From patchwork Tue Apr 2 15:29:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13614314 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC44A5466B for ; Tue, 2 Apr 2024 15:29:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071783; cv=none; b=YmUurSHwf2YR0UYEbYeJAhk0aT+UybcHEyYVWLRe8CdcFY/ItBCYB3PRLAourwb0NnjuBsunMqNcwf4JWHE8K0nFCl952nSWmMaiBzY25/gADS02O8r/NdT0n85g+XzU/qaQvFr9SDJf9LDpa+YwSRvygwrmMoYBKud9mEzfrzc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071783; c=relaxed/simple; bh=cCt1ctL021gBslllCvMTAH+gAnjLgxwSy7yzALCPXFg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=qvT+MG9URYoDLSntc2zUDkkM2eGoJ2o3H3cQcyC7o5CG0enf333u3OnVHltXLWPk0N5gtkL4M3x78K8ZEEa0db8DDUlJjsOJ91w6hU9rm2/CVoiMBbi0gnc8XC3o2Drzh+8eKtKy1jN0W+J86HoVgOix4ij4vR1znOUg0hFHLrM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=GsupiqSK; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="GsupiqSK" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1712071770; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=j0629k++Ott5gvpVbA/IfliX+zpQbVvdRnVTnqY7fyI=; b=GsupiqSKTnpOLyW2bqiFpjSZgNJBEX1DYb9vpIiQCzmgkz8UKblSiKDlQ9HehuirNHo8pv zSbD1mb+k52PmGWvQ2LnojKk23QUHJuVTBy6ehYJAP8oX1xPrXnxYm4hIJsSFISyxPQo2f 25QfAW4DJg752RCKb6x0TYkADHHMnD0N7t6MGyPV8osYkiWJu8zv88j4dxT4TRMndPc0g9 /0fex+hzxBCinMg+GPiE/5tX21JPihUKabM3BNUQTbujNxWMNaYUfrs7+QIN/qA8WnHnwh /FicDNZu93bm7FJ0lQBxDEGt0RNHpersdc3GtsgvUqCEOSK8Ndx37X0l+RZaiQ== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 1/6] checkpolicy: include for isprint(3) Date: Tue, 2 Apr 2024 17:29:20 +0200 Message-ID: <20240402152925.99781-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Include the necessary header for isprint(3) to avoid an implicit function declaration: policy_scan.l: In function ‘yyerror’: policy_scan.l:342:13: warning: implicit declaration of function ‘isprint’ [-Wimplicit-function-declaration] 342 | if (isprint((unsigned char)yytext[0])) { | ^~~~~~~ policy_scan.l:36:1: note: include ‘’ or provide a declaration of ‘isprint’ 35 | #include "y.tab.h" +++ |+#include 36 | #endif This does not currently break the build cause -Werror is stripped for the parsing code to avoid breakage on old flex/bison versions that might not generate warning free code. Fixes: 39b3cc51350a ("checkpolicy: handle unprintable token") Signed-off-by: Christian Göttsche Acked-by: James Carter --- checkpolicy/policy_scan.l | 1 + 1 file changed, 1 insertion(+) diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index d7cf2896..62f28c11 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -22,6 +22,7 @@ %{ #include +#include #include #include #include From patchwork Tue Apr 2 15:29:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13614315 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72F4E12F398 for ; Tue, 2 Apr 2024 