyymlw/X1Aq7jiKHypQ8rQGGNxzvc7+Yp1jWXkOYAw==
X-Received: by 2002:a17:906:d54c:: with SMTP id
 cr12mr16508062ejc.56.1639068589991;
        Thu, 09 Dec 2021 08:49:49 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.49
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:49 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 22/36] libsepol: split validation of datum array gaps and
 entries
Date: Thu,  9 Dec 2021 17:49:14 +0100
Message-Id: <20211209164928.87459-23-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Split the validation of array datums regarding their gaps and entries to
simplify further checking of common classes, booleans, levels and
categories.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 112 ++++++++++++++++++++-----------
 1 file changed, 73 insertions(+), 39 deletions(-)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 5804d247..d4dfab5c 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -6,11 +6,19 @@
 #include "debug.h"
 #include "policydb_validate.h"
 
+#define bool_xor(a, b) (!(a) != !(b))
+#define bool_xnor(a, b) !bool_xor(a, b)
+
 typedef struct validate {
 	uint32_t nprim;
 	ebitmap_t gaps;
 } validate_t;
 
+typedef struct map_arg {
+	validate_t *flavors;
+	sepol_handle_t *handle;
+	int mls;
+} map_arg_t;
 
 static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
 {
@@ -211,6 +219,13 @@ bad:
 	return -1;
 }
 
+static int validate_class_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	map_arg_t *margs = args;
+
+	return validate_class_datum(margs->handle, d, margs->flavors);
+}
+
 static int validate_role_datum(sepol_handle_t *handle, role_datum_t *role, validate_t flavors[])
 {
 	if (validate_value(role->s.value, &flavors[SYM_ROLES]))
@@ -231,6 +246,13 @@ bad:
 	return -1;
 }
 
+static int validate_role_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	map_arg_t *margs = args;
+
+	return validate_role_datum(margs->handle, d, margs->flavors);
+}
+
 static int validate_type_datum(sepol_handle_t *handle, type_datum_t *type, validate_t flavors[])
 {
 	if (validate_value(type->s.value, &flavors[SYM_TYPES]))
@@ -247,6 +269,13 @@ bad:
 	return -1;
 }
 
+static int validate_type_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	map_arg_t *margs = args;
+
+	return validate_type_datum(margs->handle, d, margs->flavors);
+}
+
 static int validate_mls_semantic_cat(mls_semantic_cat_t *cat, validate_t *cats)
 {
 	for (; cat; cat = cat->next) {
@@ -310,32 +339,25 @@ bad:
 	return -1;
 }
 
-static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
+static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	map_arg_t *margs = args;
+
+	return validate_user_datum(margs->handle, d, margs->flavors);
+}
+
+static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
 {
 	unsigned int i;
 
 	for (i = 0; i < p->p_classes.nprim; i++) {
-		if (p->class_val_to_struct[i]) {
-			if (ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i))
-				goto bad;
-			if (validate_class_datum(handle, p->class_val_to_struct[i], flavors))
-				goto bad;
-		} else {
-			if (!ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i))
-				goto bad;
-		}
+		if (bool_xnor(p->class_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i)))
+			goto bad;
 	}
 
 	for (i = 0; i < p->p_roles.nprim; i++) {
-		if (p->role_val_to_struct[i]) {
-			if (ebitmap_get_bit(&flavors[SYM_ROLES].gaps, i))
-				goto bad;
-			if (validate_role_datum(handle, p->role_val_to_struct[i], flavors))
-				goto bad;
-		} else {
-			if (!ebitmap_get_bit(&flavors[SYM_ROLES].gaps, i))
-				goto bad;
-		}
+		if (bool_xnor(p->role_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_ROLES].gaps, i)))
+			goto bad;
 	}
 
 	/*
@@ -344,34 +366,43 @@ static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate
 	 */
 	if (p->policyvers < POLICYDB_VERSION_AVTAB || p->policyvers > POLICYDB_VERSION_PERMISSIVE) {
 		for (i = 0; i < p->p_types.nprim; i++) {
-			if (p->type_val_to_struct[i]) {
-				if (ebitmap_get_bit(&flavors[SYM_TYPES].gaps, i))
-					goto bad;
-				if (validate_type_datum(handle, p->type_val_to_struct[i], flavors))
-					goto bad;
-			} else {
-				if (!ebitmap_get_bit(&flavors[SYM_TYPES].gaps, i))
-					goto bad;
-			}
+			if (bool_xnor(p->type_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_TYPES].gaps, i)))
+				goto bad;
 		}
 	}
 
 	for (i = 0; i < p->p_users.nprim; i++) {
-		if (p->user_val_to_struct[i]) {
-			if (ebitmap_get_bit(&flavors[SYM_USERS].gaps, i))
-				goto bad;
-			if (validate_user_datum(handle, p->user_val_to_struct[i], flavors))
-				goto bad;
-		} else {
-			if (!ebitmap_get_bit(&flavors[SYM_USERS].gaps, i))
-				goto bad;
-		}
+		if (bool_xnor(p->user_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_USERS].gaps, i)))
+			goto bad;
 	}
 
 	return 0;
 
 bad:
-	ERR(handle, "Invalid datum arrays");
+	ERR(handle, "Invalid datum array gaps");
+	return -1;
+}
+
+static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
+{
+	map_arg_t margs = { flavors, handle, p->mls };
+
+	if (hashtab_map(p->p_classes.table, validate_class_datum_wrapper, &margs))
+		goto bad;
+
+	if (hashtab_map(p->p_roles.table, validate_role_datum_wrapper, &margs))
+		goto bad;
+
+	if (hashtab_map(p->p_types.table, validate_type_datum_wrapper, &margs))
+		goto bad;
+
+	if (hashtab_map(p->p_users.table, validate_user_datum_wrapper, &margs))
+		goto bad;
+
+	return 0;
+
+bad:
+	ERR(handle, "Invalid datum array entries");
 	return -1;
 }
 
@@ -762,7 +793,10 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p)
 	if (validate_scopes(handle, p->scope, p->global))
 		goto bad;
 
-	if (validate_datum_arrays(handle, p, flavors))
+	if (validate_datum_array_gaps(handle, p, flavors))
+		goto bad;
+
+	if (validate_datum_array_entries(handle, p, flavors))
 		goto bad;
 
 	validate_array_destroy(flavors);

From patchwork Thu Dec  9 16:49:15 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667121
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C6B2EC433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:28 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241365AbhLIQz7 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:59 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40198 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241357AbhLIQz5 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:57 -0500
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com
 [IPv6:2a00:1450:4864:20::534])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 125C7C0617A2
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:23 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id y13so21203851edd.13
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=hRyFyymGX635Ws816SfNq1nKv/ZEM8n1jocSF4iS00k=;
        b=d6ELeJ8+sN4vsHKYWlujCplwLgKor1UW1m2lIAKXvm70wZO6uxwwilmWu0eQ/FeebL
         gVm47ANleFql3z4wLN6HZ2EIfiF7RAmLY1ere5TQ5LBbHKxTBu6lsB2/VDW1RNn+Qo0T
         wcr4M4bRKBBwn06H77oLMHUJdYeVMy9WSNjLOKPy1Su9PLiIyYaacwS37w0SmzcEjWxt
         1TVHbwyMFLW3dIGYk8pX9YZ571Nuaq/tl0tdiSltdgLXSerw8oJvZV6mHIE32KlbdvNg
         lqGKh7R2zJL2n8VFFdVRVX44cYQChngfG+OtH38eGaktF15Xcl9zjilrMbyEBohBj7bE
         awuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=hRyFyymGX635Ws816SfNq1nKv/ZEM8n1jocSF4iS00k=;
        b=y0pZr7Z7uvoKorFrShD8Q+Gajf9M6dfwMTD2/tZ0WV2KGcH1zu2WJs3YM22KCOzzEq
         sPx3MZQc3lMs6HPkB1gdM72Q/sIsAROek/x/P67TN2uaAfA5ktMfMmlw04H+Hl1yEnHW
         EBCiSunqzm08tjCgLH0zxQZVa0ww8l49VcLe/KNtfBm8lmAxz1UQfupY3pswc7KSm5qb
         1Cnh2sgcFJoDpLjDoG0DLc52nM5oz/1bP0w8rO07SuMDmr4Pxf3nByx5wgP9/cZsU6zn
         Ya4IzEljabA6yySYapwf3ycAwRwqIDilyZpd2LX9fd7pI+395JF76G/03+cZvy7XTIkC
         hzlw==
X-Gm-Message-State: AOAM531MjR0CE4irNjyPluqCbk52TNEvgzJ3+t8ysaF8EMijO0x7pmJC
        iC7KvlHczU4faZ/Z6F/+KloydHTdxOU=
X-Google-Smtp-Source: 
 ABdhPJymANUcyQZgUe2aVu5uuGkFoe7TebtVUBvtPbUDZGoN/bFK61p4W1TId8iBnvPsFhPoyWSfEg==
X-Received: by 2002:a17:906:1613:: with SMTP id
 m19mr17631833ejd.136.1639068590736;
        Thu, 09 Dec 2021 08:49:50 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.50
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:50 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 23/36] libsepol: validate MLS levels
Date: Thu,  9 Dec 2021 17:49:15 +0100
Message-Id: <20211209164928.87459-24-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Validate the level map of the policy to ensure no level refers to a non
existent category.

