* [PATCH] libsepol/cil: Fix bug in cil_copy_avrule() in extended permission handling
@ 2020-01-23 20:40 James Carter
2020-01-24 13:12 ` Ondrej Mosnacek
0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2020-01-23 20:40 UTC (permalink / raw)
To: selinux
When copying an avrule with extended permissions (permx) in
cil_copy_avrule(), the check for a named permx checks the new permx
instead of the old one, so the check will always fail. This leads to a
segfault when trying to copy a named permx because there will be an
attempt to copy the nonexistent permx struct instead of the name of
the named permx.
Check whether the original is a named permx instead of the new one.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
libsepol/cil/src/cil_copy_ast.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index 7af00aaf..67dd8528 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -827,7 +827,7 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
if (!new->is_extended) {
cil_copy_classperms_list(orig->perms.classperms, &new->perms.classperms);
} else {
- if (new->perms.x.permx_str != NULL) {
+ if (orig->perms.x.permx_str != NULL) {
new->perms.x.permx_str = orig->perms.x.permx_str;
} else {
cil_permissionx_init(&new->perms.x.permx);
--
2.21.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: Fix bug in cil_copy_avrule() in extended permission handling
2020-01-23 20:40 [PATCH] libsepol/cil: Fix bug in cil_copy_avrule() in extended permission handling James Carter
@ 2020-01-24 13:12 ` Ondrej Mosnacek
2020-01-27 8:32 ` Ondrej Mosnacek
0 siblings, 1 reply; 3+ messages in thread
From: Ondrej Mosnacek @ 2020-01-24 13:12 UTC (permalink / raw)
To: James Carter; +Cc: SElinux list
On Thu, Jan 23, 2020 at 9:39 PM James Carter <jwcart2@tycho.nsa.gov> wrote:
> When copying an avrule with extended permissions (permx) in
> cil_copy_avrule(), the check for a named permx checks the new permx
> instead of the old one, so the check will always fail. This leads to a
> segfault when trying to copy a named permx because there will be an
> attempt to copy the nonexistent permx struct instead of the name of
> the named permx.
>
> Check whether the original is a named permx instead of the new one.
>
> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
(OK, this looks simple enough to try out my new maintainer "powers" :)
Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
> libsepol/cil/src/cil_copy_ast.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
> index 7af00aaf..67dd8528 100644
> --- a/libsepol/cil/src/cil_copy_ast.c
> +++ b/libsepol/cil/src/cil_copy_ast.c
> @@ -827,7 +827,7 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
> if (!new->is_extended) {
> cil_copy_classperms_list(orig->perms.classperms, &new->perms.classperms);
> } else {
> - if (new->perms.x.permx_str != NULL) {
> + if (orig->perms.x.permx_str != NULL) {
> new->perms.x.permx_str = orig->perms.x.permx_str;
> } else {
> cil_permissionx_init(&new->perms.x.permx);
> --
> 2.21.1
>
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: Fix bug in cil_copy_avrule() in extended permission handling
2020-01-24 13:12 ` Ondrej Mosnacek
@ 2020-01-27 8:32 ` Ondrej Mosnacek
0 siblings, 0 replies; 3+ messages in thread
From: Ondrej Mosnacek @ 2020-01-27 8:32 UTC (permalink / raw)
To: James Carter; +Cc: SElinux list
On Fri, Jan 24, 2020 at 2:12 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> On Thu, Jan 23, 2020 at 9:39 PM James Carter <jwcart2@tycho.nsa.gov> wrote:
> > When copying an avrule with extended permissions (permx) in
> > cil_copy_avrule(), the check for a named permx checks the new permx
> > instead of the old one, so the check will always fail. This leads to a
> > segfault when trying to copy a named permx because there will be an
> > attempt to copy the nonexistent permx struct instead of the name of
> > the named permx.
> >
> > Check whether the original is a named permx instead of the new one.
> >
> > Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
>
> (OK, this looks simple enough to try out my new maintainer "powers" :)
>
> Acked-by: Ondrej Mosnacek <omosnace@redhat.com>
Now applied, thanks.
>
> > ---
> > libsepol/cil/src/cil_copy_ast.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
> > index 7af00aaf..67dd8528 100644
> > --- a/libsepol/cil/src/cil_copy_ast.c
> > +++ b/libsepol/cil/src/cil_copy_ast.c
> > @@ -827,7 +827,7 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
> > if (!new->is_extended) {
> > cil_copy_classperms_list(orig->perms.classperms, &new->perms.classperms);
> > } else {
> > - if (new->perms.x.permx_str != NULL) {
> > + if (orig->perms.x.permx_str != NULL) {
> > new->perms.x.permx_str = orig->perms.x.permx_str;
> > } else {
> > cil_permissionx_init(&new->perms.x.permx);
> > --
> > 2.21.1
> >
>
> --
> Ondrej Mosnacek <omosnace at redhat dot com>
> Software Engineer, Security Technologies
> Red Hat, Inc.
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-01-27 8:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-23 20:40 [PATCH] libsepol/cil: Fix bug in cil_copy_avrule() in extended permission handling James Carter
2020-01-24 13:12 ` Ondrej Mosnacek
2020-01-27 8:32 ` Ondrej Mosnacek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).