[PATCH 3/4] checkpolicy: Fix potential undefined shifts

James Carter <jwcart2@xxxxxxxxx> · Fri, 8 Oct 2021 17:10:30 -0400

An expression of the form "1 << x" is undefined if x == 31 because
the "1" is an int and cannot be left shifted by 31.

Instead, use "UINT32_C(1) << x" which will be an unsigned int of
at least 32 bits.

Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
 checkpolicy/checkpolicy.c   | 2 +-
 checkpolicy/policy_define.c | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 6740c6d4..926ce72c 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -794,7 +794,7 @@ int main(int argc, char **argv)
 			case 0:
 				printf("\nallowed {");
 				for (i = 1; i <= sizeof(avd.allowed) * 8; i++) {
-					if (avd.allowed & (1 << (i - 1))) {
+					if (avd.allowed & (UINT32_C(1) << (i - 1))) {
 						v.val = i;
 						ret =
 						    hashtab_map(cladatum->
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index cda3337b..d3eb6111 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -2126,7 +2126,7 @@ static int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
 			     policydbp->p_class_val_to_name[i]);
 			continue;
 		} else {
-			cur_perms->data |= 1U << (perdatum->s.value - 1);
+			cur_perms->data |= UINT32_C(1) << (perdatum->s.value - 1);
 		}
 	}
 
@@ -2142,7 +2142,7 @@ out:
 /* index of the u32 containing the permission */
 #define XPERM_IDX(x) ((x) >> 5)
 /* set bits 0 through x-1 within the u32 */
-#define XPERM_SETBITS(x) ((1U << ((x) & 0x1f)) - 1)
+#define XPERM_SETBITS(x) ((UINT32_C(1) << ((x) & 0x1f)) - 1)
 /* low value for this u32 */
 #define XPERM_LOW(x) ((x) << 5)
 /* high value for this u32 */
@@ -2612,7 +2612,7 @@ static int define_te_avtab_helper(int which, avrule_t ** rule)
 				}
 				continue;
 			} else {
-				cur_perms->data |= 1U << (perdatum->s.value - 1);
+				cur_perms->data |= UINT32_C(1) << (perdatum->s.value - 1);
 			}
 		      next:
 			cur_perms = cur_perms->next;
@@ -3615,7 +3615,7 @@ int define_constraint(constraint_expr_t * expr)
 					return -1;
 				}
 			}
-			node->permissions |= (1 << (perdatum->s.value - 1));
+			node->permissions |= (UINT32_C(1) << (perdatum->s.value - 1));
 		}
 		free(id);
 	}
-- 
2.31.1