READ of size 8 at 0x602000000c58 thread T0
    #0 0x568d2c in cats_ebitmap_len ./libsepol/src/kernel_to_conf.c:1003:14
    #1 0x568d2c in cats_ebitmap_to_str ./libsepol/src/kernel_to_conf.c:1038:19
    #2 0x55e371 in write_level_rules_to_conf ./libsepol/src/kernel_to_conf.c:1106:11
    #3 0x55e371 in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1140:7
    #4 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3103:7
    #5 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
    #6 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
    #7 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
    #8 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
    #9 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
    #10 0x7f741d0d67ec in __libc_start_main csu/../csu/libc-start.c:332:16
    #11 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index d4dfab5c..03ab4445 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -319,6 +319,27 @@ bad:
 	return -1;
 }
 
+static int validate_mls_level(mls_level_t *level, validate_t *sens, validate_t *cats)
+{
+	if (validate_value(level->sens, sens))
+		goto bad;
+	if (validate_ebitmap(&level->cat, cats))
+		goto bad;
+
+	return 0;
+
+	bad:
+	return -1;
+}
+
+static int validate_level_datum(__attribute__ ((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	level_datum_t *level = d;
+	validate_t *flavors = args;
+
+	return validate_mls_level(level->level, &flavors[SYM_LEVELS], &flavors[SYM_CATS]);
+}
+
 static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[])
 {
 	if (validate_value(user->s.value, &flavors[SYM_USERS]))
@@ -399,6 +420,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v
 	if (hashtab_map(p->p_users.table, validate_user_datum_wrapper, &margs))
 		goto bad;
 
+	if (p->mls && hashtab_map(p->p_levels.table, validate_level_datum, flavors))
+		goto bad;
+
 	return 0;
 
 bad:

From patchwork Thu Dec  9 16:49:16 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667133
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0E6F4C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238040AbhLIQ4J (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:09 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40264 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236151AbhLIQ4I (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:08 -0500
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com
 [IPv6:2a00:1450:4864:20::52b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06EF3C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:35 -0800 (PST)
Received: by mail-ed1-x52b.google.com with SMTP id x10so4329730edd.5
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=stlmMJjvrHtRCJHdiaX1ZFWmS16FpcvY39FPSNHD4TY=;
        b=AJvS6XO0QKIKptfitTwnk2K9xK3Qf2V1TkjU3MFlAHQJ8Z9Q1lLzmYRj6eR7DiTR+7
         wysMCKP8cFLurkXYiCGt6kOPAfoKiApelyWwo0v9jU+YcnqsJ2XuldOK9CQJ7SQv2NGj
         RCFUWpoCtnWUFGDe0scTA37rHkZRtyPIwIbV3fXT0iLuvt0maUMBTF7XwzgcgvBKnWRX
         vXcH+ylZ2uAtf0sQqyPRM4UMc2Ru0KjQuwwJmvpCJZvAVyfOhdlPQD3Y2mMI1cA2YDwA
         /8gBuzOHzK6QyDKbemuR5s8EJ/C7T1D33NhKFhNNueR7ZNcg1gVZFyUPVCM1+xZcTO3s
         Q+7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=stlmMJjvrHtRCJHdiaX1ZFWmS16FpcvY39FPSNHD4TY=;
        b=lJT2rlXuWhvyF1BzeIdbYuQ2FX/z+ML05vQTJ82mkRIbrpfs1RC006+M7rUJkYvLDs
         HoGengzKTZ0p1fWTigRuhRItlTY3oj+Dflax/3aQzSIVa1fl0hQjIiEuC5VafE9K1T6k
         //zYGoIQ+HaiPJRVXNchC30g95yULMjKZBTPNnzZ365MXCz0yW4S8SReqIXGIZDu1lF7
         r9NtB7sdN3PpmoCkM0raPj5WhKe/RYW3XecrA1f5cmJ3se9Yl+XGaq1hE+jWvTN6lhqP
         B8YSnpiT3hplRedLGHmIVE6YQwADKfIpZ+hdKTPv/5YMtJP3Un2BSbXIwDQCArPOo4Ot
         rTDg==
X-Gm-Message-State: AOAM532LVW7kjTwoRaXYJpjck1Fcejv6ox/clnrFmfJ26Lj9SwOVoOdc
        J/Ssx7UQzjbmbWBrLcSIic2iteEBq18=
X-Google-Smtp-Source: 
 ABdhPJwCw4tQn6X/c6rHxnNwgY0/2WHbcOTW8XF9oPiQwBoE6SUv6dKxQKjONKdg1weFNhLPaBRznw==
X-Received: by 2002:a05:6402:d73:: with SMTP id
 ec51mr30284274edb.175.1639068591408;
        Thu, 09 Dec 2021 08:49:51 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.50
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:51 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 24/36] libsepol: validate expanded user range and level
Date: Thu,  9 Dec 2021 17:49:16 +0100
Message-Id: <20211209164928.87459-25-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check those contains valid values.

    ==57532==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000001178 at pc 0x000000564c04 bp 0x7ffed7a5ad90 sp 0x7ffed7a5ad88
    READ of size 8 at 0x603000001178 thread T0
        #0 0x564c03 in level_to_str ./libsepol/src/kernel_to_conf.c:1901:19
        #1 0x564c03 in range_to_str ./libsepol/src/kernel_to_conf.c:1926:9
        #2 0x564c03 in write_user_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:2367:12
        #3 0x55b137 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3184:7
        #4 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
        #5 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #6 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #7 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #8 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #9 0x7f2c2e1a77ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #10 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 03ab4445..adaa3fb2 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -340,7 +340,20 @@ static int validate_level_datum(__attribute__ ((unused)) hashtab_key_t k, hashta
 	return validate_mls_level(level->level, &flavors[SYM_LEVELS], &flavors[SYM_CATS]);
 }
 
-static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[])
+static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *cats)
+{
+	if (validate_mls_level(&range->level[0], sens, cats))
+		goto bad;
+	if (validate_mls_level(&range->level[1], sens, cats))
+		goto bad;
+
+	return 0;
+
+	bad:
+	return -1;
+}
+
+static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls)
 {
 	if (validate_value(user->s.value, &flavors[SYM_USERS]))
 		goto bad;
@@ -350,6 +363,10 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid
 		goto bad;
 	if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
 		goto bad;
+	if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
+		goto bad;
+	if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
+		goto bad;
 	if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
 		goto bad;
 
@@ -364,7 +381,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
 {
 	map_arg_t *margs = args;
 
-	return validate_user_datum(margs->handle, d, margs->flavors);
+	return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
 }
 
 static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])

From patchwork Thu Dec  9 16:49:17 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667143
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 32CEFC433FE
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:57 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241040AbhLIQ4a (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:30 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40360 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231162AbhLIQ4a (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:30 -0500
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com
 [IPv6:2a00:1450:4864:20::52e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B998C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:56 -0800 (PST)
Received: by mail-ed1-x52e.google.com with SMTP id t5so21315564edd.0
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=6eEqNBM4THfrqU7fNMU6dA9I0JYV2jz3wPbNqTqfqcE=;
        b=F7mYU/TQuG6hkcuMu3Cy5PPakrL3Fpd8YpLn1rgWeKzmkrpcxuUjLBSJbEztJTYRiW
         Tjac6yR/5MPUU0p3JAFS4K/gqmjL0HmYfeLUZWGPaB/BDxDs9700JzXL/o3mBQevKY0/
         LFk/55kBvEe31fNCrGoQD5zXjEQlXO6LZfr/VK1K3HQyeWXIynuSuTzyeetARAuIZiDz
         mtQoTFf54m3Qe2ZFhsR599X63aidaEib55Zj7h/szxUe78fi60KWxUhyA436kS4qaW0B
         yK/LjRoRtXZZzeHY4vXB47M94kT0grHRJFXU4JhMpSCsyqk60hpMnqp3/Pz0yskQmor5
         6YsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=6eEqNBM4THfrqU7fNMU6dA9I0JYV2jz3wPbNqTqfqcE=;
        b=JscDh6UIH3aEr33a63AAb+NBqAWMI7h0Dbtru1pdnW2dpxK6nISMDowsNLHwvVV/aZ
         QWnNj9hrwGdzQTvjSrB/Y3AqVHwLIPJY0lNJx9l1KXmQE+1aD1+cW8JNx0Tt4eTaY5iw
         aP+EMMxnH15COKVmFR1Gsb27N2XX31/WqO1LwR6q70mgXIDCPb8sYDIcYzBqPjvqS5Lk
         kUDhV/2ZzKzuEeUAbE+u3KadHzyW4aCvdYNE+y6S2GbYbBDI9gwCpU8WpBWRds+f2+Pt
         l4vcI1ghd61zwtLxx0wj/UpzMSOT3G5xISTzg2ubrYeK+47z8Qn/SV2wMIi9NkkbxwaR
         b+DA==
X-Gm-Message-State: AOAM533EhLwyyrqcffHkkLwlMmCxyfis1giZGSFdsP/1cEaoPCYQkLYn
        kc9V0AKOhnLFVdwg5b0QyQswxm7B5SE=
X-Google-Smtp-Source: 
 ABdhPJwCy3n3mfOJNtl04KaesQfeIQx14WBWuEf5IeLMMdUiUEOkzByF6ezwT2x6SVYnYPW2SEhX2g==
X-Received: by 2002:a05:6402:350e:: with SMTP id
 b14mr31460255edd.313.1639068592144;
        Thu, 09 Dec 2021 08:49:52 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.51
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:51 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 25/36] libsepol: validate permission count of classes
Date: Thu,  9 Dec 2021 17:49:17 +0100
Message-Id: <20211209164928.87459-26-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check a common class or a class together with its common class parent
does not have more than the supported 32 permissions.

