Hi Arnold.
I got the reply from Stephen Smalley, saying that the overflow is not
possible (https://github.com/SELinuxProject/selinux/issues/47).
So i will close this issue.
** Changed in: libselinux (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libselinux in Ubuntu.
https://bugs.launchpad.net/bugs/1662397
Title:
a suspicious integer overflow in libselinux/src/compute_user.c : 54
Status in libselinux package in Ubuntu:
Invalid
Bug description:
Hello.
A suspicious integer overflow is found in libselinux/src/compute_user.c : 54.
The source code is here.
(https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/compute_user.c#L54)
If variable "nel" can be crafted as 0xffff ffff, the integer addition
at line 54 would overflow to 0, leading to no memory space allocated.
This would further lead to buffer overflow at line 62 in a loop. Note
that vulnerable "nel" is read from a file "selinux_mnt/user",
following the path, i.e. line 27, line 28, line 45 and line 49.
Since I'm not an expert in the source code of libselinux, I'm not sure
whether "nel" can be assigned with that very big integer (0xffff
ffff). If so, this issue is a severe bug definitely. If not, it is a
false positive and please ignore it.
Thanks a lot.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/1662397/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
