Hi all, inspired by Nicolas Iooss idea of fuzzing with AFL, I found few input files which cause a crash or a hang of hll/pp on RHEL-7.3. Hopefully, I discovered something else than what's already fixed in upstream. afl-2.35b libselinux-2.5-6.el7.x86_64 libselinux-devel-2.5-6.el7.x86_64 libselinux-python-2.5-6.el7.x86_64 libselinux-utils-2.5-6.el7.x86_64 libsemanage-2.5-4.el7.x86_64 libsemanage-devel-2.5-4.el7.x86_64 libsemanage-python-2.5-4.el7.x86_64 libsemanage-static-2.5-4.el7.x86_64 libsepol-2.5-6.el7.x86_64 libsepol-devel-2.5-6.el7.x86_64 libsepol-static-2.5-6.el7.x86_64 policycoreutils-2.5-9.el7.x86_64 policycoreutils-debuginfo-2.5-9.el7.x86_64 policycoreutils-devel-2.5-9.el7.x86_64 policycoreutils-gui-2.5-9.el7.x86_64 policycoreutils-newrole-2.5-9.el7.x86_64 policycoreutils-python-2.5-9.el7.x86_64 policycoreutils-restorecond-2.5-9.el7.x86_64 policycoreutils-sandbox-2.5-9.el7.x86_64 selinux-policy-3.13.1-102.el7.noarch selinux-policy-devel-3.13.1-102.el7.noarch selinux-policy-minimum-3.13.1-102.el7.noarch selinux-policy-mls-3.13.1-102.el7.noarch selinux-policy-targeted-3.13.1-102.el7.noarch # /usr/libexec/selinux/hll/pp crash0 Segmentation fault # /usr/libexec/selinux/hll/pp crash1 Segmentation fault # dmesg [10487.300325] pp[24302]: segfault at 0 ip 00007f5dff4f8a4f sp 00007fffe41e5ba0 error 4 in libsepol.so.1[7f5dff4d0000+95000] [10489.509501] pp[24320]: segfault at 0 ip 00007f6067bec544 sp 00007fff17b0e5c0 error 4 in libsepol.so.1[7f6067bdb000+95000] # I also tested checkmodule and checkpolicy with AFL, but nothing sofar. Milos Malik SELinux QE person BaseOS QE Security team Red Hat Czech
Attachment:
crash0
Description: Binary data
Attachment:
crash1
Description: Binary data
Attachment:
hang0
Description: Binary data
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
