On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek <omosn...@redhat.com> wrote:
>
> The kernel checks if the port is in the range 1-255 when loading an
> ibenportcon rule. Add the same check to libsepol.
>
> Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> Signed-off-by: Ondrej Mosnacek <omosn...@redhat.com>
> ---
> libsepol/src/policydb.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index db6765ba..e2808b2d 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct
> policydb_compat_info *info,
> return -1;
> break;
> }
> - case OCON_IBENDPORT:
> + case OCON_IBENDPORT: {
> + uint32_t port;
> +
> rc = next_entry(buf, fp, sizeof(uint32_t) *
> 2);
> if (rc < 0)
> return -1;
> @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct
> policydb_compat_info *info,
> if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
> return -1;
>
> + port = le32_to_cpu(buf[1]);
> + if (port > 0xff || port == 0)
> + return -1;
You switched the other code to using UINT16_MAX, should probably use
UINT8_MAX here.
> +
> c->u.ibendport.dev_name = malloc(len + 1);
> if (!c->u.ibendport.dev_name)
> return -1;
> @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct
> policydb_compat_info *info,
> if (rc < 0)
> return -1;
> c->u.ibendport.dev_name[len] = 0;
> - c->u.ibendport.port = le32_to_cpu(buf[1]);
> + c->u.ibendport.port = port;
> if (context_read_and_validate
> (&c->context[0], p, fp))
> return -1;
> break;
> + }
> case OCON_PORT:
> rc = next_entry(buf, fp, sizeof(uint32_t) *
> 3);
> if (rc < 0)
> --
> 2.17.2
>
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
