Re: [PATCH] libsepol: add missing ibendport port validity check

2018-10-23 Thread Ondrej Mosnacek 
On Mon, Oct 22, 2018 at 4:49 PM William Roberts
 wrote:
> On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek  wrote:
> >
> > The kernel checks if the port is in the range 1-255 when loading an
> > ibenportcon rule. Add the same check to libsepol.
> >
> > Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> > Signed-off-by: Ondrej Mosnacek 
> > ---
> >  libsepol/src/policydb.c | 11 +--
> >  1 file changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> > index db6765ba..e2808b2d 100644
> > --- a/libsepol/src/policydb.c
> > +++ b/libsepol/src/policydb.c
> > @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct 
> > policydb_compat_info *info,
> > return -1;
> > break;
> > }
> > -   case OCON_IBENDPORT:
> > +   case OCON_IBENDPORT: {
> > +   uint32_t port;
> > +
> > rc = next_entry(buf, fp, sizeof(uint32_t) * 
> > 2);
> > if (rc < 0)
> > return -1;
> > @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct 
> > policydb_compat_info *info,
> > if (len == 0 || len > IB_DEVICE_NAME_MAX - 
> > 1)
> > return -1;
> >
> > +   port = le32_to_cpu(buf[1]);
> > +   if (port > 0xff || port == 0)
> > +   return -1;
>
> You switched the other code to using UINT16_MAX, should probably use
> UINT8_MAX here.

Good point. I'll need to update the kernel patch as well.

Thanks,

>
> > +
> > c->u.ibendport.dev_name = malloc(len + 1);
> > if (!c->u.ibendport.dev_name)
> > return -1;
> > @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct 
> > policydb_compat_info *info,
> > if (rc < 0)
> > return -1;
> > c->u.ibendport.dev_name[len] = 0;
> > -   c->u.ibendport.port = le32_to_cpu(buf[1]);
> > +   c->u.ibendport.port = port;
> > if (context_read_and_validate
> > (>context[0], p, fp))
> > return -1;
> > break;
> > +   }
> > case OCON_PORT:
> > rc = next_entry(buf, fp, sizeof(uint32_t) * 
> > 3);
> > if (rc < 0)
> > --
> > 2.17.2
> >

-- 
Ondrej Mosnacek 
Associate Software Engineer, Security Technologies
Red Hat, Inc.
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH] libsepol: add missing ibendport port validity check

2018-10-22 Thread William Roberts 
On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek  wrote:
>
> The kernel checks if the port is in the range 1-255 when loading an
> ibenportcon rule. Add the same check to libsepol.
>
> Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> Signed-off-by: Ondrej Mosnacek 
> ---
>  libsepol/src/policydb.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index db6765ba..e2808b2d 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct 
> policydb_compat_info *info,
> return -1;
> break;
> }
> -   case OCON_IBENDPORT:
> +   case OCON_IBENDPORT: {
> +   uint32_t port;
> +
> rc = next_entry(buf, fp, sizeof(uint32_t) * 
> 2);
> if (rc < 0)
> return -1;
> @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct 
> policydb_compat_info *info,
> if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
> return -1;
>
> +   port = le32_to_cpu(buf[1]);
> +   if (port > 0xff || port == 0)
> +   return -1;

You switched the other code to using UINT16_MAX, should probably use
UINT8_MAX here.

> +
> c->u.ibendport.dev_name = malloc(len + 1);
> if (!c->u.ibendport.dev_name)
> return -1;
> @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct 
> policydb_compat_info *info,
> if (rc < 0)
> return -1;
> c->u.ibendport.dev_name[len] = 0;
> -   c->u.ibendport.port = le32_to_cpu(buf[1]);
> +   c->u.ibendport.port = port;
> if (context_read_and_validate
> (>context[0], p, fp))
> return -1;
> break;
> +   }
> case OCON_PORT:
> rc = next_entry(buf, fp, sizeof(uint32_t) * 
> 3);
> if (rc < 0)
> --
> 2.17.2
>
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH] libsepol: add missing ibendport port validity check

2018-10-22 Thread Ondrej Mosnacek 
The kernel checks if the port is in the range 1-255 when loading an
ibenportcon rule. Add the same check to libsepol.

Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
Signed-off-by: Ondrej Mosnacek 
---
 libsepol/src/policydb.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index db6765ba..e2808b2d 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct 
policydb_compat_info *info,
return -1;
break;
}
-   case OCON_IBENDPORT:
+   case OCON_IBENDPORT: {
+   uint32_t port;
+
rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
if (rc < 0)
return -1;
@@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct 
policydb_compat_info *info,
if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
return -1;
 
+   port = le32_to_cpu(buf[1]);
+   if (port > 0xff || port == 0)
+   return -1;
+
c->u.ibendport.dev_name = malloc(len + 1);
if (!c->u.ibendport.dev_name)
return -1;
@@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct 
policydb_compat_info *info,
if (rc < 0)
return -1;
c->u.ibendport.dev_name[len] = 0;
-   c->u.ibendport.port = le32_to_cpu(buf[1]);
+   c->u.ibendport.port = port;
if (context_read_and_validate
(>context[0], p, fp))
return -1;
break;
+   }
case OCON_PORT:
rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
if (rc < 0)
-- 
2.17.2

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.