    ==28413==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f74ec3341a3 bp 0x7ffd0b7e5030 sp 0x7ffd0b7e47e8 T0)
    ==28413==The signal is caused by a READ memory access.
    ==28413==Hint: address points to the zero page.
        #0 0x7f74ec3341a3  string/../sysdeps/x86_64/multiarch/../strchr.S:32
        #1 0x4bfc78 in strchr (./out/binpolicy-fuzzer+0x4bfc78)
        #2 0x55b7f2 in class_constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:288:7
        #3 0x55b7f2 in constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:364:9
        #4 0x55ac80 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3071:7
        #5 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
        #6 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #7 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #8 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #9 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #10 0x7f74ec2be7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #11 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   also check common classes
---
 libsepol/src/policydb_validate.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index adaa3fb2..e8d70585 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -211,6 +211,8 @@ static int validate_class_datum(sepol_handle_t *handle, class_datum_t *class, va
 		goto bad;
 	if (validate_constraint_nodes(handle, class->validatetrans, flavors))
 		goto bad;
+	if (class->permissions.nprim > PERM_SYMTAB_SIZE)
+		goto bad;
 
 	return 0;
 
@@ -226,6 +228,25 @@ static int validate_class_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
 	return validate_class_datum(margs->handle, d, margs->flavors);
 }
 
+static int validate_common_datum(sepol_handle_t *handle, common_datum_t *common)
+{
+	if (common->permissions.nprim > PERM_SYMTAB_SIZE)
+		goto bad;
+
+	return 0;
+
+bad:
+	ERR(handle, "Invalid common class datum");
+	return -1;
+}
+
+static int validate_common_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	map_arg_t *margs = args;
+
+	return validate_common_datum(margs->handle, d);
+}
+
 static int validate_role_datum(sepol_handle_t *handle, role_datum_t *role, validate_t flavors[])
 {
 	if (validate_value(role->s.value, &flavors[SYM_ROLES]))
@@ -425,6 +446,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v
 {
 	map_arg_t margs = { flavors, handle, p->mls };
 
+	if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
+		goto bad;
+
 	if (hashtab_map(p->p_classes.table, validate_class_datum_wrapper, &margs))
 		goto bad;
 

From patchwork Thu Dec  9 16:49:18 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667099
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5E1F4C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230221AbhLIQz0 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40018 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238016AbhLIQzX (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:23 -0500
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com
 [IPv6:2a00:1450:4864:20::533])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32787C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:49 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id o20so21703994eds.10
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=GHwjEczevlDNTtezcgI8SLnEHrr4MSAb9QR5cl0FIrI=;
        b=XZpINcDSOSl46ZVUX+m57wbqM+maykLB3ENk5U5lY8QSPzVYDk40QgHPSW6wMRw7H6
         esyXCssWfb2SWiSo5w2W73+4BfPScDyeLlTtelnGRzo3vMwGScXU6lLJFPrJOVPIXl4v
         hO3B+ziutYeBwxL0T2wIqxT5S9nfAZvRMwqg4rHn4ju4w9JNfKb3RdX5uCSXq1HmonM0
         2CQBAw3a+Jek6ByMY90rtEHvCfmhMGeaCg77zsTI1uYF5toV8XzDrIithqQs2f3XD+OR
         iihjQmOJYyHfBmbc/7ShxwKSg5OgmQPYe65IdB6+CwpV82WFXn6UjflMnsnWtmiV4MMI
         UzPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=GHwjEczevlDNTtezcgI8SLnEHrr4MSAb9QR5cl0FIrI=;
        b=y/6bSdMXPTFuE1ybk7LdY0+wWEi75UbErStaLe8EvqNCYmE1pTvI9d9muUf4ZI+4WN
         bPG4XKl0aLswr8xqaW50hI9vhu9WFdkEq1kJ/YIv3dgX0FjWyo50mi1GuL+rcsvH7gpF
         N07DUUCKagd8a79W/fbZTvLycFUSaRZ0b4GPtOQIZpkGS7oBUgOF13jgR4kBE1tRpT3h
         rSos39Xh3iqCxXfaItQ/em3tyf99C9ZWGYvu/ew8YY9HUpI1IJJZYkta/lDvla7JviTk
         gqFccjtEBZZ5KKr8sECacrBKPKaMvJNUaKtnfAYJ4vq5NI9DaoitiUf2pjQSufFRj1Pg
         3sWg==
X-Gm-Message-State: AOAM533y1QPIIMZAz4lWQhdOSmoWZ+CPlm70Xp41WUkIPzP2clUJtTKJ
        3d07gBkpTMWUSzZaxmxoIjyMxKIV4eY=
X-Google-Smtp-Source: 
 ABdhPJxKAdRHU//6Q3Fm0LO8pBo64FhhNcQVV82Ygm7iwP9lKR/FK1R5WXnehiWYaEGC8DSOiqbP0A==
X-Received: by 2002:a17:907:7294:: with SMTP id
 dt20mr16939002ejc.321.1639068592840;
        Thu, 09 Dec 2021 08:49:52 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.52
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:52 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 26/36] libsepol: resolve log message mismatch
Date: Thu,  9 Dec 2021 17:49:18 +0100
Message-Id: <20211209164928.87459-27-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index e8d70585..82193379 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -263,7 +263,7 @@ static int validate_role_datum(sepol_handle_t *handle, role_datum_t *role, valid
 	return 0;
 
 bad:
-	ERR(handle, "Invalid class datum");
+	ERR(handle, "Invalid role datum");
 	return -1;
 }
 

From patchwork Thu Dec  9 16:49:19 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667125
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E53DFC433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:29 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241356AbhLIQ4C (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:02 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40210 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241364AbhLIQz7 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:59 -0500
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com
 [IPv6:2a00:1450:4864:20::52a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75844C0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:25 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id y13so21204296edd.13
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=IP5ZpVNUfmoxrvMlaDS0RbWrW3+lHQdxlkbQD234sJQ=;
        b=UB5eTm3y6cQ1hvscqSiKygpvHCAwOeqU0q3+gzyZ5kiqwvIqqBG9075Z9Yvnn30t7u
         QohDLG0KY3L4n8SNnSN9Q61aGbYsrPx1EPxYnatmtuPzfj0NdSJjnMDRXPcRsU61byB0
         w4i3S8h8UN3UofGzYIVXR7Nq599kOOOdjoGKTcDcTBKnT5al8IAEzKqh/rZdh0q67JEI
         ikE0u/y6xmpIsI+E7OvHHc5q/ul3/2qLO9dVz4Q8w2L4ccNsd9+hDKBMHYcHj9MlP8+D
         pMvAy6htySGCvNgdbAoUNTirpbQ0KbhL/7KMrNopf+UPrSJqD24GF3ZcCsOWlhIzjAe5
         +xkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=IP5ZpVNUfmoxrvMlaDS0RbWrW3+lHQdxlkbQD234sJQ=;
        b=4cVrZKJXiRKfjNwVew21gHxTtuHiBu/lg4QcUiMnq5AYAIYeV1j6Lgctt5+3KkXhNk
         FrclQjzinTwCYWBpFLExrLbhz7eX0atpRhyEIwvIDEOy3Aq7EeSTrCPaup5S5pLz5ZZ0
         Gzbo5N4GKSYFBJbS7yrZmJYIrKvwbPhQ9BOUhhijuC35j1BkTSFsn/9H7XhSIJ5uqsq3
         KmJfu6JYHPShUl6KUNihrzYQX20lxyQhoZJ6uTISUmWzK9XORd5wvqHQ0p2j0sgPohqN
         SUQ+szJoHHFUv6B6yeqfKsEKjGu5E0BFowNVC2/mxROjtrrj17xyqNzpUhIWOc4K3moJ
         E9rw==
X-Gm-Message-State: AOAM530z6B2Kc1UFpA/u7kPmxMQmDaYzF/x0LBiiHf1DNnexzXcCpZZx
        nrH01Heym/dauk6Z/oDb4qoZ2i5IyYw=
X-Google-Smtp-Source: 
 ABdhPJw2wWad3pAb4jU49qYKTOfAhgo8wA6QTGj2/zw60U5DSjl9U6Vo+Do9Xwv6v6L7qqVy/xcrag==
X-Received: by 2002:a50:9d48:: with SMTP id j8mr29229123edk.192.1639068593521;
        Thu, 09 Dec 2021 08:49:53 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.52
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:53 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 27/36] libsepol: validate avtab and avrule types
Date: Thu,  9 Dec 2021 17:49:19 +0100
Message-Id: <20211209164928.87459-28-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check for invalid avtab or avrule types.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   also check avrule types
---
 libsepol/src/policydb_validate.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 82193379..5ef95c61 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -483,6 +483,20 @@ static int validate_avtab_key(avtab_key_t *key, validate_t flavors[])
 		goto bad;
 	if (validate_value(key->target_class, &flavors[SYM_CLASSES]))
 		goto bad;
+	switch (0xFFF & key->specified) {
+	case AVTAB_ALLOWED:
+	case AVTAB_AUDITALLOW:
+	case AVTAB_AUDITDENY:
+	case AVTAB_XPERMS_ALLOWED:
+	case AVTAB_XPERMS_AUDITALLOW:
+	case AVTAB_XPERMS_DONTAUDIT:
+	case AVTAB_TRANSITION:
+	case AVTAB_MEMBER:
+	case AVTAB_CHANGE:
+		break;
+	default:
+		goto bad;
+	}
 
