libsepol: test for ebitmap_read() negative return value

While fuzzing hll/pp, the fuzzer (AFL) crafted a policy which triggered
the following message without making the policy loading fail (the
program crashed with a segmentation fault later):

    security: ebitmap: map size 192 does not match my size 64 (high bit
    was 0)

This is because ebitmap_read() returned -EINVAL and this value was
handled as a successful return value by scope_index_read() because it
was not -1.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2016-11-16 00:07:22 +01:00 committed by Stephen Smalley
parent 784b43b2ae
commit 0a32f3b169
1 changed files with 2 additions and 2 deletions

View File

@ -3447,7 +3447,7 @@ static int scope_index_read(scope_index_t * scope_index,
int rc; int rc;
for (i = 0; i < num_scope_syms; i++) { for (i = 0; i < num_scope_syms; i++) {
if (ebitmap_read(scope_index->scope + i, fp) == -1) { if (ebitmap_read(scope_index->scope + i, fp) < 0) {
return -1; return -1;
} }
} }
@ -3465,7 +3465,7 @@ static int scope_index_read(scope_index_t * scope_index,
return -1; return -1;
} }
for (i = 0; i < scope_index->class_perms_len; i++) { for (i = 0; i < scope_index->class_perms_len; i++) {
if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) { if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
return -1; return -1;
} }
} }