RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-18 11:20:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
6b5626fd30
selinux/libsepol/cil
History
Vit Mojzis 6b5626fd30 libsepol/cil: Check that sym_index is within bounds 
Make sure sym_index is within the bounds of symtab array before using it
to index the array.

Fixes:
  Error: OVERRUN (CWE-119):
  libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: "sym_index" = "CIL_SYM_UNKNOWN".
  libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument "sym_index" (which evaluates to 20) in call to "cil_resolve_name".
  \# 3187|                   switch (curr->flavor) {
  \# 3188|                   case CIL_STRING:
  \# 3189|->                         rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum);
  \# 3190|                           if (rc != SEPOL_OK) {
  \# 3191|                                   goto exit;

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
2024-08-14 08:27:23 -04:00
..
include/cil libsepol/cil: Add cil_write_post_ast function 2023-08-16 13:34:09 -04:00
src libsepol/cil: Check that sym_index is within bounds 2024-08-14 08:27:23 -04:00
test
.gitignore