From: James Carter <jwcart2@gmail.com>
To: "Thiébaud Weksteen" <tweek@google.com>
Cc: selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com>,
Jeffrey Vander Stoep <jeffv@google.com>
Subject: Re: [PATCH] libselinux: ignore invalid class name lookup
Date: Tue, 8 Nov 2022 14:14:55 -0500 [thread overview]
Message-ID: <CAP+JOzR6Y-emY+WUZN=wB2QLG_=CdMgO2EjY=9iHCqZmy+wHfA@mail.gmail.com> (raw)
In-Reply-To: <20221024091354.2253669-1-tweek@google.com>
On Mon, Oct 24, 2022 at 5:14 AM Thiébaud Weksteen <tweek@google.com> wrote:
>
> selinux_check_access relies on string_to_security_class to resolve the
> class index from its char* argument. There is no input validation done
> on the string provided. It is possible to supply an argument containing
> trailing backslashes (i.e., "sock_file//////") so that the paths built
> in discover_class get truncated. The processing will then reference the
> same permission file multiple time (e.g., perms/watch_reads will be
> truncated to perms/watch). This will leak the memory allocated when
> strdup'ing the permission name. The discover_class_cache will end up in
> an invalid state (but not corrupted).
>
> Ensure that the class provided does not contain any path separator.
>
> Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libselinux/src/stringrep.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
> index 2fe69f43..592410e5 100644
> --- a/libselinux/src/stringrep.c
> +++ b/libselinux/src/stringrep.c
> @@ -63,6 +63,9 @@ static struct discover_class_node * discover_class(const char *s)
> return NULL;
> }
>
> + if (strchr(s, '/') != NULL)
> + return NULL;
> +
> /* allocate a node */
> node = malloc(sizeof(struct discover_class_node));
> if (node == NULL)
> --
> 2.38.0.135.g90850a2211-goog
>
next prev parent reply other threads:[~2022-11-08 19:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-24 9:13 [PATCH] libselinux: ignore invalid class name lookup Thiébaud Weksteen
2022-10-24 9:17 ` Thiébaud Weksteen
2022-11-04 21:03 ` James Carter
2022-11-04 21:21 ` Christian Göttsche
2022-11-08 3:56 ` Thiébaud Weksteen
2022-11-08 19:14 ` James Carter
2022-11-08 19:14 ` James Carter [this message]
2022-11-09 13:48 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAP+JOzR6Y-emY+WUZN=wB2QLG_=CdMgO2EjY=9iHCqZmy+wHfA@mail.gmail.com' \
--to=jwcart2@gmail.com \
--cc=jeffv@google.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=tweek@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.