diff options
| author | Andreas Grapentin <andreas@grapentin.org> | 2018-02-03 16:13:09 +0100 |
|---|---|---|
| committer | Andreas Grapentin <andreas@grapentin.org> | 2018-02-03 16:13:09 +0100 |
| commit | 814af5606460eac001e6c50504206d9e646c4eb9 (patch) | |
| tree | f5da615f3a0dba20c8e01d4e5585c58e68950ea2 /pcr/libsepol/0006-libsepol-cil-Verify-alias-in-aliasactual-statement-i.patch | |
| parent | 953d89a9f35926dd92c9a752b9e6e367620e9eb4 (diff) | |
| download | abslibre-814af5606460eac001e6c50504206d9e646c4eb9.tar.gz abslibre-814af5606460eac001e6c50504206d9e646c4eb9.tar.bz2 abslibre-814af5606460eac001e6c50504206d9e646c4eb9.zip | |
pcr/libsepol: updated to 2.7
Diffstat (limited to 'pcr/libsepol/0006-libsepol-cil-Verify-alias-in-aliasactual-statement-i.patch')
| -rw-r--r-- | pcr/libsepol/0006-libsepol-cil-Verify-alias-in-aliasactual-statement-i.patch | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/pcr/libsepol/0006-libsepol-cil-Verify-alias-in-aliasactual-statement-i.patch b/pcr/libsepol/0006-libsepol-cil-Verify-alias-in-aliasactual-statement-i.patch deleted file mode 100644 index 050bd2f04..000000000 --- a/pcr/libsepol/0006-libsepol-cil-Verify-alias-in-aliasactual-statement-i.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 1672a15c4a69db6b917bc46ac5f01b07ca506ee3 Mon Sep 17 00:00:00 2001 -From: James Carter <jwcart2@tycho.nsa.gov> -Date: Tue, 18 Oct 2016 14:49:46 -0400 -Subject: [PATCH] libsepol/cil: Verify alias in aliasactual statement is really - an alias - -Nicolas Iooss found while fuzzing secilc with AFL that the statement -"(sensitivityaliasactual SENS SENS)" will cause a segfault. - -The segfault occurs because when the aliasactual is resolved the first -identifier is assumed to refer to an alias structure, but it is not. - -Add a check to verify that the datum retrieved is actually an alias -and exit with an error if it is not. - -Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> ---- - libsepol/cil/src/cil_resolve_ast.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c -index f3f3e92739a3..149e4f4e7d42 100644 ---- a/libsepol/cil/src/cil_resolve_ast.c -+++ b/libsepol/cil/src/cil_resolve_ast.c -@@ -452,7 +452,7 @@ exit: - return rc; - } - --int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enum cil_flavor flavor) -+int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enum cil_flavor flavor, enum cil_flavor alias_flavor) - { - int rc = SEPOL_ERR; - enum cil_sym_index sym_index; -@@ -465,10 +465,15 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu - if (rc != SEPOL_OK) { - goto exit; - } -+ - rc = cil_resolve_name(current, aliasactual->alias_str, sym_index, extra_args, &alias_datum); - if (rc != SEPOL_OK) { - goto exit; - } -+ if (NODE(alias_datum)->flavor != alias_flavor) { -+ cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name); -+ goto exit; -+ } - - rc = cil_resolve_name(current, aliasactual->actual_str, sym_index, extra_args, &actual_datum); - if (rc != SEPOL_OK) { -@@ -3365,13 +3370,13 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args) - case CIL_PASS_ALIAS1: - switch (node->flavor) { - case CIL_TYPEALIASACTUAL: -- rc = cil_resolve_aliasactual(node, args, CIL_TYPE); -+ rc = cil_resolve_aliasactual(node, args, CIL_TYPE, CIL_TYPEALIAS); - break; - case CIL_SENSALIASACTUAL: -- rc = cil_resolve_aliasactual(node, args, CIL_SENS); -+ rc = cil_resolve_aliasactual(node, args, CIL_SENS, CIL_SENSALIAS); - break; - case CIL_CATALIASACTUAL: -- rc = cil_resolve_aliasactual(node, args, CIL_CAT); -+ rc = cil_resolve_aliasactual(node, args, CIL_CAT, CIL_CATALIAS); - break; - default: - break; --- -2.10.2 - |