[PATCH 049/155] policycoreutils: semanage: verify ports < 65536

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk45t7EACgkQrlYvE4MpobOmtQCfdRTU8ZpxDTo8xdKozLfPF5RE
X5wAnRkNL5Pi+TYAH8eIk2IMbXfRgIRA
=7Eyb
-----END PGP SIGNATURE-----

>From e8a1b4fa334518daedc6b603bff640b74ec703a4 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Fri, 15 Jul 2011 15:05:11 +0200
Subject: [PATCH 049/155] policycoreutils: semanage: verify ports < 65536

We could currently create a rule with a port number of one million.
This doesn't make sense.  Bounds test it.

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 policycoreutils/semanage/seobject.py |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 30d7e9a..0a23b34 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -741,6 +741,9 @@ class portRecords(semanageRecords):
 			low = int(ports[0])
 			high = int(ports[1])
 
+		if high > 65535:
+			raise ValueError(_("Invalid Port"))
+
 		(rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
 		if rc < 0:
 			raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
-- 
1.7.6

Attachment: 0049-policycoreutils-semanage-verify-ports-65536.patch.sig
Description: PGP signature

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux