Projects
openEuler:24.03:SP1:Everything:64G
libsepol
_service:tar_scm:backport-libsepol-validate-old...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-libsepol-validate-old-style-range-trans-classes.patch of Package libsepol
From 4cf37608b563327ce433ce392931a9eb8bda9524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> Date: Fri, 12 May 2023 11:29:58 +0200 Subject: [PATCH] libsepol: validate old style range trans classes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For old style range transition rules the class defaults to process. However the policy might not declare the process class leading to setting a wrong bit later on via: if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1)) UBSAN report: policydb.c:3684:56: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'uint32_t' (aka 'unsigned int') Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> --- libsepol/src/policydb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index b79c19b94c..605d290a71 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -3650,10 +3650,10 @@ static int range_read(policydb_t * p, struct policy_file *fp) if (rc < 0) goto err; rt->target_class = le32_to_cpu(buf[0]); - if (!value_isvalid(rt->target_class, p->p_classes.nprim)) - goto err; } else rt->target_class = p->process_class; + if (!value_isvalid(rt->target_class, p->p_classes.nprim)) + goto err; r = calloc(1, sizeof(*r)); if (!r) goto err;
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2