libsepol/cil: Check that sym_index is within bounds

Make sure sym_index is within the bounds of symtab array before using it
to index the array.

Fixes:
  Error: OVERRUN (CWE-119):
  libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: "sym_index" = "CIL_SYM_UNKNOWN".
  libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument "sym_index" (which evaluates to 20) in call to "cil_resolve_name".
  \# 3187|                   switch (curr->flavor) {
  \# 3188|                   case CIL_STRING:
  \# 3189|->                         rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum);
  \# 3190|                           if (rc != SEPOL_OK) {
  \# 3191|                                   goto exit;

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Vit Mojzis 2024-07-23 16:41:57 +02:00 committed by James Carter
parent 463584cb05
commit 6b5626fd30
1 changed files with 1 additions and 1 deletions

View File

@ -4291,7 +4291,7 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en
int rc = SEPOL_ERR; int rc = SEPOL_ERR;
struct cil_tree_node *node = NULL; struct cil_tree_node *node = NULL;
if (name == NULL) { if (name == NULL || sym_index >= CIL_SYM_NUM) {
cil_log(CIL_ERR, "Invalid call to cil_resolve_name\n"); cil_log(CIL_ERR, "Invalid call to cil_resolve_name\n");
goto exit; goto exit;
} }