Re: [PATCH v3 00/36] libsepol: add fuzzer for reading binary policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Dec 9, 2021 at 2:07 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Add a libfuzz[1] based fuzzer testing the reading and parsing of binary policy
> files. This fuzzer will be run within the OSS-Fuzz service.
>
> Handle and reject a variety of edge cases causing crashes or resource leaks.
>
> The fifth patch ("libsepol/fuzz: limit element sizes for fuzzing") limits, to
> avoid oom reports from the fuzzer, caused by huge memory allocations, all
> identifiers to a length of 2^16 for the fuzzer build only.
> A potential limit for the release build needs further discussion.
>
> [1]: https://llvm.org/docs/LibFuzzer.html
>
> v3:
>   - Drop RFC status
>   - [10] libsepol: add checks for read sizes
>     use PERM_SYMTAB_SIZE instead of bare 32 as limit
>   - [11] libsepol: enforce avtab item limit
>     take zero based numbering of variable items into account
>   - [30] libsepol: validate ocontexts
>     only check FS and NETIF ocons in selinux policies (not xen)
>
> v2:
>   - reorder patches
>     1. oss-fuzz related
>     2. libsepol parsing and other crashesand UB
>     3. enhance policy validation
>   - misc changes based on review by James Carter
>
>
> Christian Göttsche (36):
>   cifuzz: enable report-unreproducible-crashes
>   cifuzz: use the default runtime of 600 seconds
>   libsepol/fuzz: silence secilc-fuzzer
>   libsepol: add libfuzz based fuzzer for reading binary policies
>   libsepol/fuzz: limit element sizes for fuzzing
>   libsepol: use logging framework in conditional.c
>   libsepol: use logging framework in ebitmap.c
>   libsepol: use mallocarray wrapper to avoid overflows
>   libsepol: use reallocarray wrapper to avoid overflows
>   libsepol: add checks for read sizes
>   libsepol: enforce avtab item limit
>   libsepol: clean memory on conditional insertion failure
>   libsepol: reject abnormal huge sid ids
>   libsepol: reject invalid filetrans source type
>   libsepol: zero member before potential dereference
>   libsepol: use size_t for indexes in strs helpers
>   libsepol: do not underflow on short format arguments
>   libsepol: do not crash on class gaps
>   libsepol: do not crash on user gaps
>   libsepol: use correct size for initial string list
>   libsepol: do not create a string list with initial size zero
>   libsepol: split validation of datum array gaps and entries
>   libsepol: validate MLS levels
>   libsepol: validate expanded user range and level
>   libsepol: validate permission count of classes
>   libsepol: resolve log message mismatch
>   libsepol: validate avtab and avrule types
>   libsepol: validate constraint expression operators and attributes
>   libsepol: validate type of avtab type rules
>   libsepol: validate ocontexts
>   libsepol: validate genfs contexts
>   libsepol: validate permissive types
>   libsepol: validate policy properties
>   libsepol: validate categories
>   libsepol: validate fsuse types
>   libsepol: validate class default targets
>
>  .github/workflows/cifuzz.yml     |   3 +-
>  libsepol/fuzz/binpolicy-fuzzer.c |  63 ++++
>  libsepol/fuzz/policy.bin         | Bin 0 -> 1552 bytes
>  libsepol/fuzz/secilc-fuzzer.c    |   5 +
>  libsepol/src/Makefile            |   6 +
>  libsepol/src/avtab.c             |   6 +
>  libsepol/src/conditional.c       |  53 ++--
>  libsepol/src/ebitmap.c           |  27 +-
>  libsepol/src/expand.c            |   4 +-
>  libsepol/src/hashtab.c           |   4 +-
>  libsepol/src/kernel_to_cil.c     |  10 +
>  libsepol/src/kernel_to_common.c  |  23 +-
>  libsepol/src/kernel_to_common.h  |   4 +-
>  libsepol/src/kernel_to_conf.c    |  13 +-
>  libsepol/src/link.c              |   3 +-
>  libsepol/src/module.c            |   4 +-
>  libsepol/src/module_to_cil.c     |  13 +-
>  libsepol/src/optimize.c          |  11 +-
>  libsepol/src/policydb.c          |  27 +-
>  libsepol/src/policydb_validate.c | 477 +++++++++++++++++++++++++++----
>  libsepol/src/private.h           |  27 +-
>  libsepol/src/services.c          |  12 +-
>  libsepol/src/sidtab.c            |   3 +-
>  libsepol/src/user_record.c       |   8 +-
>  libsepol/src/users.c             |  12 +-
>  libsepol/src/util.c              |  11 +-
>  libsepol/src/write.c             |   2 +-
>  scripts/oss-fuzz.sh              |  17 +-
>  28 files changed, 686 insertions(+), 162 deletions(-)
>  create mode 100644 libsepol/fuzz/binpolicy-fuzzer.c
>  create mode 100644 libsepol/fuzz/policy.bin
>
> --
> 2.34.1
>

For the series:
Acked-by: James Carter <jwcart2@xxxxxxxxx>

As I noted, I will move the comment out of the expression when I apply patch 11.

Thanks,
Jim




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux