On Mon, Feb 7, 2022 at 1:56 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> I also plan on merging this patch at the end of the week.
> Jim
>
This patch has now been merged.
Jim
>
> On Thu, Jan 13, 2022 at 11:04 AM James Carter <jwcart2@xxxxxxxxx> wrote:
> >
> > Map classes use the same struct as kernel classes, but only the kernel
> > class uses the pointer to a common class. When resolving a classcommon,
> > make sure that the class that is found is a kernel class and not a
> > map class. If not, then return an error.
> >
> > Found by oss-fuzz (#43209)
> >
> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> > ---
> > libsepol/cil/src/cil_resolve_ast.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> > index e97a9f46..d359eca0 100644
> > --- a/libsepol/cil/src/cil_resolve_ast.c
> > +++ b/libsepol/cil/src/cil_resolve_ast.c
> > @@ -754,6 +754,11 @@ int cil_resolve_classcommon(struct cil_tree_node *current, void *extra_args)
> > if (rc != SEPOL_OK) {
> > goto exit;
> > }
> > + if (NODE(class_datum)->flavor != CIL_CLASS) {
> > + cil_log(CIL_ERR, "Class %s is not a kernel class and cannot be associated with common %s\n", clscom->class_str, clscom->common_str);
> > + rc = SEPOL_ERR;
> > + goto exit;
> > + }
> >
> > rc = cil_resolve_name(current, clscom->common_str, CIL_SYM_COMMONS, extra_args, &common_datum);
> > if (rc != SEPOL_OK) {
> > --
> > 2.31.1
> >
