All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Christian Göttsche" <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 12/13] checkpolicy: print warning on source line overflow
Date: Tue, 14 Sep 2021 14:48:27 +0200	[thread overview]
Message-ID: <20210914124828.19488-13-cgzones@googlemail.com> (raw)
In-Reply-To: <20210914124828.19488-1-cgzones@googlemail.com>

In case the source line value overflows or has a too big value in the
source policy print a warning.

    policy_scan.l:273:19: runtime error: implicit conversion from type 'int' of value -2 (32-bit, signed) to type 'unsigned long' changed the value to 18446744073709551614 (64-bit, unsigned)
    policy_scan.l:66:20: runtime error: unsigned integer overflow: 18446744073709551615 + 1 cannot be represented in type 'unsigned long'

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 checkpolicy/policy_scan.l | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 4067268b..129a8a2a 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -59,12 +59,17 @@ alnum   [a-zA-Z0-9]
 hexval	[0-9A-Fa-f]
 
 %%
-\n.*				{ strncpy(linebuf[lno], yytext+1, 255);
-                                  linebuf[lno][254] = 0;
-                                  lno = 1 - lno; 
-                                  policydb_lineno++;
-				  source_lineno++;
-                                  yyless(1); }
+\n.*				{
+				  strncpy(linebuf[lno], yytext+1, 255);
+				  linebuf[lno][254] = 0;
+				  lno = 1 - lno;
+				  policydb_lineno++;
+				  if (source_lineno == ULONG_MAX)
+				      yywarn("source line number overflow");
+				  else
+				      source_lineno++;
+				  yyless(1);
+				}
 CLONE |
 clone				{ return(CLONE); }
 COMMON |
@@ -270,7 +275,13 @@ GLBLUB				{ return(GLBLUB); }
 {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
 {digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
 #line[ ]1[ ]\"[^\n]*\"		{ set_source_file(yytext+9); }
-#line[ ]{digit}+	        { source_lineno = atoi(yytext+6)-1; }
+#line[ ]{digit}+	        {
+				  errno = 0;
+				  source_lineno = strtoul(yytext+6, NULL, 10) - 1;
+				  if (errno) {
+				    yywarn("source line number too big");
+				  }
+				}
 #[^\n]*                         { /* delete comments */ }
 [ \t\f]+			{ /* delete whitespace */ }
 "==" 				{ return(EQUALS); }
-- 
2.33.0


  parent reply	other threads:[~2021-09-14 12:50 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-14 12:48 [PATCH 00/13] checkpolicy improvements Christian Göttsche
2021-09-14 12:48 ` [PATCH 01/13] libsepol: avoid implicit conversions Christian Göttsche
2021-09-14 12:48 ` [PATCH 02/13] libsepol: free memory after policy validation Christian Göttsche
2021-09-15 13:11   ` [PATCH v2 " Christian Göttsche
2021-09-15 13:19     ` [PATCH v3 " Christian Göttsche
2021-09-14 12:48 ` [PATCH 03/13] checkpolicy: enclose macro argument in parentheses Christian Göttsche
2021-09-14 12:48 ` [PATCH 04/13] checkpolicy: misc checkmodule tweaks Christian Göttsche
2021-09-14 12:48 ` [PATCH 05/13] checkpolicy: misc checkpolicy tweaks Christian Göttsche
2021-09-14 12:48 ` [PATCH 06/13] checkpolicy: mark read-only parameters in module compiler const Christian Göttsche
2021-09-14 12:48 ` [PATCH 07/13] checkpolicy: mark file local functions in policy_define static Christian Göttsche
2021-09-14 12:48 ` [PATCH 08/13] checkpolicy: add missing function declarations Christian Göttsche
2021-09-14 12:48 ` [PATCH 09/13] checkpolicy: resolve dismod memory leaks Christian Göttsche
2021-09-14 19:45   ` James Carter
2021-09-15 13:11   ` [PATCH v2 " Christian Göttsche
2021-09-14 12:48 ` [PATCH 10/13] checkpolicy: avoid implicit conversion Christian Göttsche
2021-09-14 12:48 ` [PATCH 11/13] checkpolicy: error out on parsing too big integers Christian Göttsche
2021-09-14 20:43   ` James Carter
2021-09-15 13:11   ` [PATCH v2 " Christian Göttsche
2021-09-14 12:48 ` Christian Göttsche [this message]
2021-09-14 12:48 ` [PATCH 13/13] checkpolicy: free extended permission memory Christian Göttsche
2021-09-15 14:59 ` [PATCH 00/13] checkpolicy improvements James Carter
2021-09-16 20:34   ` James Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210914124828.19488-13-cgzones@googlemail.com \
    --to=cgzones@googlemail.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.