 	return 0;
 
@@ -536,6 +550,23 @@ static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t
 			if (validate_value(class->tclass, &flavors[SYM_CLASSES]))
 				goto bad;
 		}
+		switch(avrule->specified) {
+		case AVRULE_ALLOWED:
+		case AVRULE_AUDITALLOW:
+		case AVRULE_AUDITDENY:
+		case AVRULE_DONTAUDIT:
+		case AVRULE_NEVERALLOW:
+		case AVRULE_TRANSITION:
+		case AVRULE_MEMBER:
+		case AVRULE_CHANGE:
+		case AVRULE_XPERMS_ALLOWED:
+		case AVRULE_XPERMS_AUDITALLOW:
+		case AVRULE_XPERMS_DONTAUDIT:
+		case AVRULE_XPERMS_NEVERALLOW:
+			break;
+		default:
+			goto bad;
+		}
 	}
 
 	return 0;

From patchwork Thu Dec  9 16:49:20 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667095
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 44095C433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:47 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241341AbhLIQzU (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:20 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39998 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241342AbhLIQzT (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:19 -0500
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com
 [IPv6:2a00:1450:4864:20::52f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21579C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:46 -0800 (PST)
Received: by mail-ed1-x52f.google.com with SMTP id l25so21582291eda.11
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=SlhT9tRSKgg0RR+CqDMiGM1JvVgwnHkQbXnzEyqHQuE=;
        b=Bs7VxDjxcTBbc21DqmH9klmQmEKqUbmp7L5Q2AJrVXCzgye/S7Ifj+It/DgHAuFMeY
         q9TZ73RBmN2uJd3d+bRUMejoRWwgXCNfMxRYjtbjwu2fsKsc8T6AYiA1VHIgmolG2aVS
         4cIRd+S7MsUdss61vnh3a6eX8q4u7V+gYmqm3vPlsUsDd5Z9ukeFmhhd4D4o0E3z22wD
         4dadHkOZCtf6YftKU3P/hM1yjtRrPtzPPIxts0QHTZyKXj19c9dMMJIROaJhi/oDGuVg
         ikpHFXWc+HrA8OEyMdE6cgjWA2qTjXeY+CE3Ug0x+ZdcnpB38wV9Xvckp8EcD7uvhc06
         /zJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=SlhT9tRSKgg0RR+CqDMiGM1JvVgwnHkQbXnzEyqHQuE=;
        b=4/a1DoDVpHa8RmTN10wEaEjlCwkW5obBGeSUEOFwpaxCEz3Q7ICGXutf94V4L6RkRD
         eFjx3PthSyPIC0qqcCLrCw9FgZy4U5BF0EVuinNcFol/gCincacxzSZCibt2JFVTeiHe
         cKHG2P3gpIFezXK1w1PwM4XJxFmdj+WAemJXFpw5OPiMwvZIwh4vG/cHCIgWvhJ1lPaK
         8JWbYJ+YaDcnjolCzbjD1ZOJ7MiXaJghlreELoN5ArKA9LzaaeY3qgjkfhMgRwqOPvP2
         HAUexlqzG60FOoqpEGCpl1oB4kCFvCORd8pMyDbvAoHikwakJqbSF6h3Y0EUjbbpVEOl
         iEzg==
X-Gm-Message-State: AOAM532rc16Tb614E3h4oFv4L4KcUVptodiqWHX/0DnTHOlZyAoIIMNr
        N1FdNBOI/7kfSxBNxoFlglRqUYuUPI0=
X-Google-Smtp-Source: 
 ABdhPJwd6MZOK1TEG11aZ6pMuiNJ4PYQy5yXu9O/9UoQXA8j+5Eag8Audc2MVWYYGURNA8EVLvQcPg==
X-Received: by 2002:a17:906:55d7:: with SMTP id
 z23mr17043798ejp.393.1639068594327;
        Thu, 09 Dec 2021 08:49:54 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.53
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:53 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 28/36] libsepol: validate constraint expression operators
 and attributes
Date: Thu,  9 Dec 2021 17:49:20 +0100
Message-Id: <20211209164928.87459-29-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 43 ++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 5ef95c61..25c6f0db 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -193,6 +193,49 @@ static int validate_constraint_nodes(sepol_handle_t *handle, constraint_node_t *
 				if (validate_type_set(cexp->type_names, &flavors[SYM_TYPES]))
 					goto bad;
 			}
+
+			if (cexp->expr_type == CEXPR_ATTR || cexp->expr_type == CEXPR_NAMES) {
+				switch (cexp->op) {
+				case CEXPR_EQ:
+				case CEXPR_NEQ:
+				case CEXPR_DOM:
+				case CEXPR_DOMBY:
+				case CEXPR_INCOMP:
+					break;
+				default:
+					goto bad;
+				}
+
+				switch (cexp->attr) {
+				case CEXPR_USER:
+				case CEXPR_USER | CEXPR_TARGET:
+				case CEXPR_USER | CEXPR_XTARGET:
+				case CEXPR_ROLE:
+				case CEXPR_ROLE | CEXPR_TARGET:
+				case CEXPR_ROLE | CEXPR_XTARGET:
+				case CEXPR_TYPE:
+				case CEXPR_TYPE | CEXPR_TARGET:
+				case CEXPR_TYPE | CEXPR_XTARGET:
+				case CEXPR_L1L2:
+				case CEXPR_L1H2:
+				case CEXPR_H1L2:
+				case CEXPR_H1H2:
+				case CEXPR_L1H1:
+				case CEXPR_L2H2:
+					break;
+				default:
+					goto bad;
+				}
+			} else {
+				switch (cexp->expr_type) {
+				case CEXPR_NOT:
+				case CEXPR_AND:
+				case CEXPR_OR:
+					break;
+				default:
+					goto bad;
+				}
+			}
 		}
 	}
 

From patchwork Thu Dec  9 16:49:21 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667079
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 45809C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231635AbhLIQzG (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:06 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39910 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232457AbhLIQzF (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:05 -0500
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com
 [IPv6:2a00:1450:4864:20::52f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E02E2C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:31 -0800 (PST)
Received: by mail-ed1-x52f.google.com with SMTP id x15so21956173edv.1
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=yXtDVbCd19C8I0PGL2D3uhz4S2KAdu0Pi8emVL02UrA=;
        b=dtFxqSZ1pOakTXOgZlbO3awrdjlsiKeClG/cAXHkIRDw0/JN/no44kL5Kbg8v99Sgg
         diN/nyh4J4iZMK47lWLRL8eGUAQ90w+xENkTR5tLnlDA0HcLJjDn+BXk9rO/vk/qg5tg
         9jRi9/9MpyCLdSj9mWM4IZkleXpLNppWL55K8o8O8tJAnoyf8m06kaYtHCltnl7g2qo6
         7gRAHaxlVKC61fgQ+vbTMuTwQxHr3GmJnNlO0Ug5LXqpwp9wORajTsLuilMDmJmLNdqP
         j128SJsygrX9C7Et+Xdyw8QhoaesI3sIlQcRrl15jLUhWxuVmQJ9vZEzUfEa6Un6VLtP
         WRCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=yXtDVbCd19C8I0PGL2D3uhz4S2KAdu0Pi8emVL02UrA=;
        b=ZzmFGM9B6VqWYE5TFmO80fJ9HpEZ4/vpHEGYijad5AYDcrgzwKsj7jM8tK/mcrS2sc
         a4Qdyfrgrxt3bUSRfgQK+qpljpVyKpOWKCxR+6BEYfAx0OIyrzfMg0GZk9lRpquBp41O
         7Eja1gYt7NHnHvA22C4O2HTZZOavubk2BlciDqq4ompbyxK5XzlfPn8RnsYu8OrSwD/P
         oOw4rT4K/OGUxO0vmtoetqX8LFtzFcgI4ZVahpSDTkqnoWKIi2HFjlVG2FsUgKiaQ6y8
         ShEFdQ3NpquhJzboDwqd9CwgT2pgXHiVwzs+drmbneBWEkzVLwER0EZpG1uCe0iGRPlh
         8V/A==
X-Gm-Message-State: AOAM532p8Zzhq2ThXLrUYSXO6MAt/4/iqnnHgJohnORk6BhJmT75nFsY
        dq8SGlaEMFYsF0EBv2+y7c38gaMcQRw=
X-Google-Smtp-Source: 
 ABdhPJwP1pGPiX+Di2RmT/LwC2madRtA6ng3jzqdC6BLvzDvpsh7JgpWnkTzGgBSTmHiOW86ve4PNA==
X-Received: by 2002:a05:6402:51c7:: with SMTP id
 r7mr31064029edd.359.1639068594971;
        Thu, 09 Dec 2021 08:49:54 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.54
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:54 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 29/36] libsepol: validate type of avtab type rules
Date: Thu,  9 Dec 2021 17:49:21 +0100
Message-Id: <20211209164928.87459-30-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

