Re: [PATCH v1] libsepol: add check for category value before printing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 13, 2023 at 8:59 PM <luhuaxin1@xxxxxxxxxx> wrote:
>
> From: Huaxin Lu <luhuaxin1@xxxxxxxxxx>
>
> In mls_semantic_level_expand(), there is a explicitly determine
> whether category is 0, which may cause an potential integer
> overflow in error branch.
>
> Signed-off-by: Huaxin Lu <luhuaxin1@xxxxxxxxxx>
> ---
>  libsepol/src/expand.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index ee5f9185..9ed22bfd 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -945,8 +945,8 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
>         for (cat = sl->cat; cat; cat = cat->next) {
>                 if (!cat->low || cat->low > cat->high) {
>                         ERR(h, "Category range is not valid %s.%s",
> -                           p->p_cat_val_to_name[cat->low - 1],
> -                           p->p_cat_val_to_name[cat->high - 1]);
> +                           cat->low > 0 ? p->p_cat_val_to_name[cat->low - 1] : "n/a",
> +                           cat->high > 0 ? p->p_cat_val_to_name[cat->high - 1] : "n/a");

I would prefer "Invalid", "Bad Category", "NULL", or something along
those lines instead of "n/a".
Thanks,
Jim


>                         return -1;
>                 }
>                 for (i = cat->low - 1; i < cat->high; i++) {
> --
> 2.33.0
>




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux