RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-30 01:12:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
f1ba58a199
selinux/libsepol/cil
History
Nicolas Iooss f1ba58a199 libsepol/cil: make cil_resolve_name() fail for '.' 
This CIL policy makes secilc crash with a NULL pointer dereference:

    (class CLASS (PERM))
    (classorder (CLASS))
    (sid SID)
    (sidorder (SID))
    (user USER)
    (role ROLE)
    (type TYPE)
    (category CAT)
    (categoryorder (CAT))
    (sensitivity SENS)
    (sensitivityorder (SENS))
    (sensitivitycategory SENS (CAT))
    (allow TYPE self (CLASS (PERM)))
    (roletype ROLE TYPE)
    (userrole USER ROLE)
    (userlevel USER (SENS))
    (userrange USER ((SENS)(SENS (CAT))))
    (sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))

    (allow . self (CLASS (PERM)))

Using "." in the allow statement makes strtok_r() return NULL in
cil_resolve_name() and this result is then used in a call to
cil_symtab_get_datum(), which is thus invalid.

Instead of crashing, make secilc fail with an error message.

This bug has been found by fuzzing secilc with american fuzzy lop.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-10-04 10:28:18 -04:00
..
include/cil libsepol: clean up the CIL API 2015-02-27 08:58:52 -05:00
src libsepol/cil: make cil_resolve_name() fail for '.' 2016-10-04 10:28:18 -04:00
test libsepol: Move secilc out of libsepol 2015-03-31 12:31:38 -04:00
.gitignore Merge commit '76ba6eaa7333483a8cc0c73a7880f7acf99c2656' 2015-02-18 09:25:20 -05:00