==80903==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000005c0 at pc 0x0000005696c8 bp 0x7ffdb11ea560 sp 0x7ffdb11ea558
    READ of size 8 at 0x6020000005c0 thread T0
        #0 0x5696c7 in avtab_node_to_str ./libsepol/src/kernel_to_conf.c:1736:9
        #1 0x569013 in map_avtab_write_helper ./libsepol/src/kernel_to_conf.c:1767:10
        #2 0x5ab837 in avtab_map ./libsepol/src/avtab.c:347:10
        #3 0x561f9a in write_avtab_flavor_to_conf ./libsepol/src/kernel_to_conf.c:1798:7
        #4 0x561f9a in write_avtab_to_conf ./libsepol/src/kernel_to_conf.c:1819:8
        #5 0x55afba in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3159:7
        #6 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
        #7 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #8 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #9 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #10 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #11 0x7f97a83fd7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #12 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 25c6f0db..57eb2550 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -547,15 +547,22 @@ bad:
 	return -1;
 }
 
-static int validate_avtab_key_wrapper(avtab_key_t *k,  __attribute__ ((unused)) avtab_datum_t *d, void *args)
+static int validate_avtab_key_and_datum(avtab_key_t *k, avtab_datum_t *d, void *args)
 {
 	validate_t *flavors = (validate_t *)args;
-	return validate_avtab_key(k, flavors);
+
+	if (validate_avtab_key(k, flavors))
+		return -1;
+
+	if ((k->specified & AVTAB_TYPE) && validate_value(d->data, &flavors[SYM_TYPES]))
+		return -1;
+
+	return 0;
 }
 
 static int validate_avtab(sepol_handle_t *handle, avtab_t *avtab, validate_t flavors[])
 {
-	if (avtab_map(avtab, validate_avtab_key_wrapper, flavors)) {
+	if (avtab_map(avtab, validate_avtab_key_and_datum, flavors)) {
 		ERR(handle, "Invalid avtab");
 		return -1;
 	}

From patchwork Thu Dec  9 16:49:22 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667135
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E019CC433F5
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:38 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236151AbhLIQ4M (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:12 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40278 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232000AbhLIQ4L (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:11 -0500
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com
 [IPv6:2a00:1450:4864:20::52b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2A6EC0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:37 -0800 (PST)
Received: by mail-ed1-x52b.google.com with SMTP id r25so21073334edq.7
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=VeRmAuCub5fuZp0iMHv1yhOPR2CxmZfxobeuGOyK8+c=;
        b=Vn9je/G6/EZioOxvIBp8klbTwc1TwtNIj4h6KBH9EnZwANA/9HjdUz7z1zbO2SdUNq
         CFHyULjZPkxkLy+vhAST3Hhuv571LC2uhZIC7U5jcgU6vX9OLEq/tTpgwEnyeatvDhwh
         DtbDAuiI3kofgzpo+sM/XG/soQKxtt8ZF8V/8GQyUgAK/0qmqyfaBBR9+YOxYKLS5c6n
         jXBPq8vHppr+/5Es7WMMrYL2u81Wq1OvmEfKz8BeqERxxRUra5OCdSm0bv/d8KCv2oYp
         RdXE6Mx7lPnd2qpPU8M6cjrfWI+GT3MnjwTWZ2m9j236V1oxOZJosZjiZ3+O+EwbOXha
         nPUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=VeRmAuCub5fuZp0iMHv1yhOPR2CxmZfxobeuGOyK8+c=;
        b=fNEinyjHPvZvJ7/UBQnsvran+MXfaLrWhFhe46Z3tFXNP986aGN6gzlEV9iut6wjDj
         Q+Xt44caE3/cKQHF5k/AQenMhQIdjoKFkPHSzjhtDw9Egnua/gY40Bp7rSwAgnfnSrFK
         R6qSOHuSEFmB3dSucmGN9cAJZriavk3ZO8n2QFt7J/rLzy5qoNlclm5Ktz7UyU9af9R/
         TauRizjdAdIBF3tn/iE0/QoV3bQ6zPWBpkw9AfNwxmprdZaZOXUDwjOW+NKJjCWWB3Fi
         eARhAORQ0gWcasqinqRwh3XeRDhugPixO3BWsvpAc5Rbn6u121Cm7NZrSABaCvW8Bwgm
         ypUA==
X-Gm-Message-State: AOAM5320FnZ5pMWsFAZ5UL18ot1mOH3kl0nFSjiansh6+M7W77LhyEIh
        WC9l7dHKJPSJlH7WP25aOD/p1lumDTM=
X-Google-Smtp-Source: 
 ABdhPJxv/diGCDb3KllxC4tgbTsjf/KjnCKsjKcvbKjzAWShRVuNrXnQ2W+IDDzYt8tpBWDEJWeAbg==
X-Received: by 2002:a50:d74e:: with SMTP id
 i14mr29947942edj.243.1639068595603;
        Thu, 09 Dec 2021 08:49:55 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.55
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:55 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 30/36] libsepol: validate ocontexts
Date: Thu,  9 Dec 2021 17:49:22 +0100
Message-Id: <20211209164928.87459-31-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check the literal contexts in ocontext statements are defined.

    ==91274==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f60b0afe8c6 bp 0x7ffd42edc990 sp 0x7ffd42edc148 T0)
    ==91274==The signal is caused by a READ memory access.
    ==91274==Hint: address points to the zero page.
        #0 0x7f60b0afe8c6  string/../sysdeps/x86_64/multiarch/../strlen.S:120
        #1 0x4bd128 in __interceptor_strlen (./out/binpolicy-fuzzer+0x4bd128)
        #2 0x5eb387 in create_str_helper ./libsepol/src/kernel_to_common.c:69:10
        #3 0x5eb11e in create_str ./libsepol/src/kernel_to_common.c:99:8
        #4 0x56ad7b in context_to_str ./libsepol/src/kernel_to_conf.c:2408:9
        #5 0x56a717 in write_sid_context_rules_to_conf ./libsepol/src/kernel_to_conf.c:2441:9
        #6 0x55b26c in write_selinux_isid_rules_to_conf ./libsepol/src/kernel_to_conf.c:2476:9
        #7 0x55b26c in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3206:8
        #8 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
        #9 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #10 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #11 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #12 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #13 0x7f60b0a887ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #14 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v3:
   only check FS and NETIF ocons in selinux policies (not xen)
v2:
   also check in base modules
---
 libsepol/src/policydb_validate.c | 46 ++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 57eb2550..bedf3b90 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -736,6 +736,49 @@ static int validate_filename_trans_hashtab(sepol_handle_t *handle, hashtab_t fil
 	return 0;
 }
 
+static int validate_context(context_struct_t *con, validate_t flavors[], int mls)
+{
+	if (validate_value(con->user, &flavors[SYM_USERS]))
+		return -1;
+	if (validate_value(con->role, &flavors[SYM_ROLES]))
+		return -1;
+	if (validate_value(con->type, &flavors[SYM_TYPES]))
+		return -1;
+	if (mls && validate_mls_range(&con->range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
+		return -1;
+
+	return 0;
+}
+
+static int validate_ocontexts(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
+{
+	ocontext_t *octx;
+	unsigned int i;
+
+	for (i = 0; i < OCON_NUM; i++) {
+		for (octx = p->ocontexts[i]; octx; octx = octx->next) {
+			if (validate_context(&octx->context[0], flavors, p->mls))
+				goto bad;
+
+			if (p->target_platform == SEPOL_TARGET_SELINUX) {
+				switch (i) {
+				case OCON_FS:
+				case OCON_NETIF:
+					if (validate_context(&octx->context[1], flavors, p->mls))
+						goto bad;
+					break;
+				}
+			}
+		}
+	}
+
+	return 0;
+
+bad:
+	ERR(handle, "Invalid ocontext");
+	return -1;
+}
+
 /*
  * Functions to validate a module policydb
  */
@@ -936,6 +979,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p)
 			goto bad;
 	}
 
