From c8e5de952da747fdbb023691d74c66b565fe9d23 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Thu, 18 Oct 2018 09:49:57 +0200 Subject: [PATCH 1/5] libsepol: fix endianity in ibpkey range checks We need to convert from little-endian before dong range checks on the ibpkey port numbers, otherwise we would be checking a wrong value on big-endian systems. Fixes: 9fbb3112769a ("libsepol: Add ibpkey ocontext handling") Signed-off-by: Ondrej Mosnacek --- libsepol/src/policydb.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index a6d76ca3..db6765ba 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2828,21 +2828,32 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, (&c->context[1], p, fp)) return -1; break; - case OCON_IBPKEY: + case OCON_IBPKEY: { + uint32_t pkey_lo, pkey_hi; + rc = next_entry(buf, fp, sizeof(uint32_t) * 4); - if (rc < 0 || buf[2] > 0xffff || buf[3] > 0xffff) + if (rc < 0) return -1; + pkey_lo = le32_to_cpu(buf[2]); + pkey_hi = le32_to_cpu(buf[3]); + + if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX) + return -1; + + c->u.ibpkey.low_pkey = pkey_lo; + c->u.ibpkey.high_pkey = pkey_hi; + + /* we want c->u.ibpkey.subnet_prefix in network + * (big-endian) order, just memcpy it */ memcpy(&c->u.ibpkey.subnet_prefix, buf, sizeof(c->u.ibpkey.subnet_prefix)); - c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]); - c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]); - if (context_read_and_validate (&c->context[0], p, fp)) return -1; break; + } case OCON_IBENDPORT: rc = next_entry(buf, fp, sizeof(uint32_t) * 2); if (rc < 0) From 94ebccf534414516b13238e0db76aeeee32f2e4d Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Tue, 23 Oct 2018 08:57:57 +0200 Subject: [PATCH 2/5] libsepol: add missing ibendport port validity check The kernel checks if the port is in the range 1-255 when loading an ibenportcon rule. Add the same check to libsepol. Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling") Signed-off-by: Ondrej Mosnacek --- libsepol/src/policydb.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index db6765ba..96176d80 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, return -1; break; } - case OCON_IBENDPORT: + case OCON_IBENDPORT: { + uint32_t port; + rc = next_entry(buf, fp, sizeof(uint32_t) * 2); if (rc < 0) return -1; @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, if (len == 0 || len > IB_DEVICE_NAME_MAX - 1) return -1; + port = le32_to_cpu(buf[1]); + if (port > UINT8_MAX || port == 0) + return -1; + c->u.ibendport.dev_name = malloc(len + 1); if (!c->u.ibendport.dev_name) return -1; @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, if (rc < 0) return -1; c->u.ibendport.dev_name[len] = 0; - c->u.ibendport.port = le32_to_cpu(buf[1]); + c->u.ibendport.port = port; if (context_read_and_validate (&c->context[0], p, fp)) return -1; break; + } case OCON_PORT: rc = next_entry(buf, fp, sizeof(uint32_t) * 3); if (rc < 0) From 95b35524511f1f12f65707ef74d6702220ec36ee Mon Sep 17 00:00:00 2001 From: Yuli Khodorkovskiy Date: Wed, 24 Oct 2018 11:35:19 -0400 Subject: [PATCH 3/5] mcstrans: remove unused getpeercon_raw() call There is a call to getpeercon_raw() in mcstransd, but nothing is done with the context. The purpose of process_request() is to translate a context and we would like that to succeed even if, for some reason, getpeercon_raw() fails. Signed-off-by: Yuli Khodorkovskiy Signed-off-by: Joshua Brindle --- mcstrans/src/mcstransd.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c index d7fc5dea..85899493 100644 --- a/mcstrans/src/mcstransd.c +++ b/mcstrans/src/mcstransd.c @@ -142,17 +142,8 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2)) { int32_t result; char *out = NULL; - char *peercon = NULL; int ret; - ret = getpeercon_raw(fd, &peercon); - if (ret < 0) - return ret; - - /* TODO: Check if MLS clearance (in peercon) dominates the MLS label - * (in the request input). - */ - switch (function) { case SETRANS_INIT: result = 0; @@ -184,7 +175,6 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2)) } free(out); - freecon(peercon); return ret; } From c6f44ba8da048f3c0578748f69bb2497eb52b73c Mon Sep 17 00:00:00 2001 From: Mr Stid Date: Sun, 21 Oct 2018 20:25:41 +0200 Subject: [PATCH 4/5] Fix snprintf truncated error Link: https://github.com/SELinuxProject/selinux/pull/106 Signed-off-by: StidOfficial --- libsepol/src/kernel_to_cil.c | 8 ++++---- libsepol/src/kernel_to_conf.c | 8 ++++---- libsepol/src/module_to_cil.c | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index d173144e..2c12ae9b 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -536,7 +536,7 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str, struct strs *strs; char *sid; char *prev; - char unknown[17]; + char unknown[18]; unsigned i; int rc; @@ -550,7 +550,7 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str, if (i < num_sids) { sid = (char *)sid_to_str[i]; } else { - snprintf(unknown, 17, "%s%u", "UNKNOWN", i); + snprintf(unknown, 18, "%s%u", "UNKNOWN", i); sid = strdup(unknown); } rc = strs_add_at_index(strs, sid, i); @@ -2498,7 +2498,7 @@ static int write_sid_context_rules_to_cil(FILE *out, struct policydb *pdb, const struct ocontext *isid; struct strs *strs; char *sid; - char unknown[17]; + char unknown[18]; char *ctx, *rule; unsigned i; int rc = -1; @@ -2513,7 +2513,7 @@ static int write_sid_context_rules_to_cil(FILE *out, struct policydb *pdb, const if (i < num_sids) { sid = (char *)sid_to_str[i]; } else { - snprintf(unknown, 17, "%s%u", "UNKNOWN", i); + snprintf(unknown, 18, "%s%u", "UNKNOWN", i); sid = unknown; } diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 7e04a13b..219a2489 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -434,7 +434,7 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str, struct ocontext *isid; struct strs *strs; char *sid; - char unknown[17]; + char unknown[18]; unsigned i; int rc; @@ -448,7 +448,7 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str, if (i < num_sids) { sid = (char *)sid_to_str[i]; } else { - snprintf(unknown, 17, "%s%u", "UNKNOWN", i); + snprintf(unknown, 18, "%s%u", "UNKNOWN", i); sid = strdup(unknown); } rc = strs_add_at_index(strs, sid, i); @@ -2358,7 +2358,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons struct ocontext *isid; struct strs *strs; char *sid; - char unknown[17]; + char unknown[18]; char *ctx, *rule; unsigned i; int rc; @@ -2373,7 +2373,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons if (i < num_sids) { sid = (char *)sid_to_str[i]; } else { - snprintf(unknown, 17, "%s%u", "UNKNOWN", i); + snprintf(unknown, 18, "%s%u", "UNKNOWN", i); sid = unknown; } diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 7fc29cbd..4cb44e0e 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -2562,7 +2562,7 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_ struct sid_item *head = NULL; struct sid_item *item = NULL; char *sid; - char unknown[17]; + char unknown[18]; unsigned i; for (isid = isids; isid != NULL; isid = isid->next) { @@ -2570,7 +2570,7 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_ if (i < num_sids) { sid = (char*)sid_to_string[i]; } else { - snprintf(unknown, 17, "%s%u", "UNKNOWN", i); + snprintf(unknown, 18, "%s%u", "UNKNOWN", i); sid = unknown; } cil_println(0, "(sid %s)", sid); From 3f99b14939ec616ef59f62887e2532cd89409a3e Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Wed, 31 Oct 2018 10:10:04 -0400 Subject: [PATCH 5/5] libselinux: fix overly strict validation of file_contexts.bin load_mmap and regex_load_mmap (in the !USE_PCRE2 case) were incorrectly treating the absence of any fixed stems or study data as an error, rejecting valid file_contexts.bin files. Remove the extraneous validation checks. Test: $ cat > file_contexts < Signed-off-by: Stephen Smalley --- libselinux/src/label_file.c | 2 +- libselinux/src/regex.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 560d8c3d..dbf51a93 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -232,7 +232,7 @@ end_arch_check: /* allocate the stems_data array */ rc = next_entry(&stem_map_len, mmap_area, sizeof(uint32_t)); - if (rc < 0 || !stem_map_len) + if (rc < 0) return -1; /* diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c index dfc15d63..a6fcbbfe 100644 --- a/libselinux/src/regex.c +++ b/libselinux/src/regex.c @@ -348,7 +348,7 @@ int regex_load_mmap(struct mmap_area *mmap_area, struct regex_data **regex, goto err; rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t)); - if (rc < 0 || !entry_len) + if (rc < 0) goto err; if (entry_len) {