* [PATCH] libsepol: add missing ibendport port validity check
@ 2018-10-22 8:18 Ondrej Mosnacek
2018-10-22 14:48 ` William Roberts
0 siblings, 1 reply; 3+ messages in thread
From: Ondrej Mosnacek @ 2018-10-22 8:18 UTC (permalink / raw)
To: selinux
Cc: selinux, Stephen Smalley, William Roberts, Daniel Jurgens,
Ondrej Mosnacek
The kernel checks if the port is in the range 1-255 when loading an
ibenportcon rule. Add the same check to libsepol.
Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
libsepol/src/policydb.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index db6765ba..e2808b2d 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
return -1;
break;
}
- case OCON_IBENDPORT:
+ case OCON_IBENDPORT: {
+ uint32_t port;
+
rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
if (rc < 0)
return -1;
@@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
return -1;
+ port = le32_to_cpu(buf[1]);
+ if (port > 0xff || port == 0)
+ return -1;
+
c->u.ibendport.dev_name = malloc(len + 1);
if (!c->u.ibendport.dev_name)
return -1;
@@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
if (rc < 0)
return -1;
c->u.ibendport.dev_name[len] = 0;
- c->u.ibendport.port = le32_to_cpu(buf[1]);
+ c->u.ibendport.port = port;
if (context_read_and_validate
(&c->context[0], p, fp))
return -1;
break;
+ }
case OCON_PORT:
rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
if (rc < 0)
--
2.17.2
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] libsepol: add missing ibendport port validity check
2018-10-22 8:18 [PATCH] libsepol: add missing ibendport port validity check Ondrej Mosnacek
@ 2018-10-22 14:48 ` William Roberts
2018-10-23 6:54 ` Ondrej Mosnacek
0 siblings, 1 reply; 3+ messages in thread
From: William Roberts @ 2018-10-22 14:48 UTC (permalink / raw)
To: omosnace; +Cc: selinux, selinux, Stephen Smalley, danielj
On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> The kernel checks if the port is in the range 1-255 when loading an
> ibenportcon rule. Add the same check to libsepol.
>
> Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> libsepol/src/policydb.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index db6765ba..e2808b2d 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> return -1;
> break;
> }
> - case OCON_IBENDPORT:
> + case OCON_IBENDPORT: {
> + uint32_t port;
> +
> rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
> if (rc < 0)
> return -1;
> @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
> return -1;
>
> + port = le32_to_cpu(buf[1]);
> + if (port > 0xff || port == 0)
> + return -1;
You switched the other code to using UINT16_MAX, should probably use
UINT8_MAX here.
> +
> c->u.ibendport.dev_name = malloc(len + 1);
> if (!c->u.ibendport.dev_name)
> return -1;
> @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> if (rc < 0)
> return -1;
> c->u.ibendport.dev_name[len] = 0;
> - c->u.ibendport.port = le32_to_cpu(buf[1]);
> + c->u.ibendport.port = port;
> if (context_read_and_validate
> (&c->context[0], p, fp))
> return -1;
> break;
> + }
> case OCON_PORT:
> rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
> if (rc < 0)
> --
> 2.17.2
>
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] libsepol: add missing ibendport port validity check
2018-10-22 14:48 ` William Roberts
@ 2018-10-23 6:54 ` Ondrej Mosnacek
0 siblings, 0 replies; 3+ messages in thread
From: Ondrej Mosnacek @ 2018-10-23 6:54 UTC (permalink / raw)
To: William Roberts; +Cc: selinux, SElinux list, Stephen Smalley, Daniel Jurgens
On Mon, Oct 22, 2018 at 4:49 PM William Roberts
<bill.c.roberts@gmail.com> wrote:
> On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > The kernel checks if the port is in the range 1-255 when loading an
> > ibenportcon rule. Add the same check to libsepol.
> >
> > Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> > libsepol/src/policydb.c | 11 +++++++++--
> > 1 file changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> > index db6765ba..e2808b2d 100644
> > --- a/libsepol/src/policydb.c
> > +++ b/libsepol/src/policydb.c
> > @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> > return -1;
> > break;
> > }
> > - case OCON_IBENDPORT:
> > + case OCON_IBENDPORT: {
> > + uint32_t port;
> > +
> > rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
> > if (rc < 0)
> > return -1;
> > @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> > if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
> > return -1;
> >
> > + port = le32_to_cpu(buf[1]);
> > + if (port > 0xff || port == 0)
> > + return -1;
>
> You switched the other code to using UINT16_MAX, should probably use
> UINT8_MAX here.
Good point. I'll need to update the kernel patch as well.
Thanks,
>
> > +
> > c->u.ibendport.dev_name = malloc(len + 1);
> > if (!c->u.ibendport.dev_name)
> > return -1;
> > @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> > if (rc < 0)
> > return -1;
> > c->u.ibendport.dev_name[len] = 0;
> > - c->u.ibendport.port = le32_to_cpu(buf[1]);
> > + c->u.ibendport.port = port;
> > if (context_read_and_validate
> > (&c->context[0], p, fp))
> > return -1;
> > break;
> > + }
> > case OCON_PORT:
> > rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
> > if (rc < 0)
> > --
> > 2.17.2
> >
--
Ondrej Mosnacek <omosnace at redhat dot com>
Associate Software Engineer, Security Technologies
Red Hat, Inc.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-10-23 6:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-22 8:18 [PATCH] libsepol: add missing ibendport port validity check Ondrej Mosnacek
2018-10-22 14:48 ` William Roberts
2018-10-23 6:54 ` Ondrej Mosnacek
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.