All of lore.kernel.org
 help / color / mirror / Atom feed
From: James Carter <jwcart2@gmail.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH 11/13] checkpolicy: error out on parsing too big integers
Date: Tue, 14 Sep 2021 16:43:51 -0400	[thread overview]
Message-ID: <CAP+JOzTkGLzLtSL8P0uTh2O9Vh4SzHLBuivGY8bEwqOf-96r3w@mail.gmail.com> (raw)
In-Reply-To: <20210914124828.19488-12-cgzones@googlemail.com>

On Tue, Sep 14, 2021 at 8:51 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Error out instead of silently converting too big integer values in
> policy sources.
>
>     policy_parse.y:893:41: runtime error: implicit conversion from type 'unsigned long' of value 18446744073709551615 (64-bit, unsigned) to type 'unsigned int' changed the value to 4294967295 (32-bit, unsigned)
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  checkpolicy/policy_parse.y | 16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
> index 6098eb50..e969d973 100644
> --- a/checkpolicy/policy_parse.y
> +++ b/checkpolicy/policy_parse.y
> @@ -890,10 +890,22 @@ filename          : FILENAME
>                         { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
>                         ;
>  number                 : NUMBER
> -                       { $$ = strtoul(yytext,NULL,0); }
> +                       { unsigned long x;
> +                         errno = 0;
> +                         x = strtoul(yytext, NULL, 0);
> +                         if (errno || x > UINT_MAX)
> +                             return -1;

Some compilers will emit a warning if unsigned long is 32 bits. To
prevent this use:

if (errno)
   return -1;

#if ULONG_MAX > UINT_MAX
    if (val > UINT_MAX) {
        return -1;
    }
#endif

See commit b7ea65f547c67bfbae4ae133052583b090747e5a

And discussion:
https://lore.kernel.org/selinux/CAFftDdrGoQezmVSOnrFrPKaOnS3pejQXzYpfjwQ+QBHH_Pv02w@mail.gmail.com/

Jim



> +                         $$ = (unsigned int) x;
> +                       }
>                         ;
>  number64               : NUMBER
> -                       { $$ = strtoull(yytext,NULL,0); }
> +                       { unsigned long long x;
> +                         errno = 0;
> +                         x = strtoull(yytext, NULL, 0);
> +                         if (errno)
> +                             return -1;
> +                         $$ = (uint64_t) x;
> +                       }
>                         ;
>  ipv6_addr              : IPV6_ADDR
>                         { if (insert_id(yytext,0)) return -1; }
> --
> 2.33.0
>

  reply	other threads:[~2021-09-14 20:44 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-14 12:48 [PATCH 00/13] checkpolicy improvements Christian Göttsche
2021-09-14 12:48 ` [PATCH 01/13] libsepol: avoid implicit conversions Christian Göttsche
2021-09-14 12:48 ` [PATCH 02/13] libsepol: free memory after policy validation Christian Göttsche
2021-09-15 13:11   ` [PATCH v2 " Christian Göttsche
2021-09-15 13:19     ` [PATCH v3 " Christian Göttsche
2021-09-14 12:48 ` [PATCH 03/13] checkpolicy: enclose macro argument in parentheses Christian Göttsche
2021-09-14 12:48 ` [PATCH 04/13] checkpolicy: misc checkmodule tweaks Christian Göttsche
2021-09-14 12:48 ` [PATCH 05/13] checkpolicy: misc checkpolicy tweaks Christian Göttsche
2021-09-14 12:48 ` [PATCH 06/13] checkpolicy: mark read-only parameters in module compiler const Christian Göttsche
2021-09-14 12:48 ` [PATCH 07/13] checkpolicy: mark file local functions in policy_define static Christian Göttsche
2021-09-14 12:48 ` [PATCH 08/13] checkpolicy: add missing function declarations Christian Göttsche
2021-09-14 12:48 ` [PATCH 09/13] checkpolicy: resolve dismod memory leaks Christian Göttsche
2021-09-14 19:45   ` James Carter
2021-09-15 13:11   ` [PATCH v2 " Christian Göttsche
2021-09-14 12:48 ` [PATCH 10/13] checkpolicy: avoid implicit conversion Christian Göttsche
2021-09-14 12:48 ` [PATCH 11/13] checkpolicy: error out on parsing too big integers Christian Göttsche
2021-09-14 20:43   ` James Carter [this message]
2021-09-15 13:11   ` [PATCH v2 " Christian Göttsche
2021-09-14 12:48 ` [PATCH 12/13] checkpolicy: print warning on source line overflow Christian Göttsche
2021-09-14 12:48 ` [PATCH 13/13] checkpolicy: free extended permission memory Christian Göttsche
2021-09-15 14:59 ` [PATCH 00/13] checkpolicy improvements James Carter
2021-09-16 20:34   ` James Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAP+JOzTkGLzLtSL8P0uTh2O9Vh4SzHLBuivGY8bEwqOf-96r3w@mail.gmail.com \
    --to=jwcart2@gmail.com \
    --cc=cgzones@googlemail.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.