+	if (validate_ocontexts(handle, p, flavors))
+		goto bad;
+
 	if (validate_scopes(handle, p->scope, p->global))
 		goto bad;
 

From patchwork Thu Dec  9 16:49:23 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667137
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 12FC6C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:52:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241357AbhLIQ4P (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:15 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40298 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232000AbhLIQ4O (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:14 -0500
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com
 [IPv6:2a00:1450:4864:20::529])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07E74C0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:52:41 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id x10so4330494edd.5
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:52:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=X3FgUN/DDQ4sJzzIyJ9C0AbwUZLlkbndGXVdo7GgbdU=;
        b=FHzjxdDetdbjQt16+gza5ee1f9v5DpncwQNCoKFJMo+CdU8lH7lhW+Bn0yJ64e6Qpl
         FoFzzZ7Uyj6tetx6HFPfttWExOYtQAgUq9PiIb+gMlMNRauu24qKdG4+gdo1bJeLRSKk
         k8WQboXxtDDr203es0cli+yukBIBS8T/hZNinP7+LL4CXL/93Mz5oAi6osPlg3WaW0oF
         uwmPgsrZNhuf2NgKayHE6yPSE0UQjEd2WDcuu/ZYHkSxdFSjxDtSsJBub2081xZxkDg/
         ICfr5a8YwszgOdvy2th+ZFlKAkW4PL99zn+CYc6Av6MxG3hBJfWeX56UDVjzzWI2TFH+
         ueiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=X3FgUN/DDQ4sJzzIyJ9C0AbwUZLlkbndGXVdo7GgbdU=;
        b=MPgDNISeoLY8Yab12fuqPar6lpF29s9FCXjmn3pm+Tl96m3X/BV7BU9haKf7zBiEv2
         U3/GRPEwyROgfXvvpEXgVf4woGEzNdyrwxCexMoppYmyhYQ5dG19Igq8oExS1ZEOptyL
         Wzv6kCJxfObEJISL6uSWFiCY0Erl4Pt7+3c3vQS2nyDFu9nSwKTrw2afxa3jl0+Uqeeh
         KEVO+OpVUcnbbRAGr8a4CvaiqIFhrpbPaswMELHcgx0rfl8ivJ3RQi02Vosq/ZlE9e8h
         T007AA/aKYbkYnRrbZjKppfCQXi7tQE5lJIuhOJaQq5u5khsuyF4n9WQTLMCKt977tT/
         0bHQ==
X-Gm-Message-State: AOAM533nXLPavoQWHtyGkSj5xzTTsxsnM3Wat0zLNslx+swYSz7xkNpi
        K3LV/SFvSG27j4U4lySWrTx1sNfnUDo=
X-Google-Smtp-Source: 
 ABdhPJwFjEh9hxd1l8bVcqmLlT1Zq2JLByvfjlmZTFOvtUi0w4t6hmWyhGB6tKQFHWfSOkpCqJxKHA==
X-Received: by 2002:a17:906:5d0b:: with SMTP id
 g11mr16975739ejt.295.1639068596370;
        Thu, 09 Dec 2021 08:49:56 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.55
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:56 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 31/36] libsepol: validate genfs contexts
Date: Thu,  9 Dec 2021 17:49:23 +0100
Message-Id: <20211209164928.87459-32-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check the literal contexts in a genfs statement are defined.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   also check in base modules
---
 libsepol/src/policydb_validate.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index bedf3b90..11f13d65 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -779,6 +779,25 @@ bad:
 	return -1;
 }
 
+static int validate_genfs(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
+{
+	genfs_t *genfs;
+	ocontext_t *octx;
+
+	for (genfs = p->genfs; genfs; genfs = genfs->next) {
+		for (octx = genfs->head; octx; octx = octx->next) {
+			if (validate_context(&octx->context[0], flavors, p->mls))
+				goto bad;
+		}
+	}
+
+	return 0;
+
+bad:
+	ERR(handle, "Invalid genfs");
+	return -1;
+}
+
 /*
  * Functions to validate a module policydb
  */
@@ -982,6 +1001,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p)
 	if (validate_ocontexts(handle, p, flavors))
 		goto bad;
 
+	if (validate_genfs(handle, p, flavors))
+		goto bad;
+
 	if (validate_scopes(handle, p->scope, p->global))
 		goto bad;
 

From patchwork Thu Dec  9 16:49:24 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667107
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3167BC433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:57 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241344AbhLIQza (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:30 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40050 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236165AbhLIQz3 (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:29 -0500
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com
 [IPv6:2a00:1450:4864:20::532])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29855C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:56 -0800 (PST)
Received: by mail-ed1-x532.google.com with SMTP id z5so21859703edd.3
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=3B9Gi0xW0n1QjZAHNOeMMGJ/9nalVXs8D1ZE0iFI/AM=;
        b=UEVm6AnqdDVT2yX4TpUsBjYjQndpRtFY/wd4PBcSVofDt403I0PMyejsvRTg0MixA6
         vjVrjpBlElyf8tAXCBdX414ZLtltoVtdBMpOeWeZxTbC1Q9RbLM88xUOhWwmzkF2TPDW
         hldSLeoxJc6urStnDrxogg4DgJXLRi+a9HMhoScyljKIXHhfE1vy9zV8+mKz0/Nyptlm
         Q+okSvvKiI7Wieyf9dJc0kid33xu1dKHibw8m7GCW3PpiI/XqlrUNZnKbxsN410rVb4d
         uL9qNc0Gb4ZA8y3OIjnNj+Yy3Wzm6pI07NMwHPtL3Cu9dk68I/uIqXzDucEhcU5tvoC6
         2wxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=3B9Gi0xW0n1QjZAHNOeMMGJ/9nalVXs8D1ZE0iFI/AM=;
        b=c/5qur1sfzk8Pjgm/wONZ8+UU5fP8kUCHPTM+3tX8wyPYVamWk3SWVL8DI87vxMb+v
         2+vJehoSuV9EEbotfGJeNLaJa/35fSAOBsbH3+oBEkQVhkioSx+4s2gNh5uqjmHOJblE
         O2y8ULaLXxqyAeBk/WtT0OcMGpmYS0MG6lSpQ7btGFkIIAGAO7yl2mUe5riL4gBGbzus
         Jp+QG70NI/xmIRA9YY9UmDo7ElfQhGTmLIhzdqkpFNa1DWX9+f+WWWeRUF5ohoY0IBWr
         GqI2vN/WKv4NEJ4fz6Ei8H7nszla9xrF8AAllQMAxgb3y4ahbgAsvsN6G3YbbGLRFWkE
         lzLQ==
X-Gm-Message-State: AOAM532wTSWZV+XJHeFdp8ZX2L6wV/l5eY4kATaSyOwDHUzKvg3ccpBO
        4Kio/LUqmMLrcG1sSeILtcN+0C5B96w=
X-Google-Smtp-Source: 
 ABdhPJyrhbUjAtBjNEwoBFBVWVQ0zL4OTTTpOAtOl23KMWYKXnOmP1C+f1LXU5URPpCXswv9bQMnJA==
X-Received: by 2002:a50:c212:: with SMTP id
 n18mr31467781edf.211.1639068597728;
        Thu, 09 Dec 2021 08:49:57 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.57
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:57 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 32/36] libsepol: validate permissive types
Date: Thu,  9 Dec 2021 17:49:24 +0100
Message-Id: <20211209164928.87459-33-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 11f13d65..d9968a8e 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -961,6 +961,23 @@ bad:
 	return -1;
 }
 
+static int validate_permissives(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
+{
+	ebitmap_node_t *node;
+	unsigned i;
+
+	ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
+		if (validate_value(i, &flavors[SYM_TYPES]))
+			goto bad;
+	}
+
+	return 0;
+
+bad:
+	ERR(handle, "Invalid permissive type");
+	return -1;
+}
+
 static void validate_array_destroy(validate_t flavors[])
 {
 	unsigned int i;
@@ -1013,6 +1030,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p)
 	if (validate_datum_array_entries(handle, p, flavors))
 		goto bad;
 
+	if (validate_permissives(handle, p, flavors))
+		goto bad;
+
 	validate_array_destroy(flavors);
 
 	return 0;

