c59879b8aa
Rebase on upstream commit 32611aea6543
See
$ cd SELinuxProject/selinux
$ git log --pretty=oneline libsepol-3.2..32611aea6543 -- libsepol
42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
From af29a235531f66882e5a027e1348658b8d8c1e68 Mon Sep 17 00:00:00 2001
|
|
From: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
Date: Mon, 12 Jul 2021 10:44:28 +0200
|
|
Subject: [PATCH] libsepol/cil: do not allow \0 in quoted strings
|
|
|
|
Using the '\0' character in strings in a CIL policy is not expected to
|
|
happen, and makes the flex tokenizer very slow. For example when
|
|
generating a file with:
|
|
|
|
python -c 'print("\"" + "\0"*100000 + "\"")' > policy.cil
|
|
|
|
secilc fails after 26 seconds, on my desktop computer. Increasing the
|
|
numbers of \0 makes this time increase significantly. But replacing \0
|
|
with another character makes secilc fail in only few milliseconds.
|
|
|
|
Fix this "possible denial of service" issue by forbidding \0 in strings
|
|
in CIL policies.
|
|
|
|
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36016
|
|
|
|
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
---
|
|
libsepol/cil/src/cil_lexer.l | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libsepol/cil/src/cil_lexer.l b/libsepol/cil/src/cil_lexer.l
|
|
index e28c33ecb9f1..8bf2b6e7765a 100644
|
|
--- a/libsepol/cil/src/cil_lexer.l
|
|
+++ b/libsepol/cil/src/cil_lexer.l
|
|
@@ -49,7 +49,7 @@ spec_char [\[\]\.\@\=\/\*\-\_\$\%\+\-\!\|\&\^\:\~\`\#\{\}\'\<\>\?\,]
|
|
symbol ({digit}|{alpha}|{spec_char})+
|
|
white [ \t]
|
|
newline [\n\r]
|
|
-qstring \"[^"\n]*\"
|
|
+qstring \"[^"\n\0]*\"
|
|
hll_lm ^;;\*
|
|
comment ;
|
|
|
|
--
|
|
2.32.0
|
|
|