* [PATCH] libsepol: Validate conditional expressions
@ 2022-03-16 20:53 James Carter
2022-03-30 19:06 ` James Carter
0 siblings, 1 reply; 2+ messages in thread
From: James Carter @ 2022-03-16 20:53 UTC (permalink / raw)
To: selinux; +Cc: James Carter
When validating a policydb, validate the conditional expressions
including the values of the booleans within them.
Found by oss-fuzz (#45523)
Signed-off-by: James Carter <jwcart2@gmail.com>
---
libsepol/src/policydb_validate.c | 43 ++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index a2dcebe4..13d9480d 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -881,9 +881,52 @@ bad:
return -1;
}
+static int validate_cond_expr(sepol_handle_t *handle, struct cond_expr *expr, validate_t *bool)
+{
+ int depth = -1;
+
+ for (; expr; expr = expr->next) {
+ switch(expr->expr_type) {
+ case COND_BOOL:
+ if (validate_value(expr->bool, bool))
+ goto bad;
+ if (depth == (COND_EXPR_MAXDEPTH - 1))
+ goto bad;
+ depth++;
+ break;
+ case COND_NOT:
+ if (depth < 0)
+ goto bad;
+ break;
+ case COND_OR:
+ case COND_AND:
+ case COND_XOR:
+ case COND_EQ:
+ case COND_NEQ:
+ if (depth < 1)
+ goto bad;
+ depth--;
+ break;
+ default:
+ goto bad;
+ }
+ }
+
+ if (depth != 0)
+ goto bad;
+
+ return 0;
+
+bad:
+ ERR(handle, "Invalid cond expression");
+ return -1;
+}
+
static int validate_cond_list(sepol_handle_t *handle, cond_list_t *cond, validate_t flavors[])
{
for (; cond; cond = cond->next) {
+ if (validate_cond_expr(handle, cond->expr, &flavors[SYM_BOOLS]))
+ goto bad;
if (validate_cond_av_list(handle, cond->true_list, flavors))
goto bad;
if (validate_cond_av_list(handle, cond->false_list, flavors))
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] libsepol: Validate conditional expressions
2022-03-16 20:53 [PATCH] libsepol: Validate conditional expressions James Carter
@ 2022-03-30 19:06 ` James Carter
0 siblings, 0 replies; 2+ messages in thread
From: James Carter @ 2022-03-30 19:06 UTC (permalink / raw)
To: SElinux list
On Wed, Mar 16, 2022 at 4:53 PM James Carter <jwcart2@gmail.com> wrote:
>
> When validating a policydb, validate the conditional expressions
> including the values of the booleans within them.
>
> Found by oss-fuzz (#45523)
>
> Signed-off-by: James Carter <jwcart2@gmail.com>
Merged.
Jim
> ---
> libsepol/src/policydb_validate.c | 43 ++++++++++++++++++++++++++++++++
> 1 file changed, 43 insertions(+)
>
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index a2dcebe4..13d9480d 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -881,9 +881,52 @@ bad:
> return -1;
> }
>
> +static int validate_cond_expr(sepol_handle_t *handle, struct cond_expr *expr, validate_t *bool)
> +{
> + int depth = -1;
> +
> + for (; expr; expr = expr->next) {
> + switch(expr->expr_type) {
> + case COND_BOOL:
> + if (validate_value(expr->bool, bool))
> + goto bad;
> + if (depth == (COND_EXPR_MAXDEPTH - 1))
> + goto bad;
> + depth++;
> + break;
> + case COND_NOT:
> + if (depth < 0)
> + goto bad;
> + break;
> + case COND_OR:
> + case COND_AND:
> + case COND_XOR:
> + case COND_EQ:
> + case COND_NEQ:
> + if (depth < 1)
> + goto bad;
> + depth--;
> + break;
> + default:
> + goto bad;
> + }
> + }
> +
> + if (depth != 0)
> + goto bad;
> +
> + return 0;
> +
> +bad:
> + ERR(handle, "Invalid cond expression");
> + return -1;
> +}
> +
> static int validate_cond_list(sepol_handle_t *handle, cond_list_t *cond, validate_t flavors[])
> {
> for (; cond; cond = cond->next) {
> + if (validate_cond_expr(handle, cond->expr, &flavors[SYM_BOOLS]))
> + goto bad;
> if (validate_cond_av_list(handle, cond->true_list, flavors))
> goto bad;
> if (validate_cond_av_list(handle, cond->false_list, flavors))
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-30 19:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-16 20:53 [PATCH] libsepol: Validate conditional expressions James Carter
2022-03-30 19:06 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.