From patchwork Thu Dec  9 16:49:25 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667105
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D1D9AC4332F
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238016AbhLIQz0 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40028 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241348AbhLIQzY (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:24 -0500
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com
 [IPv6:2a00:1450:4864:20::533])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AAFC9C0617A2
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:50 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id l25so21582970eda.11
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=cy0/2nBeKRtpq+e+Xz7cRojPVmxThmn5kbfFGMc52Oo=;
        b=l7BjFFmwdckBake94FcEtNVgMVoLer/3YchewsaASXvui+QEjGx13ObHc5vbMrsqXe
         vasTW9cqsHSWrInHBeWoM8C2iYrX29h74UoIGE7XwHMHOZYPLvugN4UgYthCDUEmZEzl
         A6Vo/GKq+IwBArtXb1ZfbR26jWgRerHxae3Ztith2O4X+KqEJg5V4++faFkYJB6+uS7I
         nZQ7lXZSmA89+BwfJVeO0iZcs9pEWT+Jx4OZRtDK7HvXxCVC9x7mD9aXCPTyWXPcbTAk
         4o/azTeyUcBHhOCWZRMbubz1qGTa6ua1TooKl/OKCvYFEQjSfuGoAq1p9m/z+QSTTYvo
         yhPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=cy0/2nBeKRtpq+e+Xz7cRojPVmxThmn5kbfFGMc52Oo=;
        b=q5tRqX0agIql8GCm78ChvJFPcFKo+ym+XsRWVUsRYCtZgDY4ev0mjl6E37Tn8fGlUj
         b1l5vR0WGleyP/6FL978ghEdy9sx25IJu4s8L030L0Tn/+Nc759T47Vq3ckqcTGV56yQ
         vPz9kjHucSxXmxwOHkCNYFcMRcyvMUuVO0P+hYLUCk2mEYEJetV+/7bg6Qr4JOS1Co1Z
         bMd09kOSBHrORHZlxaesCMwHlIIHh0zal1L2YfgPX0oaYk6buWx6RnJP88vj96NCJjdu
         f2O6hlVftwz0m3qZRJ6e045xud/kX0PmuiE+Cp98hcsP5jAZ35ESZ0gSqauj4rPbfRPK
         xd5w==
X-Gm-Message-State: AOAM532VZtmgBY+neKpTXHcpklopaQ32K9otiN/l9Tj3KLd6w2hY8uBr
        1YRUbA28YZAUf+62b8OkiTFCgd7EwkM=
X-Google-Smtp-Source: 
 ABdhPJyJuBOi+5soYiJQHf2UiSTIWAgNKyXupHdskUlJEKqGP8i2yjchNSqRkE6eNnsEFOnygxLJ0g==
X-Received: by 2002:a17:907:250f:: with SMTP id
 y15mr16646342ejl.0.1639068598344;
        Thu, 09 Dec 2021 08:49:58 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.57
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:57 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 33/36] libsepol: validate policy properties
Date: Thu,  9 Dec 2021 17:49:25 +0100
Message-Id: <20211209164928.87459-34-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 51 ++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index d9968a8e..fc0b26a3 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -978,6 +978,54 @@ bad:
 	return -1;
 }
 
+static int validate_properties(sepol_handle_t *handle, policydb_t *p)
+{
+	switch (p->policy_type) {
+	case POLICY_KERN:
+		if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX)
+			goto bad;
+		break;
+	case POLICY_BASE:
+	case POLICY_MOD:
+		if (p->policyvers < MOD_POLICYDB_VERSION_MIN || p->policyvers > MOD_POLICYDB_VERSION_MAX)
+			goto bad;
+		break;
+	default:
+		goto bad;
+	}
+
+	switch (p->target_platform) {
+	case SEPOL_TARGET_SELINUX:
+	case SEPOL_TARGET_XEN:
+		break;
+	default:
+		goto bad;
+	}
+
+	switch (p->mls) {
+	case 0:
+	case 1:
+		break;
+	default:
+		goto bad;
+	}
+
+	switch (p->handle_unknown) {
+	case SEPOL_DENY_UNKNOWN:
+	case SEPOL_REJECT_UNKNOWN:
+	case SEPOL_ALLOW_UNKNOWN:
+		break;
+	default:
+		goto bad;
+	}
+
+	return 0;
+
+bad:
+	ERR(handle, "Invalid policy property");
+	return -1;
+}
+
 static void validate_array_destroy(validate_t flavors[])
 {
 	unsigned int i;
@@ -997,6 +1045,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p)
 	if (validate_array_init(p, flavors))
 		goto bad;
 
+	if (validate_properties(handle, p))
+		goto bad;
+
 	if (p->policy_type == POLICY_KERN) {
 		if (validate_avtab(handle, &p->te_avtab, flavors))
 			goto bad;

From patchwork Thu Dec  9 16:49:26 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667109
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 45202C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:59 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236165AbhLIQzc (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:32 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40066 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236251AbhLIQzb (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:31 -0500
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
 [IPv6:2a00:1450:4864:20::52d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 246F6C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:58 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id v1so21773432edx.2
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=qF+PXOArti3/R9BFZl1GJ1Iv00XxiVMZEQ0NfUGglSI=;
        b=KpzwI12tiYNHdbZKfEsnA454OcgxAnbd/cmQHS1ORBTebS/0I0IlCBi1Gjm9vhGTAZ
         zIaRaHtWEsRetlCgwsL259MDgnMRnXCcox8/cZqUPfwEBM4GZRozNher7tlsR728h9Qm
         4qMqnYErkSqOiw9Kp+UEoScwWHiH++ydnxEQHvm+QWesRRwvp/QTC57O4/ajaMsZzAvS
         IJEv7FbqU+ejdn1wnw1EArc0ZqtHmaa05r5ItoIcNJhieTnBSGpR8ZdnSyXLtWbMwCYg
         DoTbYQjHdg59cZt02OmGLzjM8Ee8lnHrQ6XW9/giqavaJpB4/06TJpZTFOTxJO/8ocS9
         0dKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=qF+PXOArti3/R9BFZl1GJ1Iv00XxiVMZEQ0NfUGglSI=;
        b=ZqgEJIrKwjk25GrvRVmrpefqHeum1onxEj3H/iJmuT76YHnSvZAZ5Lsd3cX9TmScjy
         zV8yTT1oXj766v2PO56BL8o4GT+ggJ8Y94z6ZMTjXKmzZSmTcER9bIwCfuY3kiegJdpW
         0Iy3neN7YTq6j3mtuVF4hPq4KbU56cvObwNBM5lKLFcTm057+OHTHD5Va9IR47e+sjcq
         xiEVjfHJQcAFYWPlI7Hxo0k3JUDi56SVmvOgOarWD0N2AEBq7X2cIRIU9KYyL7oX1Vxn
         sx0ef92oIJTEk/tdWxc77+NgqMptR9wYXqo1OET7UzzMNgkULcfCiXFAwWQwSzynulDh
         jPDg==
X-Gm-Message-State: AOAM530USc3T4eMsG/eQ5QJxQ9wGMzvw8ZRXKf0P15i8ZHgGh30fqfoJ
        7x7q3c6EB9OYlojPRtsAcNE8m2uB1t0=
X-Google-Smtp-Source: 
 ABdhPJwlPYc0pAm2lsX/7CXAiIqhlzmqIiZslhfzKSjuo70LHZ9hLHeW9m7Bjy3IUGHm3dR3kQT8Qw==
X-Received: by 2002:a17:906:730f:: with SMTP id
 di15mr16975886ejc.22.1639068598998;
        Thu, 09 Dec 2021 08:49:58 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.58
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:58 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 34/36] libsepol: validate categories
Date: Thu,  9 Dec 2021 17:49:26 +0100
Message-Id: <20211209164928.87459-35-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check all categories have valid values, especially important for
aliases.

        ==7888==ERROR: AddressSanitizer: SEGV on unknown address 0x602000400710 (pc 0x00000055debc bp 0x7ffe0ff2a9d0 sp 0x7ffe0ff2a8e0 T0)
        ==7888==The signal is caused by a READ memory access.
        #0 0x55debc in write_category_rules_to_conf ./libsepol/src/kernel_to_conf.c:946:9
        #1 0x55debc in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1137:7
        #2 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3106:7
        #3 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:37:9
        #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
        #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
        #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
        #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
        #8 0x7fe80ccaf7ec in __libc_start_main csu/../csu/libc-start.c:332:16
        #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index fc0b26a3..2f30a3ad 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -485,6 +485,14 @@ bad:
 	return -1;
 }
 
+static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	symtab_datum_t *s = d;
+	uint32_t *nprim = (uint32_t *)args;
+
+	return !value_isvalid(s->value, *nprim);
+}
+
 static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
 {
 	map_arg_t margs = { flavors, handle, p->mls };
@@ -507,6 +515,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v
 	if (p->mls && hashtab_map(p->p_levels.table, validate_level_datum, flavors))
 		goto bad;
 
+	if (hashtab_map(p->p_cats.table, validate_datum, &flavors[SYM_CATS]))
+		goto bad;
+
 	return 0;
 
 bad:
@@ -905,14 +916,6 @@ bad:
 	return -1;
 }
 
-static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum_t d, void *args)
-{
-	symtab_datum_t *s = d;
-	uint32_t *nprim = (uint32_t *)args;
-
-	return !value_isvalid(s->value, *nprim);
-}
-
 static int validate_symtabs(sepol_handle_t *handle, symtab_t symtabs[], validate_t flavors[])
 {
 	unsigned int i;

