Re: [RFC PATCH 00/35] libsepol: add fuzzer for reading binary policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This needs to be broken up into three patch sets.

1) libfuzz: patches 1-5
2) policydb_validate improvements: patches 13, 16, 17, 22, 23, 25-31, 33
3) General libsepol fixes: patches 6-12, 14, 15, 18-21, 24, 32, 34, 35

I have some comments on the individual patches which will be coming soon.

Thanks,
Jim

On Mon, Oct 11, 2021 at 12:42 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Add a libfuzz[1] based fuzzer testing the reading and parsing of binary policy
> files. This fuzzer will be run within the OSS-Fuzz service.
>
> Handle and reject a variety of edge cases causing crashes or resource leaks.
>
> The fifth patch ("libsepol/fuzz: limit element sizes for fuzzing") needs some
> discussion: To avoid oom reports from the fuzzer, caused by huge memory
> allocations, all identifiers are limited to a length of 2^16 for the fuzzer
> build only.  Probably there should be a limit for the release build too.
> Is there a specification for the binary policy format saying something about
> the maximum length of identifiers?
> After a quick look at the kernel sources (most interesting is str_read()) I
> could not find any limits either.
>
> [1]: https://llvm.org/docs/LibFuzzer.html
>
> Christian Göttsche (35):
>   cifuzz: enable report-unreproducible-crashes
>   cifuzz: use the default runtime of 600 seconds
>   libsepol/fuzz: silence secilc-fuzzer
>   libsepol: add libfuzz based fuzzer for reading binary policies
>   libsepol/fuzz: limit element sizes for fuzzing
>   libsepol: use logging framework in conditional.c
>   libsepol: use logging framework in ebitmap.c
>   libsepol: use mallocarray wrapper to avoid overflows
>   libsepol: use reallocarray wrapper to avoid overflows
>   libsepol: add checks for read sizes
>   libsepol: enforce avtab item limit
>   libsepol: clean memory on conditional read failure
>   libsepol: validate MLS levels
>   libsepol: reject invalid fsuse types
>   libsepol: reject invalid default targets
>   libsepol: validate expanded user range and level
>   libsepol: validate types
>   libsepol: use size_t for indexes in strs helpers
>   libsepol: reject abnormal huge sid ids
>   libsepol: do not crash on class gaps
>   libsepol: do not crash on user gaps
>   libsepol: validate permission count of classes
>   libsepol: resolve log message mismatch
>   libsepol: zero member before potential dereference
>   libsepol: validate avtab types
>   libsepol: validate constraint expression operators and attributes
>   libsepol: validate type of avtab type rules
>   libsepol: validate ocontexts
>   libsepol: validate genfs contexts
>   libsepol: validate permissive types
>   libsepol: validate policy properties
>   libsepol: do not underflow on short format arguments
>   libsepol: validate categories
>   libsepol: use correct size for initial string list
>   libsepol: do not create a string list with initial size zero
>
>  .github/workflows/cifuzz.yml     |   3 +-
>  libsepol/fuzz/binpolicy-fuzzer.c |  63 +++++++
>  libsepol/fuzz/policy.bin         | Bin 0 -> 1552 bytes
>  libsepol/fuzz/secilc-fuzzer.c    |   5 +
>  libsepol/src/Makefile            |   6 +
>  libsepol/src/avtab.c             |   6 +
>  libsepol/src/conditional.c       |  36 ++--
>  libsepol/src/ebitmap.c           |  27 ++-
>  libsepol/src/expand.c            |   4 +-
>  libsepol/src/hashtab.c           |   4 +-
>  libsepol/src/kernel_to_cil.c     |  10 ++
>  libsepol/src/kernel_to_common.c  |  23 ++-
>  libsepol/src/kernel_to_common.h  |   4 +-
>  libsepol/src/kernel_to_conf.c    |  13 +-
>  libsepol/src/link.c              |   3 +-
>  libsepol/src/module.c            |   4 +-
>  libsepol/src/module_to_cil.c     |  13 +-
>  libsepol/src/optimize.c          |  11 +-
>  libsepol/src/policydb.c          |  68 +++++++-
>  libsepol/src/policydb_validate.c | 274 +++++++++++++++++++++++++++++--
>  libsepol/src/private.h           |  27 ++-
>  libsepol/src/services.c          |  12 +-
>  libsepol/src/sidtab.c            |   3 +-
>  libsepol/src/user_record.c       |   8 +-
>  libsepol/src/users.c             |  12 +-
>  libsepol/src/util.c              |  11 +-
>  libsepol/src/write.c             |   2 +-
>  scripts/oss-fuzz.sh              |  19 ++-
>  28 files changed, 556 insertions(+), 115 deletions(-)
>  create mode 100644 libsepol/fuzz/binpolicy-fuzzer.c
>  create mode 100644 libsepol/fuzz/policy.bin
>
> --
> 2.33.0
>




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux