diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2017-02-03 13:02:37 -0500 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2017-02-03 13:02:37 -0500 |
commit | d9fecb8ab0f52272fd4785fe6f15e6855b2f6008 (patch) | |
tree | c519942cea1525634351674f609cfc0fcefceaa7 /pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch | |
parent | b7f02b9741f313a6d6b96c1829d45fe09a39d0de (diff) | |
download | abslibre-d9fecb8ab0f52272fd4785fe6f15e6855b2f6008.tar.gz abslibre-d9fecb8ab0f52272fd4785fe6f15e6855b2f6008.tar.bz2 abslibre-d9fecb8ab0f52272fd4785fe6f15e6855b2f6008.zip |
add pcr/libsepol
Diffstat (limited to 'pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch')
-rw-r--r-- | pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch b/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch new file mode 100644 index 000000000..7f286e02e --- /dev/null +++ b/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch @@ -0,0 +1,44 @@ +From 5d3404acf99ac42cba5182fcbb099930754fc588 Mon Sep 17 00:00:00 2001 +From: James Carter <jwcart2@tycho.nsa.gov> +Date: Tue, 18 Oct 2016 14:21:59 -0400 +Subject: [PATCH] libsepol/cil: Check if identifier is NULL when verifying name + +Nicolas Iooss found while fuzzing secilc with AFL that the statement +"(class C (()))" will cause a segfault. + +When CIL checks the syntax of the class statement it sees "(())" as a +valid permission list, but since "()" is not an identifier a NULL is +passed as the string for name verification. A segfault occurs because +name verification assumes that the string being checked is non-NULL. + +Check if identifier is NULL when verifying name. + +Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> +--- + libsepol/cil/src/cil_verify.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c +index 038f77af57d7..47dcfaa27ca0 100644 +--- a/libsepol/cil/src/cil_verify.c ++++ b/libsepol/cil/src/cil_verify.c +@@ -50,9 +50,15 @@ + int __cil_verify_name(const char *name) + { + int rc = SEPOL_ERR; +- int len = strlen(name); ++ int len; + int i = 0; + ++ if (name == NULL) { ++ cil_log(CIL_ERR, "Name is NULL\n"); ++ goto exit; ++ } ++ ++ len = strlen(name); + if (len >= CIL_MAX_NAME_LENGTH) { + cil_log(CIL_ERR, "Name length greater than max name length of %d", + CIL_MAX_NAME_LENGTH); +-- +2.10.2 + |