From: william.c.roberts@intel.com
To: selinux@tycho.nsa.gov, jwcart2@tycho.nsa.gov,
seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov
Subject: [PATCH v4 5/7] libsepol: bound attr_type_map access by nprim
Date: Tue, 16 Aug 2016 10:28:35 -0700 [thread overview]
Message-ID: <1471368517-20552-6-git-send-email-william.c.roberts@intel.com> (raw)
In-Reply-To: <1471368517-20552-1-git-send-email-william.c.roberts@intel.com>
From: William Roberts <william.c.roberts@intel.com>
Correct an invalid memory access when attr_type_map array
indexing is outside of bounds.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
libsepol/src/policydb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 971793d..b8f6ca8 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -3926,6 +3926,10 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
if (!ebitmap_node_get_bit(tnode, j)
|| i == j)
continue;
+
+ if (j >= p->p_types.nprim)
+ goto bad;
+
if (ebitmap_set_bit
(&p->attr_type_map[j], i, 1))
goto bad;
--
1.9.1
next prev parent reply other threads:[~2016-08-16 17:28 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-16 17:28 Fix AFL Found Bugs in libsepol v4 william.c.roberts
2016-08-16 17:28 ` [PATCH v4 1/7] libsepol: fix invalid access of NULL on type_val_to_struct william.c.roberts
2016-08-16 17:28 ` [PATCH v4 2/7] libsepol: ensure key is valid before doing search william.c.roberts
2016-08-16 17:28 ` [PATCH v4 3/7] ebitmap: detect invalid bitmap william.c.roberts
2016-08-16 17:28 ` [PATCH v4 4/7] genfs_read: fix use heap-use-after-free william.c.roberts
2016-08-16 17:28 ` william.c.roberts [this message]
2016-08-16 17:28 ` [PATCH v4 6/7] libsepol: fix unitialized jmp and invalid dereference william.c.roberts
2016-08-16 17:28 ` [PATCH v4 7/7] libsepol: fix overflow and 0 length allocations william.c.roberts
2016-08-16 17:45 ` Roberts, William C
2016-08-16 18:40 ` Stephen Smalley
2016-08-17 14:13 ` Fix AFL Found Bugs in libsepol v4 James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471368517-20552-6-git-send-email-william.c.roberts@intel.com \
--to=william.c.roberts@intel.com \
--cc=jwcart2@tycho.nsa.gov \
--cc=sds@tycho.nsa.gov \
--cc=seandroid-list@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.