15:29:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071783; cv=none; b=C3515jZAduZyGP2ZZC/i8BPfVo7aSSQuI32jKQcL38wZUGE1Q4E52anjQ30NCo+2blQX66tZTw0iSwiR516PO1eNuVMEZLzTf8LFFbFRQVMoaVvGAPiBYvc8ONY4C8vSIZvWqnEXScyKQsVL3RXM4Ox0t/tUzDDv+U/fuoGlQOw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071783; c=relaxed/simple; bh=y3bjo89EkpX4L5pd8m5yjVoNjhwIoV8Og/CunoKK8Yk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qmaL2FWqVZfuyALZGD9NOi5bMiJSwoc252ZIFD5Xn7UdqGjJ6nSMZ787hCElVDTEsvkW2wyKD4YEMcup0EvWvFVkk9uFeVdZzjETVbgnV0cPkkj6Y0c+F+pdPU/PZxZcrEaKtLpv3Ngaij1QOvQLmRMjGrTTUWM1BkNnuhPd/VI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=GsUY3nuM; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="GsUY3nuM" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1712071771; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PBvliQd9Wv4orSd9NU04VzhLAzOu+qoISUci5pQokbk=; b=GsUY3nuMLj1MWcRmwjnZptMbq1RjoCZ8THQXkGKWozB7jYo7zK24fxhbG4Ioc9yThXIjPt EZaAObSssEjpM0k3SS6oENcWHErTkyPEN/ZqNcmhjMiKIaX/6hYueLSKCaOeT/Jn2CGUbb mKOOdBVupPozWGso9jyYEFu20yi5M3fSmWPEDWiGMDoKyRfVEPmb+g6waS6/UVidpCMhGE XAov8lgN0gdpDpb1xPci8LEyOw/oIxl8z2Oyw+WxGuJWb9tYRB8Xep29BHl/wenl5Z/+3S DKjhXKSqeyRKvHmIZRaEvNNh/T+Ofe36+HC19JOwq9rGoST/l4LLF9/sMhuFDw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 2/6] checkpolicy/fuzz: override YY_FATAL_ERROR Date: Tue, 2 Apr 2024 17:29:21 +0200 Message-ID: <20240402152925.99781-2-cgoettsche@seltendoof.de> In-Reply-To: <20240402152925.99781-1-cgoettsche@seltendoof.de> References: <20240402152925.99781-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche The default action of the lexer macro YY_FATAL_ERROR(msg) is to print the message and call exit(). This might happen on an overlong token (8192 bytes) that does not fit into the token buffer. Fuzz targets must not call exit() though, since an exit is treated as an abnormal behavior, see https://llvm.org/docs/LibFuzzer.html#fuzz-target. Since YY_FATAL_ERROR is used in functions with different return value types and is expected to not return, jump to a location in the fuzzer right before yyparse() instead. Reported-by: oss-fuzz (issue 67728) Signed-off-by: Christian Göttsche --- checkpolicy/fuzz/checkpolicy-fuzzer.c | 9 +++++++++ checkpolicy/policy_scan.l | 15 +++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c index ab1a6bb8..6c5ce02f 100644 --- a/checkpolicy/fuzz/checkpolicy-fuzzer.c +++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c @@ -1,4 +1,5 @@ #include +#include #include #include @@ -30,6 +31,7 @@ extern void yyrestart(FILE *); extern int yylex_destroy(void); extern void set_source_file(const char *name); +jmp_buf fuzzing_pre_parse_stack_state; // Set to 1 for verbose libsepol logging #define VERBOSE 0 @@ -99,6 +101,13 @@ static int read_source_policy(policydb_t *p, const uint8_t *data, size_t size) init_parser(1); + if (!setjmp(fuzzing_pre_parse_stack_state)) { + queue_destroy(id_queue); + fclose(yyin); + yylex_destroy(); + return -1; + } + rc = yyparse(); // TODO: drop global variable policydb_errors if proven to be redundant assert(rc || !policydb_errors); diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index 62f28c11..e46677a8 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -41,6 +41,21 @@ int werror = 0; int yyerror(const char *msg); int yywarn(const char *msg); +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +/* + * Version that does not exit, like yy_fatal_error(), + * since fuzz targets must not call exit(). + */ +#include +extern jmp_buf fuzzing_pre_parse_stack_state; +void yyfatal(const char *msg) +{ + yyerror(msg); + longjmp(fuzzing_pre_parse_stack_state, 