On Thu, Nov 3, 2016 at 6:39 PM, James Carter <jwcart2@xxxxxxxxxxxxx> wrote:
On 11/02/2016 12:19 PM, James Carter wrote:
Nicholas Iooss discovered that using an unknown permission with a
map class will cause a segfault.
CIL will only give a warning when it fails to resolve an unknown
permission to support the use of policy module packages that use
permissions that don't exit on the current system. When resolving
the unknown map class permission an empty list is used to represent
the unknown permission. When it is evaluated later the list is
assumed to be a permission and a segfault occurs.
There is no reason to allow unknown class map permissions because
the class maps and permissions are defined by the policy.
Exit with an error when failing to resolve a class map permission.
Reported-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
Applied.
Thanks. I have been running afl-fuzz on secilc with this patch and after a few hours, it is still running with no crash.
Nicolas
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