From patchwork Thu Dec  9 16:49:27 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667145
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 72E10C433EF
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:53:05 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241361AbhLIQ4i (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:56:38 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40394 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231162AbhLIQ4h (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:56:37 -0500
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com
 [IPv6:2a00:1450:4864:20::535])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32801C061746
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:53:04 -0800 (PST)
Received: by mail-ed1-x535.google.com with SMTP id t5so21316459edd.0
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:53:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=AupY0rq/ngLRRYB0lT7kF2uZfvz1ThtPdtvCBt+cFiA=;
        b=DgwexQ+2eQDlMNV0fo/IaHEAcBcgxKiAQeos7jm177wFL0B/YvR8uLlDfE8U8U06fQ
         vV4IWQBjoVt2tY8IagYptokRLGd+9MetvlHTSNMidXXQ2uS/xoqnotlwJb85cN+Kgw7i
         J1nMmh/6LwmpECpqLqjHMyaBxSRQ2K8lklwUx/4TCObkTexNj/tEG8shAFbUyo2DAvEF
         zT//8iX6bMRU3wjf3J9K0s3R/Dg9OWaxIROCnJNu971IaDVuyCmT1qXVSrAlAwETyYiQ
         0qkwDPMr4Ah3iRF3kVWz2iHvszrVrYMfvsyazLDv1Ez20UU43azODSrEZmYMQluzgmDM
         0NuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=AupY0rq/ngLRRYB0lT7kF2uZfvz1ThtPdtvCBt+cFiA=;
        b=azoK0+8Salzch6rF+paL37ggKvQb5ulM/R0LbyEK0yJZrublIW/SamHlqsOILIG2/j
         76e1xKeI1V2YSJsRP6pOP9mpUkuoLRy5mjvrGTQYO5Q4i5P7bXDqJ2PXTFmqS3mMZLhv
         JDYfyEHsti32TYc4ecoV9yNlvv7cqRz6tSQoABNdjY5ag8+MbRX6G9ms6VVJQZHltn5s
         8iCsM9F3wlaiRxDXqF+rBey3JzFRBPtrGum5Q6O+yg40aLnxwCx4JxWNY9H5EepNonFm
         +yit6PpEMO/T2vJ7v4quTa9ga3/ScGvCNRNzjRc+fFgcTz3XrmQNXte6KZ7xtqIxZUwa
         Ghbw==
X-Gm-Message-State: AOAM533WGdsODbcSLgkSF/drefUcdos9pUDz+oMLIRt5BfmcqHK/gIKv
        HMtJcwM7SKseCsKQ2ZPmMEBwDhjuLDA=
X-Google-Smtp-Source: 
 ABdhPJxU0k+Xix75m1OZrMp2f+0rlfFHkBqVhrpLadLbkNM+oox60fS3yGdXKFeTi8cfZ9BqjgbKbQ==
X-Received: by 2002:a50:cdc8:: with SMTP id h8mr30826954edj.87.1639068599624;
        Thu, 09 Dec 2021 08:49:59 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.59
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:59 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 35/36] libsepol: validate fsuse types
Date: Thu,  9 Dec 2021 17:49:27 +0100
Message-Id: <20211209164928.87459-36-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check the fsuse type is valid, e.g. of type xattr, trans or task.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   do not reject in binary reading, but check at validation step
---
 libsepol/src/policydb_validate.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 2f30a3ad..b2d0e5e5 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -2,6 +2,7 @@
 #include <sepol/policydb/conditional.h>
 #include <sepol/policydb/ebitmap.h>
 #include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
 
 #include "debug.h"
 #include "policydb_validate.h"
@@ -778,6 +779,15 @@ static int validate_ocontexts(sepol_handle_t *handle, policydb_t *p, validate_t
 					if (validate_context(&octx->context[1], flavors, p->mls))
 						goto bad;
 					break;
+				case OCON_FSUSE:
+					switch (octx->v.behavior) {
+					case SECURITY_FS_USE_XATTR:
+					case SECURITY_FS_USE_TRANS:
+					case SECURITY_FS_USE_TASK:
+						break;
+					default:
+						goto bad;
+					}
 				}
 			}
 		}

From patchwork Thu Dec  9 16:49:28 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12667103
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0E3BEC433FE
	for <selinux@archiver.kernel.org>; Thu,  9 Dec 2021 16:51:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240919AbhLIQz1 (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 9 Dec 2021 11:55:27 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40032 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241344AbhLIQzZ (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 9 Dec 2021 11:55:25 -0500
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com
 [IPv6:2a00:1450:4864:20::533])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D3A6C0617A1
        for <selinux@vger.kernel.org>; Thu,  9 Dec 2021 08:51:52 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id l25so21583282eda.11
        for <selinux@vger.kernel.org>; Thu, 09 Dec 2021 08:51:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=nVqp5+GuCpdaftoACIfFQheU6JbiNZHa+oXybl1CUu4=;
        b=ZvcEpexAlepTBV1CfyeS04bbtSwEC4pZa4roV6m/rf80Z82FuMvSjeyGtBeZwQC0GI
         favACExiqgp+i4Os3hPf8XfpCOMGI0j15VN226lq5kNzGTUOMCKiSEOWVRDwTICGdc0f
         3ClHHzuzbCNKQggb1TrBAbJj8uudISs/U/iEyGJGH7+nwinv6DMy2y4EvsuJrr9aI9h7
         pTt8EphiEv5k1R1JADrKIHtIbG90RmBrk5ZHZRP9qu9do2YkkbdEBqlDpp928ovnrXDg
         75vRqTnlNS+9JdzdW5L3DKYPuJAvW/ebN6LE2fRcqWDtVuXd4qDQz/ocu4K5fe7FWmxF
         0RZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=nVqp5+GuCpdaftoACIfFQheU6JbiNZHa+oXybl1CUu4=;
        b=uSDwRcaukUbUnTsvqs6Up9Sgr89E3kCpu0ulK6ADaYd2EuCzbEdMEzn6TE3oka9CF5
         b7b7ZW8qczid+/vxhthGol53r9Wz5Fsfb4Gl6HkkpnQ+V03ys3uf+nQ3bKdG3a+1ucGm
         SrKvW6geJeD6XcMPbG02KrCubZ5N0H7DsgBWbcaA9E2r1RNNaHQvisKM3D1yVdrx4ZfZ
         JTyqf991SUZiEXiz45ON3lmUKYbVGNqQV1+AI+uyCvyXC2jSNqA3bOL6BTX8YIEw0b+A
         dXOjaVh5r7pLgWhOz31PcdIglHCCtKrcSEl0+/HjdjURZCs8XVVaOzQ5JBjkpxdTGB26
         PpjQ==
X-Gm-Message-State: AOAM531ewDibsFU4whuAOlz5hswvGOaFBk//8t6u5m+iwRaRn2Mkcyau
        fvKF8w62ABXG8V8blXkf42tVyb7vKcw=
X-Google-Smtp-Source: 
 ABdhPJzu6pa8ZWn8E7Hc1uK6qlX8TQ3o67AXt0+n8b2jfzV6zgyU1ImploLxyv8ZDfSIFaA/ZJLs5g==
X-Received: by 2002:a17:906:f43:: with SMTP id
 h3mr17016266ejj.414.1639068600236;
        Thu, 09 Dec 2021 08:50:00 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-095-116-140-169.95.116.pool.telefonica.de. [95.116.140.169])
        by smtp.gmail.com with ESMTPSA id
 hu7sm172135ejc.62.2021.12.09.08.49.59
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 09 Dec 2021 08:49:59 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH v3 36/36] libsepol: validate class default targets
Date: Thu,  9 Dec 2021 17:49:28 +0100
Message-Id: <20211209164928.87459-37-cgzones@googlemail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com>
References: <20211105154542.38434-1-cgzones@googlemail.com>
 <20211209164928.87459-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Check the class default targets are valid values, e.g. source or target
for user, role and type.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   do not reject in binary reading, but check at validation step
---
 libsepol/src/policydb_validate.c | 41 ++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index b2d0e5e5..0650f4d1 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -258,6 +258,47 @@ static int validate_class_datum(sepol_handle_t *handle, class_datum_t *class, va
 	if (class->permissions.nprim > PERM_SYMTAB_SIZE)
 		goto bad;
 
+	switch (class->default_user) {
+	case 0:
+	case DEFAULT_SOURCE:
+	case DEFAULT_TARGET:
+		break;
+	default:
+		goto bad;
+	}
+
+	switch (class->default_role) {
+	case 0:
+	case DEFAULT_SOURCE:
+	case DEFAULT_TARGET:
+		break;
+	default:
+		goto bad;
+	}
+
+	switch (class->default_type) {
+	case 0:
+	case DEFAULT_SOURCE:
+	case DEFAULT_TARGET:
+		break;
+	default:
+		goto bad;
+	}
+
+	switch (class->default_range) {
+	case 0:
+	case DEFAULT_SOURCE_LOW:
+	case DEFAULT_SOURCE_HIGH:
+	case DEFAULT_SOURCE_LOW_HIGH:
+	case DEFAULT_TARGET_LOW:
+	case DEFAULT_TARGET_HIGH:
+	case DEFAULT_TARGET_LOW_HIGH:
+	case DEFAULT_GLBLUB:
+		break;
+	default:
+		goto bad;
+	}
+
 	return 0;
 
 bad: