From 7cf2bfb59313eeef59e916834c3243b7a0ce7b4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Fri, 3 Nov 2023 19:26:12 +0100 Subject: [PATCH] libsepol: reject unsupported policy capabilities MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Kernel policies with unsupported policy capabilities enabled can currently be parsed, since they result just in a bit set inside an ebitmap. Writing such a loaded policy into the traditional language or CIL will fail however, since the unsupported policy capabilities can not be converted into a name. Reject kernel policies with invalid policy capabilities. Reported-by: oss-fuzz (issue 60573) Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/policydb_validate.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index d04f6bcdc..016ab6550 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -1,6 +1,7 @@ #include #include +#include #include #include @@ -1552,6 +1553,23 @@ static int validate_properties(sepol_handle_t *handle, const policydb_t *p) return -1; } +static int validate_policycaps(sepol_handle_t *handle, const policydb_t *p) +{ + ebitmap_node_t *node; + uint32_t i; + + ebitmap_for_each_positive_bit(&p->policycaps, node, i) { + if (!sepol_polcap_getname(i)) + goto bad; + } + + return 0; + +bad: + ERR(handle, "Invalid policy capability"); + return -1; +} + static void validate_array_destroy(validate_t flavors[]) { unsigned int i; @@ -1574,6 +1592,9 @@ int policydb_validate(sepol_handle_t *handle, const policydb_t *p) if (validate_properties(handle, p)) goto bad; + if (validate_policycaps(handle, p)) + goto bad; + if (p->policy_type == POLICY_KERN) { if (validate_avtab(handle, &p->te_avtab, p, flavors)) goto bad;