libsemanage-3.7-4

- direct_api: INTEGER_OVERFLOW read_len = read() Resolves: RHEL-35997
2024-11-12 17:42:47 +01:00 · 2024-11-12 17:42:47 +01:00 · 9f3d9a68d7
commit 9f3d9a68d7
parent 664455f077
3 changed files with 57 additions and 7 deletions
--- a/0003-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch
+++ b/0003-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch
@ -0,0 +1,43 @@
+From 0140861b18272d2504ce743d60c181feb489a2af Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 25 Oct 2024 20:32:07 +0200
+Subject: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read()
+
+The following statement is always true if read_len is unsigned:
+(read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0
+
+Fixes:
+ Error: INTEGER_OVERFLOW (CWE-190): [#def19] [important]
+ libsemanage-3.7/src/direct_api.c:598:2: tainted_data_return: Called function "read(fd, data_read + data_read_len, max_len - data_read_len)", and a possible return value may be less than zero.
+ libsemanage-3.7/src/direct_api.c:598:2: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow.
+ libsemanage-3.7/src/direct_api.c:599:3: overflow: The expression "data_read_len += read_len" is deemed underflowed because at least one of its arguments has underflowed.
+ libsemanage-3.7/src/direct_api.c:598:2: overflow: The expression "max_len - data_read_len" is deemed underflowed because at least one of its arguments has underflowed.
+ libsemanage-3.7/src/direct_api.c:598:2: overflow_sink: "max_len - data_read_len", which might have underflowed, is passed to "read(fd, data_read + data_read_len, max_len - data_read_len)". [Note: The source code implementation of the function has been overridden by a builtin model.]
+ \#  596|   	}
+ \#  597|
+ \#  598|-> 	while ((read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0) {
+ \#  599|   		data_read_len += read_len;
+ \#  600|   		if (data_read_len == max_len) {
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsemanage/src/direct_api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
+index d740070d..7631c7bf 100644
+--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
+@@ -582,7 +582,7 @@ cleanup:
+ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int fd, char **out_data_read, size_t *out_read_len)
+ {
+ 	size_t max_len = initial_len;
+-	size_t read_len = 0;
+	ssize_t read_len = 0;
+ 	size_t data_read_len = 0;
+ 	char *data_read = NULL;
+ 
+-- 
+2.47.0
+
--- a/12
+++ b/12
@ -1,3 +1,15 @@
+* Tue Nov 12 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-4
+- direct_api: INTEGER_OVERFLOW read_len = read() (RHEL-35997)
+
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.7-3
+- Bump release for October 2024 mass rebuild (RHEL-64018)
+
+* Thu Oct 17 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-2.1
+- fix swig bindings for 4.3.0
+
+* Fri Aug 09 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-2
+- Preserve file context and ownership in policy store (RHEL-50822)
+
 * Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
 - SELinux userspace 3.7 release

--- a/libsemanage.spec
+++ b/libsemanage.spec
@ -4,7 +4,7 @@
 Summary: SELinux binary policy manipulation library
 Name: libsemanage
 Version: 3.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: LGPL-2.1-or-later
 Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsemanage-3.7.tar.gz
 Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/libsemanage-3.7.tar.gz.asc
@ -14,6 +14,7 @@ Source2: https://github.com/bachradsusi.gpg
 # Patch list start
 Patch0001: 0001-libsemanage-Preserve-file-context-and-ownership-in-p.patch
 Patch0002: 0002-libsemanage-fix-swig-bindings-for-4.3.0.patch
+Patch0003: 0003-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch
 # Patch list end
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source3: semanage.conf
@ -159,11 +160,5 @@ cp %{SOURCE3} ${RPM_BUILD_ROOT}%{_sysconfdir}/selinux/semanage.conf
 %{_libexecdir}/selinux/semanage_migrate_store

 %changelog
-* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.7-3
- Bump release for October 2024 mass rebuild:
-  Resolves: RHEL-64018
-
-* Fri Aug 09 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-2
- Preserve file context and ownership in policy store (RHEL-50822)

 %autochangelog