While fuzzing hll/pp, the fuzzer (AFL) crafted a policy which triggered
the following message without making the policy loading fail (the
program crashed with a segmentation fault later):
security: ebitmap: map size 192 does not match my size 64 (high bit
was 0)
This is because ebitmap_read() returned -EINVAL and this value was
handled as a successful return value by scope_index_read() because it
was not -1.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/src/policydb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index e36d82f0a1e8..b112fd5465b5 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -3447,7 +3447,7 @@ static int scope_index_read(scope_index_t * scope_index,
int rc;
for (i = 0; i < num_scope_syms; i++) {
- if (ebitmap_read(scope_index->scope + i, fp) == -1) {
+ if (ebitmap_read(scope_index->scope + i, fp) < 0) {
return -1;
}
}
@@ -3465,7 +3465,7 @@ static int scope_index_read(scope_index_t * scope_index,
return -1;
}
for (i = 0; i < scope_index->class_perms_len; i++) {
- if (ebitmap_read(scope_index->class_perms_map + i, fp) == -1) {
+ if (ebitmap_read(scope_index->class_perms_map + i, fp) < 0) {
return -1;
}
}
--
2.10.2
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
