From 8c1110d13438eac802e9868fab393f2866d01afb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Sat, 8 Jun 2024 19:18:38 +0200 Subject: [PATCH] libsepol: validate attribute-type maps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ensure the attribute-to-type maps contain no invalid entries, required for generating typeattributeset statements when converting to CIL. Reported-by: oss-fuzz (issue 69283) Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/policydb_validate.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 84c1071c..9746f562 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -1654,6 +1654,26 @@ bad: return -1; } +static int validate_attrtype_map(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[]) +{ + const ebitmap_t *maps = p->attr_type_map; + uint32_t i; + + if (p->policy_type == POLICY_KERN) { + for (i = 0; i < p->p_types.nprim; i++) { + if (validate_ebitmap(&maps[i], &flavors[SYM_TYPES])) + goto bad; + } + } else if (maps) + goto bad; + + return 0; + +bad: + ERR(handle, "Invalid attr type map"); + return -1; +} + static int validate_properties(sepol_handle_t *handle, const policydb_t *p) { switch (p->policy_type) { @@ -1790,6 +1810,9 @@ int policydb_validate(sepol_handle_t *handle, const policydb_t *p) if (validate_typeattr_map(handle, p, flavors)) goto bad; + if (validate_attrtype_map(handle, p, flavors)) + goto bad; + validate_array_destroy(flavors); return 0;