1); +} +#define YY_FATAL_ERROR(msg) yyfatal(msg) +#endif + void set_source_file(const char *name); char source_file[PATH_MAX]; From patchwork Tue Apr 2 15:29:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13614316 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72EBE85262 for ; Tue, 2 Apr 2024 15:29:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071783; cv=none; b=jwOAPGtzuaVzDpaBng2HxNfF0txt7t9INiq9mGSUSFICMoFUcJVNYSwGICyENzHM+E8jdZTbEZpGLDUQc+Ae1l/5xomwC7UqlFSRdAnnqyLJqrjP/9yIjViAYj9QVo8ymcddMe77IUsAEE7xez9pGeQqT31xF2INIaPo6yBdf+M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071783; c=relaxed/simple; bh=GKOFTMra7aSBvPHMEWrmrxKu0Lb/BVTjWFfOYJvWYJA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=e0+aut1D96TWNp04K7AmICM6qsbEy4TJi5MLJA4hu8o8+3FkHJAA2tpIKJk7iFGqQcitSlXOgFuzZbj8YnJfW8kg+BdEKCwoVlkbJi7htHfKPa0Gplv/+yTwGq6v2qWuqXgjHWg1TbkICBjE7vZ3CZTkihFOjV2dxyu48MEzGm8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=kC9zuf9q; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="kC9zuf9q" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1712071772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ugv3pfOJf6skuDXKNJGROSiznNnrwTfCi1Rimn1xVI0=; b=kC9zuf9qfPxxVBuy9Ke7sGYsRlqz/x6PVeXi2x2W3xzPESfQsnF8eP3558/aplXWKu8QSy QezeAWhjf7muRzNiMSVuPX2LUprr0L4LM1DmBNWcM9xHCKnMk4H9wfyjVg7vweKJC8gT/j qVdD/vYr9ULqeoUBKG2FYVBWkwg4A1YXp1dcJRn5+4roiwT8C29rtVkb6gO78CYngXhCr4 RufdOd9MQM59lOuGeRsR604yiby7KrM8UIMn/UU+nluLErNG+JlFduYzESlTKUsrBrpxzs 1VAYITj59J0hxZcIhxmxswdSE4E9yGgGg109q74RySADGShZ2fpMloSGpWC1yg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 3/6] libsepol: validate access vector permissions Date: Tue, 2 Apr 2024 17:29:22 +0200 Message-ID: <20240402152925.99781-3-cgoettsche@seltendoof.de> In-Reply-To: <20240402152925.99781-1-cgoettsche@seltendoof.de> References: <20240402152925.99781-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Since commit c205b924e280 ("libsepol: Fix buffer overflow when using sepol_av_to_string()") writing an access vector with no valid permission results in an error instead of an empty string being written. Validate that at least one permission of an access vector is valid. There might be invalid bits set, e.g. by previous versions of checkpolicy setting all bits for the wildcard (*) permission. Reported-by: oss-fuzz (issue 67730) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 62 ++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index e987d8da..c4f8c300 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -876,6 +876,49 @@ static int validate_xperms(const avtab_extended_perms_t *xperms) bad: return -1; } + +static int perm_match(__attribute__ ((unused)) hashtab_key_t key, hashtab_datum_t datum, void *data) +{ + const uint32_t *v = data; + const perm_datum_t *perdatum = datum; + + return *v == perdatum->s.value; +} + +static int validate_access_vector(sepol_handle_t *handle, const policydb_t *p, sepol_security_class_t tclass, + sepol_access_vector_t av) +{ + const class_datum_t *cladatum = p->class_val_to_struct[tclass - 1]; + uint32_t i; + + /* + * Check that at least one permission bit is valid. + * Older compilers might set invalid bits for the wildcard