All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paul Moore <paul@paul-moore.com>
To: bill.c.roberts@gmail.com
Cc: omosnace@redhat.com, selinux@vger.kernel.org,
	Stephen Smalley <sds@tycho.nsa.gov>,
	selinux@tycho.nsa.gov
Subject: Re: [PATCH] libsepol: fix endianity in ibpkey range checks
Date: Wed, 17 Oct 2018 17:18:35 -0400	[thread overview]
Message-ID: <CAHC9VhT_npm4ix7kmN8GOOxUp8z7ySz0Z6LLKqd0VOMJPKcibA@mail.gmail.com> (raw)
In-Reply-To: <CAFftDdqKAHN3+Mb3QB2n=555PFKYntpKf_sXzWWppQ4tP=AdvQ@mail.gmail.com>

On Wed, Oct 17, 2018 at 12:07 PM William Roberts
<bill.c.roberts@gmail.com> wrote:
> On Wed, Oct 17, 2018 at 7:48 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > We need to convert from little-endian before dong range checks on the
> > ibpkey port numbers, otherwise we would be checking a wrong value.
> >
> > Fixes: 9fbb3112769a ("libsepol: Add ibpkey ocontext handling")
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> >  libsepol/src/policydb.c | 14 ++++++++++----
> >  1 file changed, 10 insertions(+), 4 deletions(-)
> >
> > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> > index a6d76ca3..dc201e2f 100644
> > --- a/libsepol/src/policydb.c
> > +++ b/libsepol/src/policydb.c
> > @@ -2830,15 +2830,21 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> >                                 break;
> >                         case OCON_IBPKEY:
> >                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
> > -                               if (rc < 0 || buf[2] > 0xffff || buf[3] > 0xffff)
> > +                               if (rc < 0)
> >                                         return -1;
> >
> > +                               c->u.ibpkey.low_pkey  = le32_to_cpu(buf[2]);
> > +                               c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]);
>
> Ahh you're assigning a 32 bit value to a 16 bit variable low|high_pkey. I think
> you need to assign them to a uint32_t if you want to actually range check them.

If you can, give me a chance to look over the kernel changes first.  I
doubt I'll see anything objectionable given the review the patches
have already seen, but one never knows.

> > +
> > +                               if (c->u.ibpkey.low_pkey  > 0xffff ||
> > +                                   c->u.ibpkey.high_pkey > 0xffff)
> > +                                       return -1;
> > +
> > +                               /* we want c->u.ibpkey.subnet_prefix in network
> > +                                * (big-endian) order, just memcpy it */
> >                                 memcpy(&c->u.ibpkey.subnet_prefix, buf,
> >                                        sizeof(c->u.ibpkey.subnet_prefix));
> >
> > -                               c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]);
> > -                               c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]);
> > -
> >                                 if (context_read_and_validate
> >                                     (&c->context[0], p, fp))
> >                                         return -1;
> > --
> > 2.17.2
> >
> See job: https://travis-ci.org/SELinuxProject/selinux/jobs/442750208
>
> Build fail with gcc:
>
> policydb.c:2839:31: error: comparison is always false due to limited
> range of data type [-Werror=type-limits]
>      if (c->u.ibpkey.low_pkey  > 0xffff ||
>                                ^
> policydb.c:2840:31: error: comparison is always false due to limited
> range of data type [-Werror=type-limits]
>          c->u.ibpkey.high_pkey > 0xffff)



-- 
paul moore
www.paul-moore.com

  reply	other threads:[~2018-10-17 21:18 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-17 14:46 [PATCH] libsepol: fix endianity in ibpkey range checks Ondrej Mosnacek
2018-10-17 15:04 ` William Roberts
2018-10-17 15:31 ` Stephen Smalley
2018-10-17 15:34   ` William Roberts
2018-10-17 16:06 ` William Roberts
2018-10-17 21:18   ` Paul Moore [this message]
2018-10-17 21:22     ` Stephen Smalley
2018-10-17 22:05       ` William Roberts
2018-10-18  7:20   ` Ondrej Mosnacek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHC9VhT_npm4ix7kmN8GOOxUp8z7ySz0Z6LLKqd0VOMJPKcibA@mail.gmail.com \
    --to=paul@paul-moore.com \
    --cc=bill.c.roberts@gmail.com \
    --cc=omosnace@redhat.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.