selinux/libsepol
Christian Göttsche 7385004162 libsepol: invert only valid range of role bitmap
The length of an ebitmap is the current highest allocated (not set) bit
and always a multiple of MAPTYPE (= 64). The role ebitmap should only
have valid role bits set, even after inverting. The length might be
smaller than the maximum number of defined roles leading to non defined
role bits set afterwards.
Only invert up to the number of roles defined instead the full ebitmap
length, similar to type_set_expand().

This also avoids timeouts on an invalid huge highbit set, since the
ebitmap has not been validated yet, on which inverting will take
excessive amount of memory and time, found by oss-fuzz (#43709).

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-01-27 09:52:10 -05:00
..
cil libsepol/cil: bail out on snprintf failure 2022-01-05 13:22:45 -05:00
fuzz libsepol: add libfuzz based fuzzer for reading binary policies 2021-12-15 12:48:28 -05:00
include libsepol: avoid implicit conversions 2021-07-13 21:01:07 +02:00
man selinux: Update manpages after removing legacy boolean and user code 2019-07-29 23:46:47 +02:00
src libsepol: invert only valid range of role bitmap 2022-01-27 09:52:10 -05:00
tests ci: run the tests under ASan/UBsan on GHActions 2022-01-06 10:34:33 -05:00
utils libsepol: build: follow standard semantics for DESTDIR and PREFIX 2018-02-14 15:59:36 +01:00
.gitignore
COPYING
Makefile
VERSION Update VERSIONs to 3.3 for release. 2021-10-21 16:31:23 +02:00