permission. + */ + for (i = 0; i < cladatum->permissions.nprim; i++) { + if (av & (UINT32_C(1) << i)) { + uint32_t v = i + 1; + int rc; + + rc = hashtab_map(cladatum->permissions.table, perm_match, &v); + if (rc == 1) + goto good; + + if (cladatum->comdatum) { + rc = hashtab_map(cladatum->comdatum->permissions.table, perm_match, &v); + if (rc == 1) + goto good; + } + } + } + + ERR(handle, "Invalid access vector"); + return -1; + +good: + return 0; +} + static int validate_avtab_key_and_datum(avtab_key_t *k, avtab_datum_t *d, void *args) { map_arg_t *margs = args; @@ -883,6 +926,16 @@ static int validate_avtab_key_and_datum(avtab_key_t *k, avtab_datum_t *d, void * if (validate_avtab_key(k, 0, margs->policy, margs->flavors)) return -1; + if (k->specified & AVTAB_AV) { + uint32_t data = d->data; + + if ((0xFFF & k->specified) == AVTAB_AUDITDENY) + data = ~data; + + if (validate_access_vector(margs->handle, margs->policy, k->target_class, data)) + return -1; + } + if ((k->specified & AVTAB_TYPE) && validate_simpletype(d->data, margs->policy, margs->flavors)) return -1; @@ -915,6 +968,15 @@ static int validate_cond_av_list(sepol_handle_t *handle, const cond_av_list_t *c if (validate_avtab_key(key, 1, p, flavors)) goto bad; + if (key->specified & AVTAB_AV) { + uint32_t data = datum->data; + + if ((0xFFF & key->specified) == AVTAB_AUDITDENY) + data = ~data; + + if (validate_access_vector(handle, p, key->target_class, data)) + goto bad; + } if ((key->specified & AVTAB_TYPE) && validate_simpletype(datum->data, p, flavors)) goto bad; } From patchwork Tue Apr 2 15:29:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13614313 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72F1512D76A for ; Tue, 2 Apr 2024 15:29:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071782; cv=none; b=HDi7enwHL4ARG/hHARTmlsDySN19KtgvdrM+xbPLdP+ohb/UpOASKtBHhj/Fk2lLjdlj6WUFlJgQ/qFN8maKxdR+YATW2QJvVCOeBHWigru+k7jVeqHskMEx/jH0YDTmNSB9m5dRf5BSVn2fNoY+V17alvYRJhzGqIxQwsrPi8U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071782; c=relaxed/simple; bh=SxBpJdtFCFEzvKOudO6pgFbLf4W/kxZkF21S0DbD530=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qGw/Hu4+T/iS5YiifQFPQIUfWqCxrup0Ni+G+aV1bTMAmI5+JhsgRC6ebcUKc3HaP76J5NlMsi9DsY46oUl9HUnOtP6nx4me0izEojwrlir+B54/f6C1TaIZhw0cE0ipcgJkCc3/qft+jcQ2lq0bnqdhEwigu9RVzAtQf+qOuFg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=COfO5+Ct; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="COfO5+Ct" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1712071772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1ykRh5F9oZW4xZQLz5wG+Dg/BTp1Xi2IK3m+VKvTx54=; b=COfO5+Ctm3uN5kfVuYnvMccEhP7Ws4NxIaJvRhP215c48TX8uR+QqSJEZsCShHEVBX3Yh8 /py8b5PnPDwHpcAirP8xL8XQXXFx1nMCjmwQBAbiSthhxt+m/oLfXaOZACS2LJoP6eg9Ni BFQDRFNnP1uSvc5RZYoTbOtLa0M62TodPGjDj6tYwGoANdFvnhs1lLjXt+2mq0B1MSzkWK MdDK15ZMrUIfdznkTeYkWkhV4uJ+MFxBkESdp5BziV33v7c8FfjksIriG9+vWt9i1LUb3t YxDF0zsBVNpzCz9qEQTIbqsva0G0yt8quVkv55AcIKMWf0GhfyQOCc7udmRZHw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 4/6] checkpolicy: drop never read member Date: Tue, 2 Apr 2024 17:29:23 +0200 Message-ID: <20240402152925.99781-4-cgoettsche@seltendoof.de> In-Reply-To: <20240402152925.99781-1-cgoettsche@seltendoof.de> References: <20240402152925.99781-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche The struct scope_stack member child is never read, drop it. Signed-off-by: Christian Göttsche --- checkpolicy/module_compiler.