[PATCH 1/4] libsepol: validate: use fixed sized integers

[PATCH 1/4] libsepol: validate: use fixed sized integers

[Christian Göttsche]

Avoid issues on architectures where unsigned int and uint32_t are not of
the same size.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 08b4a477..7db4ad35 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -23,7 +23,7 @@ typedef struct map_arg {
 
 static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
 {
-	unsigned int i;
+	uint32_t i;
 
 	ebitmap_init(gaps);
 
@@ -180,7 +180,7 @@ static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datu
 {
 	const scope_datum_t *scope_datum = (scope_datum_t *)d;
 	const uint32_t *nprim = (uint32_t *)args;
-	unsigned int i;
+	uint32_t i;
 
 	switch (scope_datum->scope) {
 	case SCOPE_REQ:
@@ -205,7 +205,7 @@ static int validate_scopes(sepol_handle_t *handle, const symtab_t scopes[], cons
 {
 	const avrule_decl_t *decl;
 	unsigned int i;
-	unsigned int num_decls = 0;
+	uint32_t num_decls = 0;
 
 	for (; block != NULL; block = block->next) {
 		for (decl = block->branch_list; decl; decl = decl->next) {
@@ -685,7 +685,7 @@ static int validate_bool_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
 
 static int validate_datum_array_gaps(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
 {
-	unsigned int i;
+	uint32_t i;
 
 	for (i = 0; i < p->p_classes.nprim; i++) {
 		if (bool_xnor(p->class_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i)))
@@ -1377,7 +1377,7 @@ bad:
 static int validate_permissives(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
 {
 	ebitmap_node_t *node;
-	unsigned i;
+	uint32_t i;
 
 	ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
 		if (validate_simpletype(i, p, flavors))
@@ -1429,7 +1429,7 @@ static int validate_range_transitions(sepol_handle_t *handle, const policydb_t *
 static int validate_typeattr_map(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
 {
 	const ebitmap_t *maps = p->type_attr_map;
-	unsigned int i;
+	uint32_t i;
 
 	if (p->policy_type == POLICY_KERN) {
 		for (i = 0; i < p->p_types.nprim; i++) {
-- 
2.40.1

[PATCH 2/4] hashtab: update

[Christian Göttsche]

Avoid overflowing number of elements in hashtab_insert().

Use identical type for hashed values to avoid implicit conversions.

Declare tag parameter of hashtab_hash_eval() const since it is only
printed.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
Might be related to oss-fuzz issue 60583, but could not reproduce.
---
 libsepol/include/sepol/policydb/hashtab.h |  2 +-
 libsepol/src/hashtab.c                    | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/libsepol/include/sepol/policydb/hashtab.h b/libsepol/include/sepol/policydb/hashtab.h
index 354ebb43..583ac08e 100644
--- a/libsepol/include/sepol/policydb/hashtab.h
+++ b/libsepol/include/sepol/policydb/hashtab.h
@@ -108,7 +108,7 @@ extern int hashtab_map(hashtab_t h,
 				     hashtab_datum_t d,
 				     void *args), void *args);
 
-extern void hashtab_hash_eval(hashtab_t h, char *tag);
+extern void hashtab_hash_eval(hashtab_t h, const char *tag);
 
 /* Returns number of elements in the hashtab h or 0 is h is NULL */
 static inline uint32_t hashtab_nel(hashtab_t h)
diff --git a/libsepol/src/hashtab.c b/libsepol/src/hashtab.c
index 922a8a4a..6f01d094 100644
--- a/libsepol/src/hashtab.c
+++ b/libsepol/src/hashtab.c
@@ -103,10 +103,10 @@ static void hashtab_check_resize(hashtab_t h)
 
 int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
 {
-	int hvalue;
+	unsigned int hvalue;
 	hashtab_ptr_t prev, cur, newnode;
 
