Thanks for fuzzing stuff, it helps with code robustness. However, in my opinion, this is only the first step. I'm a firm believer if you find it, you should at least take a stab at fixing it. Analyzing these inputs and understanding what broke and having a patch helps aid in the correct fix. Perhaps your patch is the correct fix, or in some cases, it helps point those more familiar with the code base to the right spot. So I would recommend attempting to fix these and send patches if you want to see this fixed. This is my own two cents, I am not a maintainer. Bill On Thu, Oct 6, 2016 at 8:37 AM, Milos Malik <mmalik@xxxxxxxxxx> wrote: > Hi all, > > inspired by Nicolas Iooss idea of fuzzing with AFL, I found few input files which cause a crash or a hang of hll/pp on RHEL-7.3. Hopefully, I discovered something else than what's already fixed in upstream. > > afl-2.35b > libselinux-2.5-6.el7.x86_64 > libselinux-devel-2.5-6.el7.x86_64 > libselinux-python-2.5-6.el7.x86_64 > libselinux-utils-2.5-6.el7.x86_64 > libsemanage-2.5-4.el7.x86_64 > libsemanage-devel-2.5-4.el7.x86_64 > libsemanage-python-2.5-4.el7.x86_64 > libsemanage-static-2.5-4.el7.x86_64 > libsepol-2.5-6.el7.x86_64 > libsepol-devel-2.5-6.el7.x86_64 > libsepol-static-2.5-6.el7.x86_64 > policycoreutils-2.5-9.el7.x86_64 > policycoreutils-debuginfo-2.5-9.el7.x86_64 > policycoreutils-devel-2.5-9.el7.x86_64 > policycoreutils-gui-2.5-9.el7.x86_64 > policycoreutils-newrole-2.5-9.el7.x86_64 > policycoreutils-python-2.5-9.el7.x86_64 > policycoreutils-restorecond-2.5-9.el7.x86_64 > policycoreutils-sandbox-2.5-9.el7.x86_64 > selinux-policy-3.13.1-102.el7.noarch > selinux-policy-devel-3.13.1-102.el7.noarch > selinux-policy-minimum-3.13.1-102.el7.noarch > selinux-policy-mls-3.13.1-102.el7.noarch > selinux-policy-targeted-3.13.1-102.el7.noarch > > # /usr/libexec/selinux/hll/pp crash0 > Segmentation fault > # /usr/libexec/selinux/hll/pp crash1 > Segmentation fault > # dmesg > [10487.300325] pp[24302]: segfault at 0 ip 00007f5dff4f8a4f sp 00007fffe41e5ba0 error 4 in libsepol.so.1[7f5dff4d0000+95000] > [10489.509501] pp[24320]: segfault at 0 ip 00007f6067bec544 sp 00007fff17b0e5c0 error 4 in libsepol.so.1[7f6067bdb000+95000] > # > > I also tested checkmodule and checkpolicy with AFL, but nothing sofar. > > Milos Malik > SELinux QE person > BaseOS QE Security team > Red Hat Czech > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. -- Respectfully, William C Roberts _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