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c index 6ff91b8f..e25a77b4 100644 --- a/checkpolicy/module_compiler.c +++ b/checkpolicy/module_compiler.c @@ -34,7 +34,7 @@ typedef struct scope_stack { avrule_t *last_avrule; int in_else; /* if in an avrule block, within ELSE branch */ int require_given; /* 1 if this block had at least one require */ - struct scope_stack *parent, *child; + struct scope_stack *parent; } scope_stack_t; extern policydb_t *policydbp; @@ -1478,7 +1478,6 @@ static int push_stack(int stack_type, ...) } va_end(ap); s->parent = stack_top; - s->child = NULL; stack_top = s; return 0; } @@ -1490,9 +1489,6 @@ static void pop_stack(void) scope_stack_t *parent; assert(stack_top != NULL); parent = stack_top->parent; - if (parent != NULL) { - parent->child = NULL; - } free(stack_top); stack_top = parent; } From patchwork Tue Apr 2 15:29:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13614317 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72F9212F39B for ; Tue, 2 Apr 2024 15:29:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071784; cv=none; b=kYdeLzooT5sN9xGEqKsniJEfoNG0nN+BqhuLw6pyjF4olhr0sxEecDEWO2FHYtNa1WP0FU+dny2DJVYVRZUc3/Qg8jVKTPj3lgnlOPvjUg8FMWEjmZwxinzIu3/ZpoLax0dG/gtZ5CFXuDlMmX2GKYX30V1tN5feMywHgyYo/JQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071784; c=relaxed/simple; bh=pZ5+temZd6PzjiYP8OD7OYa38fF/HLXZYtmQBOTAGSo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=oDmbVtxoHgFafh7rHpQ5XzSzw17winMRAdYNiPTNJibMJxxPMlIePrzhsovVWVpsq7eJXTMudqGcGKGness3JrduiReoAKX67qd4S+HllSNyb25ZcxN8JGIVN6A/73Hn3Gbb316mZFR4URbLWEfI7dye+WzUVGbIqYmhNWaq6ow= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=UfZwOn3W; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="UfZwOn3W" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1712071772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wHuxbGwi0qIp9uGC0VAWPMH/KydQ5wdYiML8RwPwrU8=; b=UfZwOn3WKnjaBoMsH1RmIajmpPmFOnPlQ8rgZF1rKJJLQM1wgwAb9Fuk3eZ2OjnOMObseD gCrS/WyBF3d/Ei/veyKNbQx3RXw3xae1wuv2tzeF/OVlritaCRt5NyF1DYCorUgTil4oxo T4UlwjfkA/GOKqKWASLFgHiJF7kI3qhX+qUue44WlbT7dM1j0xK1gJ/x3fVHz/VQzp5Yuc P2Cm1onhSaamAYP25BhX34RMds/OMGbbUA/7yRDehB+IwY2SSkJ8Ur+Xl+wCYB4hiYHq4P dqu26cFGoyVLTK29/g4na7krJ2TB23Qrct23xzeT5uXbKeUDEA2cTS39wzF67Q== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 5/6] checkpolicy: drop union stack_item_u Date: Tue, 2 Apr 2024 17:29:24 +0200 Message-ID: <20240402152925.99781-5-cgoettsche@seltendoof.de> In-Reply-To: <20240402152925.99781-1-cgoettsche@seltendoof.de> References: <20240402152925.99781-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche The union stack_item_u is only used as a member in struct scope_stack, but actually never used. Signed-off-by: Christian Göttsche --- checkpolicy/module_compiler.