libsepol: expand: skip invalid cat

Bail out on expanding levels with invalid low category. UBSAN report: expand.c:952:21: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'uint32_t' (aka 'unsigned int') Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
2025-01-02 03:32:13 +00:00 · 2023-05-12 11:30:01 +02:00 · 2023-05-12 11:30:01 +02:00 · cae65d9a10
commit cae65d9a10
parent 4ba8f7c38f
1 changed files with 1 additions and 1 deletions
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@ -943,7 +943,7 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
 		return -1;
 	}
 	for (cat = sl->cat; cat; cat = cat->next) {
-		if (cat->low > cat->high) {
+		if (!cat->low || cat->low > cat->high) {
 			ERR(h, "Category range is not valid %s.%s",
 			    p->p_cat_val_to_name[cat->low - 1],
 			    p->p_cat_val_to_name[cat->high - 1]);