eb31c5c734
- cil: Check that sym_index is within bounds (RHEL-34823) - cil: Initialize avtab_datum on declaration (RHEL-34810) - mls: Do not destroy context on memory error (RHEL-34810) - cil/cil_post: Initialize tmp on declaration (RHEL-34810) - Initialize "strs" on declaration (RHEL-34810) Resolves: RHEL-34823, RHEL-34810
41 lines
1.6 KiB
Diff
41 lines
1.6 KiB
Diff
From d045edd5298a75284ce1cc289d039cce8b7a24ae Mon Sep 17 00:00:00 2001
|
|
From: Vit Mojzis <vmojzis@redhat.com>
|
|
Date: Tue, 23 Jul 2024 16:41:57 +0200
|
|
Subject: [PATCH] libsepol/cil: Check that sym_index is within bounds
|
|
|
|
Make sure sym_index is within the bounds of symtab array before using it
|
|
to index the array.
|
|
|
|
Fixes:
|
|
Error: OVERRUN (CWE-119):
|
|
libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: "sym_index" = "CIL_SYM_UNKNOWN".
|
|
libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument "sym_index" (which evaluates to 20) in call to "cil_resolve_name".
|
|
\# 3187| switch (curr->flavor) {
|
|
\# 3188| case CIL_STRING:
|
|
\# 3189|-> rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum);
|
|
\# 3190| if (rc != SEPOL_OK) {
|
|
\# 3191| goto exit;
|
|
|
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
Acked-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
libsepol/cil/src/cil_resolve_ast.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
|
|
index 427a320c..da8863c4 100644
|
|
--- a/libsepol/cil/src/cil_resolve_ast.c
|
|
+++ b/libsepol/cil/src/cil_resolve_ast.c
|
|
@@ -4291,7 +4291,7 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en
|
|
int rc = SEPOL_ERR;
|
|
struct cil_tree_node *node = NULL;
|
|
|
|
- if (name == NULL) {
|
|
+ if (name == NULL || sym_index >= CIL_SYM_NUM) {
|
|
cil_log(CIL_ERR, "Invalid call to cil_resolve_name\n");
|
|
goto exit;
|
|
}
|
|
--
|
|
2.47.0
|
|
|