Commit 0142c566 authored by Christian Göttsche's avatar Christian Göttsche Committed by Paul Moore

selinux: reject invalid ebitmaps

Reject ebitmaps with a node containing an empty map or with an incorrect
highbit.  Both checks are already performed by userspace, the former
since 2008 (patch 13cd4c896068 ("initial import from svn trunk revision
2950")), the latter since v2.7 in 2017 (patch 75b14a5de10a ("libsepol:
ebitmap: reject loading bitmaps with incorrect high bit")).
Signed-off-by: default avatarChristian Göttsche <cgzones@googlemail.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 4cece764
...@@ -448,6 +448,10 @@ int ebitmap_read(struct ebitmap *e, void *fp) ...@@ -448,6 +448,10 @@ int ebitmap_read(struct ebitmap *e, void *fp)
goto bad; goto bad;
} }
map = le64_to_cpu(mapbits); map = le64_to_cpu(mapbits);
if (!map) {
pr_err("SELinux: ebitmap: empty map\n");
goto bad;
}
index = (startbit - n->startbit) / EBITMAP_UNIT_SIZE; index = (startbit - n->startbit) / EBITMAP_UNIT_SIZE;
while (map) { while (map) {
...@@ -455,6 +459,13 @@ int ebitmap_read(struct ebitmap *e, void *fp) ...@@ -455,6 +459,13 @@ int ebitmap_read(struct ebitmap *e, void *fp)
map = EBITMAP_SHIFT_UNIT_SIZE(map); map = EBITMAP_SHIFT_UNIT_SIZE(map);
} }
} }
if (n && n->startbit + EBITMAP_SIZE != e->highbit) {
pr_err("SELinux: ebitmap: high bit %d is not equal to the expected value %ld\n",
e->highbit, n->startbit + EBITMAP_SIZE);
goto bad;
}
ok: ok:
rc = 0; rc = 0;
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment