On Mon, Oct 11, 2021 at 12:41 PM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > Check all categories have valid values, especially important for > aliases. > > ==7888==ERROR: AddressSanitizer: SEGV on unknown address 0x602000400710 (pc 0x00000055debc bp 0x7ffe0ff2a9d0 sp 0x7ffe0ff2a8e0 T0) > ==7888==The signal is caused by a READ memory access. > #0 0x55debc in write_category_rules_to_conf ./libsepol/src/kernel_to_conf.c:946:9 > #1 0x55debc in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1137:7 > #2 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3106:7 > #3 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:37:9 > #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o > #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o > #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o > #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) > #8 0x7fe80ccaf7ec in __libc_start_main csu/../csu/libc-start.c:332:16 > #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > libsepol/src/policydb_validate.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c > index 860f9647..063bde18 100644 > --- a/libsepol/src/policydb_validate.c > +++ b/libsepol/src/policydb_validate.c > @@ -465,6 +465,9 @@ static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate > if (hashtab_map(p->p_levels.table, validate_level, flavors)) > goto bad; > > + if (hashtab_map(p->p_cats.table, validate_datum, &flavors[SYM_CATS])) > + goto bad; > + This should not be in this function. See the comments on patch 13. Thanks, Jim > return 0; > > bad: > -- > 2.33.0 >