-	if (!h)
+	if (!h || h->nel == UINT32_MAX)
 		return SEPOL_ENOMEM;
 
 	hashtab_check_resize(h);
@@ -144,7 +144,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
 		   void (*destroy) (hashtab_key_t k,
 				    hashtab_datum_t d, void *args), void *args)
 {
-	int hvalue;
+	unsigned int hvalue;
 	hashtab_ptr_t cur, last;
 
 	if (!h)
@@ -176,7 +176,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
 hashtab_datum_t hashtab_search(hashtab_t h, const_hashtab_key_t key)
 {
 
-	int hvalue;
+	unsigned int hvalue;
 	hashtab_ptr_t cur;
 
 	if (!h)
@@ -240,10 +240,10 @@ int hashtab_map(hashtab_t h,
 	return SEPOL_OK;
 }
 
-void hashtab_hash_eval(hashtab_t h, char *tag)
+void hashtab_hash_eval(hashtab_t h, const char *tag)
 {
 	unsigned int i;
-	int chain_len, slots_used, max_chain_len;
+	size_t chain_len, slots_used, max_chain_len;
 	hashtab_ptr_t cur;
 
 	slots_used = 0;
@@ -264,6 +264,6 @@ void hashtab_hash_eval(hashtab_t h, char *tag)
 	}
 
 	printf
-	    ("%s:  %d entries and %d/%d buckets used, longest chain length %d\n",
+	    ("%s:  %d entries and %zu/%d buckets used, longest chain length %zu\n",
 	     tag, h->nel, slots_used, h->size, max_chain_len);
 }
-- 
2.40.1

[PATCH 3/4] libsepol: expand: use identical type to avoid implicit conversion

[Christian Göttsche]

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/expand.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 7a011508..2ff06cd7 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -2314,7 +2314,7 @@ static int type_attr_map(hashtab_key_t key
 	policydb_t *p = state->out;
 	unsigned int i;
 	ebitmap_node_t *tnode;
-	int value;
+	uint32_t value;
 
 	type = (type_datum_t *) datum;
 	value = type->s.value;
-- 
2.40.1

[PATCH 4/4] libsepol: expand: check for memory allocation failure

[Christian Göttsche]

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/expand.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 2ff06cd7..5c20b806 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -2954,6 +2954,10 @@ int expand_module(sepol_handle_t * handle,
 	state.out->policyvers = POLICYDB_VERSION_MAX;
 	if (state.base->name) {
 		state.out->name = strdup(state.base->name);
+		if (!state.out->name) {
+			ERR(handle, "Out of memory!");
+			goto cleanup;
+		}
 	}
 
 	/* Copy mls state from base to out */
-- 
2.40.1

Re: [PATCH 1/4] libsepol: validate: use fixed sized integers

[James Carter]

On Fri, Jul 14, 2023 at 2:53 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Avoid issues on architectures where unsigned int and uint32_t are not of
> the same size.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

