diff options
Diffstat (limited to 'pcr/libsepol/0001-libsepol-cil-Check-for-improper-category-range.patch')
-rw-r--r-- | pcr/libsepol/0001-libsepol-cil-Check-for-improper-category-range.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/pcr/libsepol/0001-libsepol-cil-Check-for-improper-category-range.patch b/pcr/libsepol/0001-libsepol-cil-Check-for-improper-category-range.patch deleted file mode 100644 index dc4c07ea5..000000000 --- a/pcr/libsepol/0001-libsepol-cil-Check-for-improper-category-range.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0763ecb640e0ad527ec21ba1f9bc95174744b12b Mon Sep 17 00:00:00 2001 -From: James Carter <jwcart2@tycho.nsa.gov> -Date: Tue, 18 Oct 2016 14:17:03 -0400 -Subject: [PATCH] libsepol/cil: Check for improper category range - -Nicolas Iooss found while fuzzing secilc with AFL that the following -policy will cause a segfault. - -(category c0) -(category c1) -(categoryorder (c0 c1)) -(sensitivity s0) -(sensitivitycategory s0 (range c1 c0)) - -The category range "(range c1 c0)" is invalid because c1 comes after c0 -in order. - -The invalid range is evaluated as containing no categories. There is a -check for the resulting empty list and the category datum expression is -set to NULL. The segfault occurs because the datum expression is assumed -to be non-NULL after evaluation. - -Add a check for an invalid range when evaluating category ranges. - -Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> ---- - libsepol/cil/src/cil_post.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c -index f8447c981486..caf3321d09e1 100644 ---- a/libsepol/cil/src/cil_post.c -+++ b/libsepol/cil/src/cil_post.c -@@ -952,6 +952,11 @@ static int __cil_cat_expr_range_to_bitmap_helper(struct cil_list_item *i1, struc - c2 = alias->actual; - } - -+ if (c1->value > c2->value) { -+ cil_log(CIL_ERR, "Invalid category range\n"); -+ goto exit; -+ } -+ - for (i = c1->value; i <= c2->value; i++) { - if (ebitmap_set_bit(bitmap, i, 1)) { - cil_log(CIL_ERR, "Failed to set cat bit\n"); --- -2.10.2 - |