Hello, When fuzzing secilc with AFL, I got some files which made the CIL compiler crash. To understand better the conditions which led to the crash, I trimmed them down afterwards. This led to the 6 files attached to this email. On my system the crashes still exist with the 2.6-rc2 release. I won't have time in the following days to perform the debugging which is needed to fix these crashes correctly, so feel free to do this and submit patches using these files. By the way, from what I have seen so far, no policy which makes secilc crash is valid, and the bugs mainly lie in the way errors are detected/handled. Thanks, Nicolas
(class CLASS (PERM)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category c0) (category c1) (categoryorder (c0 c1)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (range c1 c0)) ; Invalid range ;(sensitivitycategory SENS (not (all))) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (c0)))) (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) (levelrange LH ((SENS c0) (SENS c0)))
(class CLASS (PERM)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category CAT) (categoryorder (CAT)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (CAT)) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (CAT)))) (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) (classpermission CPERM) (classpermissionset CPERM (CLASS (and unknow PERM)))
(class C (()))
(class CLASS (PERM)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category CAT) (categoryorder (CAT)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (CAT)) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (CAT)))) (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) (sensitivityaliasactual SENS SENS)
(class CLASS (PERM)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category CAT0) (category CAT1) (categoryorder (CAT0 CAT1)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (CAT0 CAT1)) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (CAT0)))) (mls true) (level low (SENS)) (sidcontext SID (USER ROLE TYPE (low (SENS (range CAT1 CAT0)))))
(class CLASS (PERM)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category CAT) (categoryorder (CAT)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (CAT)) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (CAT)))) (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) (type t1) (typeattribute ta1) (typeattributeset ta1 t1) (type t2) (typebounds t2 ta1)
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
