On Mon, Jan 17, 2022 at 9:34 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Since the role datums have not been validated yet, they might be invalid
> and set to an enormous high value. Inverting such an ebitmap will take
> excessive amount of memory and time.
>
> Found by oss-fuzz (#43709)
> ---
> libsepol/src/expand.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index 898e6b87..3fc54af6 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -2481,6 +2481,10 @@ int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * out, policydb_t
>
> /* if role is to be complimented, invert the entire bitmap here */
> if (x->flags & ROLE_COMP) {
> + /* inverting an ebitmap with an invalid highbit will take aeons */
> + if (ebitmap_length(r) > p->p_roles.nprim)
> + return -1;
> +
> for (i = 0; i < ebitmap_length(r); i++) {
> if (ebitmap_get_bit(r, i)) {
> if (ebitmap_set_bit(r, i, 0))
> --
> 2.34.1
>
One would think that ebitmap_length() would be the right function, but
actually it will return the highest position in the bitmap without
regard to whether it is set or not. Since the ebitmap has 64 bit
nodes, it will be a multiple of 64.
The function you want to use here is ebitmap_highest_set_bit().
Thanks,
Jim