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c index e25a77b4..4efd77bf 100644 --- a/checkpolicy/module_compiler.c +++ b/checkpolicy/module_compiler.c @@ -21,14 +21,8 @@ #include "queue.h" #include "module_compiler.h" -union stack_item_u { - avrule_block_t *avrule; - cond_list_t *cond_list; -}; - typedef struct scope_stack { - union stack_item_u u; - int type; /* for above union: 1 = avrule block, 2 = conditional */ + int type; /* 1 = avrule block, 2 = conditional */ avrule_decl_t *decl; /* if in an avrule block, which * declaration is current */ avrule_t *last_avrule; @@ -1464,12 +1458,12 @@ static int push_stack(int stack_type, ...) va_start(ap, stack_type); switch (s->type = stack_type) { case 1:{ - s->u.avrule = va_arg(ap, avrule_block_t *); + va_arg(ap, avrule_block_t *); s->decl = va_arg(ap, avrule_decl_t *); break; } case 2:{ - s->u.cond_list = va_arg(ap, cond_list_t *); + va_arg(ap, cond_list_t *); break; } default: From patchwork Tue Apr 2 15:29:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13614318 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CED0D12F398 for ; Tue, 2 Apr 2024 15:29:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071786; cv=none; b=EBWYyWYfQzGWB8FTNwY8+bzfoX3uncvkykUskIw21acINHrIQ6epn7mppw7OiBPV8FIqZ4iV954qQ0fYi/S/CxmsG1dAh0Cc8yVYS77PHiVciHvjP2Azysxax2vrHB8xa+1u7rPHPnOyZcBGg7uY72NTZjbr7PVVcWNV220rDyk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712071786; c=relaxed/simple; bh=yHJzMLggUhHjmv/Oq1rL8ejYdp0Mb40x6vIy31LAnb0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lu28VbtChu3Gp3Q6qE1f/DLt0cuhr6djJcWqYm9uZMkjVZ4NtR/Hw5Vzd/lS4JsPjckeq2gDjruAvkQsR/i17QTN9jGt5jzEZqNU30jBWd/IANopzSr8d+jdoOkTuAUfR2AExeCfHjGffq/8R3mw9TVi0I2tHgHfS4UJRQBP+QA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=l1RzH72T; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="l1RzH72T" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1712071773; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CQKXK6uGLKYuM1UQkrHtlBQ5uWGclKVNoTlWXyP7Hpg=; b=l1RzH72TZlX0FDmtwgWG6w5sO0JcfimFR6gqOv0jXEdvGZGf8wpMxO6rEUI14m5FqCC/wB zn+Mlyf9qa33hVUMEFHEGtM48/au0X6s2pdKgR1PGOxolLSIGX+W0dnUs8Ynafphyx/B9P xgAseo9eWk+mWRtyHmJVIzW1XJTu2VDpOorgeO4n4jGw/N0yN+co3hFbMzhCGCMlw8BCiE bQhqc/mzrjT+V0fQn3Tw6bXXXN60W8/YXzRKVgheFdpdoweY3rZHnqqmDWwmWFmjpJT37X +jUN9TjEwyL/VjVnoB0DUILfBRNTHTTqCx/cRnpgZNSOY0eLCQ6eJM+4ejEMIg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 6/6] checkpolicy: free complete role_allow_rule on error Date: Tue, 2 Apr 2024 17:29:25 +0200 Message-ID: <20240402152925.99781-6-cgoettsche@seltendoof.de> In-Reply-To: <20240402152925.99781-1-cgoettsche@seltendoof.de> References: <20240402152925.99781-1-cgoettsche@seltendoof.de> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Free the ebitmaps inside the rolesets on error. Reported-by: oss-fuzz (issue 67769) Signed-off-by: Christian Göttsche --- checkpolicy/policy_define.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 4fc6c417..1c019a3b 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -3186,6 +3186,7 @@ int define_role_allow(void) while ((id = queue_remove(id_queue))) { if (set_roles(&ra->roles, id)) { + role_allow_rule_destroy(ra); free(ra); return -1; } @@ -3193,6 +3194,7 @@ int define_role_allow(void) while ((id = queue_remove(id_queue))) { if (set_roles(&ra->new_roles, id)) { + role_allow_rule_destroy(ra); free(ra); return -1; }