diff options
| author | Andreas Grapentin <andreas@grapentin.org> | 2018-02-03 16:13:09 +0100 |
|---|---|---|
| committer | Andreas Grapentin <andreas@grapentin.org> | 2018-02-03 16:13:09 +0100 |
| commit | 814af5606460eac001e6c50504206d9e646c4eb9 (patch) | |
| tree | f5da615f3a0dba20c8e01d4e5585c58e68950ea2 /pcr/libsepol/0003-libsepol-cil-Use-an-empty-list-to-represent-an-unkno.patch | |
| parent | 953d89a9f35926dd92c9a752b9e6e367620e9eb4 (diff) | |
| download | abslibre-814af5606460eac001e6c50504206d9e646c4eb9.tar.gz abslibre-814af5606460eac001e6c50504206d9e646c4eb9.tar.bz2 abslibre-814af5606460eac001e6c50504206d9e646c4eb9.zip | |
pcr/libsepol: updated to 2.7
Diffstat (limited to 'pcr/libsepol/0003-libsepol-cil-Use-an-empty-list-to-represent-an-unkno.patch')
| -rw-r--r-- | pcr/libsepol/0003-libsepol-cil-Use-an-empty-list-to-represent-an-unkno.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/pcr/libsepol/0003-libsepol-cil-Use-an-empty-list-to-represent-an-unkno.patch b/pcr/libsepol/0003-libsepol-cil-Use-an-empty-list-to-represent-an-unkno.patch deleted file mode 100644 index 04b527a4b..000000000 --- a/pcr/libsepol/0003-libsepol-cil-Use-an-empty-list-to-represent-an-unkno.patch +++ /dev/null @@ -1,47 +0,0 @@ -From e7fe9afb6e072c9e769586718060607ef7535c80 Mon Sep 17 00:00:00 2001 -From: James Carter <jwcart2@tycho.nsa.gov> -Date: Tue, 18 Oct 2016 14:20:24 -0400 -Subject: [PATCH] libsepol/cil: Use an empty list to represent an unknown - permission - -Nicolas Iooss found while fuzzing secilc with AFL that the statement -"(classpermissionset CPERM (CLASS (and unknow PERM)))" will cause a -segfault. - -In order to support a policy module package using a permission that -does not exist on the system it is loaded on, CIL will only give a -warning when it fails to resolve an unknown permission. CIL itself will -just ignore the unknown permission. This means that an expression like -"(and UNKNOWN p1)" will look like "(and p1)" to CIL, but, since syntax -checking has already been done, CIL won't know that the expression is not -well-formed. When the expression is evaluated a segfault will occur -because all expressions are assumed to be well-formed at evaluation time. - -Use an empty list to represent an unknown permission so that expressions -will continue to be well-formed and expression evaluation will work but -the unknown permission will still be ignored. - -Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> ---- - libsepol/cil/src/cil_resolve_ast.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c -index c40354572ce7..f3f3e92739a3 100644 ---- a/libsepol/cil/src/cil_resolve_ast.c -+++ b/libsepol/cil/src/cil_resolve_ast.c -@@ -131,7 +131,11 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, - } - } - if (rc != SEPOL_OK) { -+ struct cil_list *empty_list; - cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data); -+ /* Use an empty list to represent unknown perm */ -+ cil_list_init(&empty_list, perm_strs->flavor); -+ cil_list_append(*perm_datums, CIL_LIST, empty_list); - } else { - cil_list_append(*perm_datums, CIL_DATUM, perm_datum); - } --- -2.10.2 - |