On Aug 18, 2023 Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote:
>
> Reject ebitmaps with a node containing an empty map or with an incorrect
> highbit. Both checks are already performed by userspace, the former
> since 2008 (patch 13cd4c896068 ("initial import from svn trunk revision
> 2950")), the latter since v2.7 in 2017 (patch 75b14a5de10a ("libsepol:
> ebitmap: reject loading bitmaps with incorrect high bit")).
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> ---
> security/selinux/ss/ebitmap.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
> index 77875ad355f7..ac9da819531d 100644
> --- a/security/selinux/ss/ebitmap.c
> +++ b/security/selinux/ss/ebitmap.c
...
> @@ -457,6 +461,13 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> map = EBITMAP_SHIFT_UNIT_SIZE(map);
> }
> }
> +
> + if (n && n->startbit + EBITMAP_SIZE != e->highbit) {
> + pr_err("SELinux: ebitmap: high bit %d has not the expected value %ld\n",
That reads a little awkward in English, how about "high bit %d is not
equal to the expected value %ld\n"?
> + e->highbit, n->startbit + EBITMAP_SIZE);
> + goto bad;
> + }
> +
> ok:
> rc = 0;
> out:
> --
> 2.40.1
--
paul-moore.com
