Re: [PATCH v3 00/36] libsepol: add fuzzer for reading binary policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 15, 2021 at 12:41 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Thu, Dec 9, 2021 at 2:07 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Add a libfuzz[1] based fuzzer testing the reading and parsing of binary policy
> > files. This fuzzer will be run within the OSS-Fuzz service.
> >
> > Handle and reject a variety of edge cases causing crashes or resource leaks.
> >
> > The fifth patch ("libsepol/fuzz: limit element sizes for fuzzing") limits, to
> > avoid oom reports from the fuzzer, caused by huge memory allocations, all
> > identifiers to a length of 2^16 for the fuzzer build only.
> > A potential limit for the release build needs further discussion.
> >
> > [1]: https://llvm.org/docs/LibFuzzer.html
> >
> > v3:
> >   - Drop RFC status
> >   - [10] libsepol: add checks for read sizes
> >     use PERM_SYMTAB_SIZE instead of bare 32 as limit
> >   - [11] libsepol: enforce avtab item limit
> >     take zero based numbering of variable items into account
> >   - [30] libsepol: validate ocontexts
> >     only check FS and NETIF ocons in selinux policies (not xen)
> >
> > v2:
> >   - reorder patches
> >     1. oss-fuzz related
> >     2. libsepol parsing and other crashesand UB
> >     3. enhance policy validation
> >   - misc changes based on review by James Carter
> >
> >
> > Christian Göttsche (36):
> >   cifuzz: enable report-unreproducible-crashes
> >   cifuzz: use the default runtime of 600 seconds
> >   libsepol/fuzz: silence secilc-fuzzer
> >   libsepol: add libfuzz based fuzzer for reading binary policies
> >   libsepol/fuzz: limit element sizes for fuzzing
> >   libsepol: use logging framework in conditional.c
> >   libsepol: use logging framework in ebitmap.c
> >   libsepol: use mallocarray wrapper to avoid overflows
> >   libsepol: use reallocarray wrapper to avoid overflows
> >   libsepol: add checks for read sizes
> >   libsepol: enforce avtab item limit
> >   libsepol: clean memory on conditional insertion failure
> >   libsepol: reject abnormal huge sid ids
> >   libsepol: reject invalid filetrans source type
> >   libsepol: zero member before potential dereference
> >   libsepol: use size_t for indexes in strs helpers
> >   libsepol: do not underflow on short format arguments
> >   libsepol: do not crash on class gaps
> >   libsepol: do not crash on user gaps
> >   libsepol: use correct size for initial string list
> >   libsepol: do not create a string list with initial size zero
> >   libsepol: split validation of datum array gaps and entries
> >   libsepol: validate MLS levels
> >   libsepol: validate expanded user range and level
> >   libsepol: validate permission count of classes
> >   libsepol: resolve log message mismatch
> >   libsepol: validate avtab and avrule types
> >   libsepol: validate constraint expression operators and attributes
> >   libsepol: validate type of avtab type rules
> >   libsepol: validate ocontexts
> >   libsepol: validate genfs contexts
> >   libsepol: validate permissive types
> >   libsepol: validate policy properties
> >   libsepol: validate categories
> >   libsepol: validate fsuse types
> >   libsepol: validate class default targets
> >
> >  .github/workflows/cifuzz.yml     |   3 +-
> >  libsepol/fuzz/binpolicy-fuzzer.c |  63 ++++
> >  libsepol/fuzz/policy.bin         | Bin 0 -> 1552 bytes
> >  libsepol/fuzz/secilc-fuzzer.c    |   5 +
> >  libsepol/src/Makefile            |   6 +
> >  libsepol/src/avtab.c             |   6 +
> >  libsepol/src/conditional.c       |  53 ++--
> >  libsepol/src/ebitmap.c           |  27 +-
> >  libsepol/src/expand.c            |   4 +-
> >  libsepol/src/hashtab.c           |   4 +-
> >  libsepol/src/kernel_to_cil.c     |  10 +
> >  libsepol/src/kernel_to_common.c  |  23 +-
> >  libsepol/src/kernel_to_common.h  |   4 +-
> >  libsepol/src/kernel_to_conf.c    |  13 +-
> >  libsepol/src/link.c              |   3 +-
> >  libsepol/src/module.c            |   4 +-
> >  libsepol/src/module_to_cil.c     |  13 +-
> >  libsepol/src/optimize.c          |  11 +-
> >  libsepol/src/policydb.c          |  27 +-
> >  libsepol/src/policydb_validate.c | 477 +++++++++++++++++++++++++++----
> >  libsepol/src/private.h           |  27 +-
> >  libsepol/src/services.c          |  12 +-
> >  libsepol/src/sidtab.c            |   3 +-
> >  libsepol/src/user_record.c       |   8 +-
> >  libsepol/src/users.c             |  12 +-
> >  libsepol/src/util.c              |  11 +-
> >  libsepol/src/write.c             |   2 +-
> >  scripts/oss-fuzz.sh              |  17 +-
> >  28 files changed, 686 insertions(+), 162 deletions(-)
> >  create mode 100644 libsepol/fuzz/binpolicy-fuzzer.c
> >  create mode 100644 libsepol/fuzz/policy.bin
> >
> > --
> > 2.34.1
> >
>
> For the series:
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
> As I noted, I will move the comment out of the expression when I apply patch 11.
>
> Thanks,
> Jim

This series has been merged.
Thanks,
Jim




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux