RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-18 18:46:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Check if identifier is NULL when verifying name

Browse Source 
Nicolas Iooss found while fuzzing secilc with AFL that the statement
"(class C (()))" will cause a segfault.

When CIL checks the syntax of the class statement it sees "(())" as a
valid permission list, but since "()" is not an identifier a NULL is
passed as the string for name verification. A segfault occurs because
name verification assumes that the string being checked is non-NULL.

Check if identifier is NULL when verifying name.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This commit is contained in:
James Carter 2016-10-18 14:21:59 -04:00
parent da51020d6f
commit 3aa292620c
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libsepol/cil/src/cil_verify.c
View File

@ -50,9 +50,15 @@
int __cil_verify_name(const char *name)
{
int rc = SEPOL_ERR;
int len = strlen(name);
int len;
int i = 0;
if (name == NULL) {
cil_log(CIL_ERR, "Name is NULL\n");
goto exit;
}
len = strlen(name);
if (len >= CIL_MAX_NAME_LENGTH) {
cil_log(CIL_ERR, "Name length greater than max name length of %d",
CIL_MAX_NAME_LENGTH);