diff options
Diffstat (limited to 'pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch')
-rw-r--r-- | pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch b/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch deleted file mode 100644 index 7f286e02e..000000000 --- a/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 5d3404acf99ac42cba5182fcbb099930754fc588 Mon Sep 17 00:00:00 2001 -From: James Carter <jwcart2@tycho.nsa.gov> -Date: Tue, 18 Oct 2016 14:21:59 -0400 -Subject: [PATCH] libsepol/cil: Check if identifier is NULL when verifying name - -Nicolas Iooss found while fuzzing secilc with AFL that the statement -"(class C (()))" will cause a segfault. - -When CIL checks the syntax of the class statement it sees "(())" as a -valid permission list, but since "()" is not an identifier a NULL is -passed as the string for name verification. A segfault occurs because -name verification assumes that the string being checked is non-NULL. - -Check if identifier is NULL when verifying name. - -Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> ---- - libsepol/cil/src/cil_verify.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c -index 038f77af57d7..47dcfaa27ca0 100644 ---- a/libsepol/cil/src/cil_verify.c -+++ b/libsepol/cil/src/cil_verify.c -@@ -50,9 +50,15 @@ - int __cil_verify_name(const char *name) - { - int rc = SEPOL_ERR; -- int len = strlen(name); -+ int len; - int i = 0; - -+ if (name == NULL) { -+ cil_log(CIL_ERR, "Name is NULL\n"); -+ goto exit; -+ } -+ -+ len = strlen(name); - if (len >= CIL_MAX_NAME_LENGTH) { - cil_log(CIL_ERR, "Name length greater than max name length of %d", - CIL_MAX_NAME_LENGTH); --- -2.10.2 - |