For this series of four patches:
Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/src/policydb_validate.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index 08b4a477..7db4ad35 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -23,7 +23,7 @@ typedef struct map_arg {
>
>  static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
>  {
> -       unsigned int i;
> +       uint32_t i;
>
>         ebitmap_init(gaps);
>
> @@ -180,7 +180,7 @@ static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datu
>  {
>         const scope_datum_t *scope_datum = (scope_datum_t *)d;
>         const uint32_t *nprim = (uint32_t *)args;
> -       unsigned int i;
> +       uint32_t i;
>
>         switch (scope_datum->scope) {
>         case SCOPE_REQ:
> @@ -205,7 +205,7 @@ static int validate_scopes(sepol_handle_t *handle, const symtab_t scopes[], cons
>  {
>         const avrule_decl_t *decl;
>         unsigned int i;
> -       unsigned int num_decls = 0;
> +       uint32_t num_decls = 0;
>
>         for (; block != NULL; block = block->next) {
>                 for (decl = block->branch_list; decl; decl = decl->next) {
> @@ -685,7 +685,7 @@ static int validate_bool_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
>
>  static int validate_datum_array_gaps(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
>  {
> -       unsigned int i;
> +       uint32_t i;
>
>         for (i = 0; i < p->p_classes.nprim; i++) {
>                 if (bool_xnor(p->class_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i)))
> @@ -1377,7 +1377,7 @@ bad:
>  static int validate_permissives(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
>  {
>         ebitmap_node_t *node;
> -       unsigned i;
> +       uint32_t i;
>
>         ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
>                 if (validate_simpletype(i, p, flavors))
> @@ -1429,7 +1429,7 @@ static int validate_range_transitions(sepol_handle_t *handle, const policydb_t *
>  static int validate_typeattr_map(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
>  {
>         const ebitmap_t *maps = p->type_attr_map;
> -       unsigned int i;
> +       uint32_t i;
>
>         if (p->policy_type == POLICY_KERN) {
>                 for (i = 0; i < p->p_types.nprim; i++) {
> --
> 2.40.1
>

Re: [PATCH 1/4] libsepol: validate: use fixed sized integers

[James Carter]

On Thu, Jul 20, 2023 at 9:55 AM James Carter <jwcart2@gmail.com> wrote:
>
> On Fri, Jul 14, 2023 at 2:53 PM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Avoid issues on architectures where unsigned int and uint32_t are not of
> > the same size.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For this series of four patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>

This series of four patches has been merged.
Thanks,
Jim

> > ---
> >  libsepol/src/policydb_validate.c | 12 ++++++------
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> > index 08b4a477..7db4ad35 100644
> > --- a/libsepol/src/policydb_validate.c
> > +++ b/libsepol/src/policydb_validate.c
> > @@ -23,7 +23,7 @@ typedef struct map_arg {
> >
> >  static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
> >  {
> > -       unsigned int i;
> > +       uint32_t i;
> >
> >         ebitmap_init(gaps);
> >
> > @@ -180,7 +180,7 @@ static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datu
> >  {
> >         const scope_datum_t *scope_datum = (scope_datum_t *)d;
> >         const uint32_t *nprim = (uint32_t *)args;
> > -       unsigned int i;
> > +       uint32_t i;
> >
> >         switch (scope_datum->scope) {
> >         case SCOPE_REQ:
> > @@ -205,7 +205,7 @@ static int validate_scopes(sepol_handle_t *handle, const symtab_t scopes[], cons
> >  {
> >         const avrule_decl_t *decl;
> >         unsigned int i;
> > -       unsigned int num_decls = 0;
> > +       uint32_t num_decls = 0;
> >
> >         for (; block != NULL; block = block->next) {
> >                 for (decl = block->branch_list; decl; decl = decl->next) {
> > @@ -685,7 +685,7 @@ static int validate_bool_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
> >
> >  static int validate_datum_array_gaps(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
> >  {
> > -       unsigned int i;
> > +       uint32_t i;
> >
> >         for (i = 0; i < p->p_classes.nprim; i++) {
> >                 if (bool_xnor(p->class_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i)))
> > @@ -1377,7 +1377,7 @@ bad:
> >  static int validate_permissives(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
> >  {
> >         ebitmap_node_t *node;
> > -       unsigned i;
> > +       uint32_t i;
> >
> >         ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
> >                 if (validate_simpletype(i, p, flavors))
> > @@ -1429,7 +1429,7 @@ static int validate_range_transitions(sepol_handle_t *handle, const policydb_t *
> >  static int validate_typeattr_map(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
> >  {
> >         const ebitmap_t *maps = p->type_attr_map;
> > -       unsigned int i;
> > +       uint32_t i;
> >
> >         if (p->policy_type == POLICY_KERN) {
> >                 for (i = 0; i < p->p_types.nprim; i++) {
> > --
> > 2.40.1
> >