All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] libsepol: add missing ibendport port validity check
@ 2018-10-22  8:18 Ondrej Mosnacek
  2018-10-22 14:48 ` William Roberts
  0 siblings, 1 reply; 3+ messages in thread
From: Ondrej Mosnacek @ 2018-10-22  8:18 UTC (permalink / raw)
  To: selinux
  Cc: selinux, Stephen Smalley, William Roberts, Daniel Jurgens,
	Ondrej Mosnacek

The kernel checks if the port is in the range 1-255 when loading an
ibenportcon rule. Add the same check to libsepol.

Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 libsepol/src/policydb.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index db6765ba..e2808b2d 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
 					return -1;
 				break;
 			}
-			case OCON_IBENDPORT:
+			case OCON_IBENDPORT: {
+				uint32_t port;
+
 				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
 				if (rc < 0)
 					return -1;
@@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
 				if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
 					return -1;
 
+				port = le32_to_cpu(buf[1]);
+				if (port > 0xff || port == 0)
+					return -1;
+
 				c->u.ibendport.dev_name = malloc(len + 1);
 				if (!c->u.ibendport.dev_name)
 					return -1;
@@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
 				if (rc < 0)
 					return -1;
 				c->u.ibendport.dev_name[len] = 0;
-				c->u.ibendport.port = le32_to_cpu(buf[1]);
+				c->u.ibendport.port = port;
 				if (context_read_and_validate
 				    (&c->context[0], p, fp))
 					return -1;
 				break;
+			}
 			case OCON_PORT:
 				rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
 				if (rc < 0)
-- 
2.17.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol: add missing ibendport port validity check
  2018-10-22  8:18 [PATCH] libsepol: add missing ibendport port validity check Ondrej Mosnacek
@ 2018-10-22 14:48 ` William Roberts
  2018-10-23  6:54   ` Ondrej Mosnacek
  0 siblings, 1 reply; 3+ messages in thread
From: William Roberts @ 2018-10-22 14:48 UTC (permalink / raw)
  To: omosnace; +Cc: selinux, selinux, Stephen Smalley, danielj

On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> The kernel checks if the port is in the range 1-255 when loading an
> ibenportcon rule. Add the same check to libsepol.
>
> Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>  libsepol/src/policydb.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index db6765ba..e2808b2d 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
>                                         return -1;
>                                 break;
>                         }
> -                       case OCON_IBENDPORT:
> +                       case OCON_IBENDPORT: {
> +                               uint32_t port;
> +
>                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
>                                 if (rc < 0)
>                                         return -1;
> @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
>                                 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
>                                         return -1;
>
> +                               port = le32_to_cpu(buf[1]);
> +                               if (port > 0xff || port == 0)
> +                                       return -1;

You switched the other code to using UINT16_MAX, should probably use
UINT8_MAX here.

> +
>                                 c->u.ibendport.dev_name = malloc(len + 1);
>                                 if (!c->u.ibendport.dev_name)
>                                         return -1;
> @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
>                                 if (rc < 0)
>                                         return -1;
>                                 c->u.ibendport.dev_name[len] = 0;
> -                               c->u.ibendport.port = le32_to_cpu(buf[1]);
> +                               c->u.ibendport.port = port;
>                                 if (context_read_and_validate
>                                     (&c->context[0], p, fp))
>                                         return -1;
>                                 break;
> +                       }
>                         case OCON_PORT:
>                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
>                                 if (rc < 0)
> --
> 2.17.2
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol: add missing ibendport port validity check
  2018-10-22 14:48 ` William Roberts
@ 2018-10-23  6:54   ` Ondrej Mosnacek
  0 siblings, 0 replies; 3+ messages in thread
From: Ondrej Mosnacek @ 2018-10-23  6:54 UTC (permalink / raw)
  To: William Roberts; +Cc: selinux, SElinux list, Stephen Smalley, Daniel Jurgens

On Mon, Oct 22, 2018 at 4:49 PM William Roberts
<bill.c.roberts@gmail.com> wrote:
> On Mon, Oct 22, 2018 at 1:18 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > The kernel checks if the port is in the range 1-255 when loading an
> > ibenportcon rule. Add the same check to libsepol.
> >
> > Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> >  libsepol/src/policydb.c | 11 +++++++++--
> >  1 file changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> > index db6765ba..e2808b2d 100644
> > --- a/libsepol/src/policydb.c
> > +++ b/libsepol/src/policydb.c
> > @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> >                                         return -1;
> >                                 break;
> >                         }
> > -                       case OCON_IBENDPORT:
> > +                       case OCON_IBENDPORT: {
> > +                               uint32_t port;
> > +
> >                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
> >                                 if (rc < 0)
> >                                         return -1;
> > @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> >                                 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
> >                                         return -1;
> >
> > +                               port = le32_to_cpu(buf[1]);
> > +                               if (port > 0xff || port == 0)
> > +                                       return -1;
>
> You switched the other code to using UINT16_MAX, should probably use
> UINT8_MAX here.

Good point. I'll need to update the kernel patch as well.

Thanks,

>
> > +
> >                                 c->u.ibendport.dev_name = malloc(len + 1);
> >                                 if (!c->u.ibendport.dev_name)
> >                                         return -1;
> > @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> >                                 if (rc < 0)
> >                                         return -1;
> >                                 c->u.ibendport.dev_name[len] = 0;
> > -                               c->u.ibendport.port = le32_to_cpu(buf[1]);
> > +                               c->u.ibendport.port = port;
> >                                 if (context_read_and_validate
> >                                     (&c->context[0], p, fp))
> >                                         return -1;
> >                                 break;
> > +                       }
> >                         case OCON_PORT:
> >                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
> >                                 if (rc < 0)
> > --
> > 2.17.2
> >

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Associate Software Engineer, Security Technologies
Red Hat, Inc.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-10-23  6:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-22  8:18 [PATCH] libsepol: add missing ibendport port validity check Ondrej Mosnacek
2018-10-22 14:48 ` William Roberts
2018-10-23  6:54   ` Ondrej Mosnacek

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.