RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsepol: replace an assert with an error message 

When fuzzing hll/pp inputs, a policy module where the value of
scope->decl_ids_len has been modified to zero makes the program abort
(when it has been compiled without -DNDEBUG).

Change the behavior to report an error message instead. This eases
fuzzing functions like policydb_read().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2016-11-16 00:07:21 +01:00 committed by Stephen Smalley
parent a96184bcbb
commit 784b43b2ae
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libsepol/src/policydb.c
View File

@ -3635,7 +3635,10 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
goto cleanup;
scope->scope = le32_to_cpu(buf[0]);
scope->decl_ids_len = le32_to_cpu(buf[1]);
assert(scope->decl_ids_len > 0);
if (scope->decl_ids_len == 0) {
ERR(fp->handle, "invalid scope with no declaration");
goto cleanup;
}
if ((scope->decl_ids =
malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
goto cleanup;