I also plan on merging this patch at the end of the week.
Jim
On Thu, Jan 13, 2022 at 11:04 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> Map classes use the same struct as kernel classes, but only the kernel
> class uses the pointer to a common class. When resolving a classcommon,
> make sure that the class that is found is a kernel class and not a
> map class. If not, then return an error.
>
> Found by oss-fuzz (#43209)
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libsepol/cil/src/cil_resolve_ast.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> index e97a9f46..d359eca0 100644
> --- a/libsepol/cil/src/cil_resolve_ast.c
> +++ b/libsepol/cil/src/cil_resolve_ast.c
> @@ -754,6 +754,11 @@ int cil_resolve_classcommon(struct cil_tree_node *current, void *extra_args)
> if (rc != SEPOL_OK) {
> goto exit;
> }
> + if (NODE(class_datum)->flavor != CIL_CLASS) {
> + cil_log(CIL_ERR, "Class %s is not a kernel class and cannot be associated with common %s\n", clscom->class_str, clscom->common_str);
> + rc = SEPOL_ERR;
> + goto exit;
> + }
>
> rc = cil_resolve_name(current, clscom->common_str, CIL_SYM_COMMONS, extra_args, &common_datum);
> if (rc != SEPOL_OK) {
> --
> 2.31.1
>
