Re: [PATCH v4 7/7] libsepol: fix overflow and 0 length allocations

On 08/16/2016 01:45 PM, Roberts, William C wrote: > > >> -Original Message- >> From: Roberts, William C >> Sent: Tuesday, August 16, 2016 10:29 AM >> To: selinux@tycho.nsa.gov; jwca...@tycho.nsa.gov; seandroid- >> l...@tycho.nsa.gov; s...@tycho.nsa.gov >> Cc: Roberts, William C

Re: [PATCH] genhomedircon: add support for %group syntax

On 08/16/2016 11:59 AM, Gary Tierney wrote: > Hi Stephen, > > Replied inline below. > > On Mon, Aug 15, 2016 at 03:58:44PM -0400, Stephen Smalley wrote: >> On 07/27/2016 05:25 PM, Gary Tierney wrote: >>> semanage-login supports login mappings using the %group syntax, >>> but genhomedircon does

Fix AFL Found Bugs in libsepol v4

So the delta between v3 and v4 is addressing the comments on "fix overflow and 0 length allocations", and also move that patch to the end of the series. Take up to where you have issues as each patch can stand on its own. [PATCH v4 1/7] libsepol: fix invalid access of NULL on [PATCH v4 2/7]

[PATCH v4 7/7] libsepol: fix overflow and 0 length allocations

From: William Roberts Throughout libsepol, values taken from sepolicy are used in places where length == 0 or length == matter, find and fix these. Also, correct any type mismatches noticed along the way. Signed-off-by: William Roberts

[PATCH] selinux-testsuite: fix cap_userns compiler warnings

The top-level Makefile defines _GNU_SOURCE by default which causes the following build warning: cc -g -O0 -Wall -D_GNU_SOURCE userns_child_exec.c -o userns_child_exec userns_child_exec.c:11:0: warning: "_GNU_SOURCE" redefined #define _GNU_SOURCE ... this patch first checks to see if

[PATCH v4 1/7] libsepol: fix invalid access of NULL on type_val_to_struct

From: William Roberts In type_set_expand: When nprim, the table index counter, is greater than the value of initizalized entries in the type_val_to_struct[] array, detect this as invalid and return an error. Signed-off-by: William Roberts

[PATCH v4 2/7] libsepol: ensure key is valid before doing search

From: William Roberts Signed-off-by: William Roberts --- libsepol/src/mls.c | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c index 1e84bb7..2dc5f2b 100644 ---

[PATCH v4 6/7] libsepol: fix unitialized jmp and invalid dereference

From: William Roberts When initializing role_datum_t array, initialize the array. This corrects this issue: ==25766== Conditional jump or move depends on uninitialised value(s) ==25766==at 0x40ABFE: context_is_valid (context.c:59) ==25766==by 0x40AAED:

RE: [PATCH v4 7/7] libsepol: fix overflow and 0 length allocations

> -Original Message- > From: Roberts, William C > Sent: Tuesday, August 16, 2016 10:29 AM > To: selinux@tycho.nsa.gov; jwca...@tycho.nsa.gov; seandroid- > l...@tycho.nsa.gov; s...@tycho.nsa.gov > Cc: Roberts, William C > Subject: [PATCH v4 7/7] libsepol: fix

Re: [Bug report] Semanage fcontext with incorrect regexp

On 08/16/2016 09:32 AM, Vit Mojzis wrote: > When given invalid regexp, semanage reports error, but adds the invalid > context to "/etc/selinux/targeted/contexts/files/file_contexts.local", > which breaks the system (won't boot in enforcing mode). The new context > doesn't show up on "#semanage

[PATCH v4 4/7] genfs_read: fix use heap-use-after-free

From: William Roberts The newc variable is calloc'd and assigned to a new owner during a loop. After the first assignment of newc to newgenfs->head, the subsequent iteration could fail before the newc is reseated with a new heap allocation pointer. When the

Re: [PATCH v3 5/7] libsepol: fix overflow and 0 length allocations

>> Currently, in file-systems like reiserFS that support scalable xattrs, only >> VFS is the one limiting the size to 64k. Since their is no constant, and >> maybe one day this arbitrary VFS limit >> would be removed, I think we should check correctlly here that were >> allocating > 1 bytes, and

Re: [PATCH v3 5/7] libsepol: fix overflow and 0 length allocations

On 08/15/2016 11:59 AM, william.c.robe...@intel.com wrote: From: William Roberts Throughout libsepol, values taken from sepolicy are used in places where length == 0 or length == matter, find and fix these. Also, correct any type mismatches noticed along the way.

Re: [PATCH v3 5/7] libsepol: fix overflow and 0 length allocations

On Tue, Aug 16, 2016 at 8:11 AM, William Roberts wrote: > On Aug 16, 2016 06:12, "James Carter" wrote: > > > > On 08/15/2016 11:59 AM, william.c.robe...@intel.com wrote: > >> > >> From: William Roberts > >> > >>

Re: [Bug report] Semanage fcontext with incorrect regexp

On 08/16/2016 03:32 AM, Vit Mojzis wrote: > When given invalid regexp, semanage reports error, but adds the invalid > context to "/etc/selinux/targeted/contexts/files/file_contexts.local", > which breaks the system (won't boot in enforcing mode). The new context > doesn't show up on "#semanage

Re: [PATCH] genhomedircon: add support for %group syntax

Hi Stephen, Replied inline below. On Mon, Aug 15, 2016 at 03:58:44PM -0400, Stephen Smalley wrote: > On 07/27/2016 05:25 PM, Gary Tierney wrote: > > semanage-login supports login mappings using the %group syntax, but > > genhomedircon does not expand groups to the users belonging to them. > > >