Re: [PATCH v2] libsepol: add check for category value before printing

James Carter <jwcart2@xxxxxxxxx> · Tue, 21 Nov 2023 09:09:49 -0500

On Thu, Nov 16, 2023 at 12:56 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Wed, Nov 15, 2023 at 9:04 PM <luhuaxin1@xxxxxxxxxx> wrote:
> >
> > From: Huaxin Lu <luhuaxin1@xxxxxxxxxx>
> >
> > In mls_semantic_level_expand(), there is a explicitly determine
> > whether category is 0, which may cause an potential integer
> > overflow in error branch.
> >
> > Signed-off-by: Huaxin Lu <luhuaxin1@xxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>

Merged.
Thanks,
Jim

> > ---
> >  libsepol/src/expand.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> > index ee5f9185..9ed22bfd 100644
> > --- a/libsepol/src/expand.c
> > +++ b/libsepol/src/expand.c
> > @@ -945,8 +945,8 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
> >         for (cat = sl->cat; cat; cat = cat->next) {
> >                 if (!cat->low || cat->low > cat->high) {
> >                         ERR(h, "Category range is not valid %s.%s",
> > -                           p->p_cat_val_to_name[cat->low - 1],
> > -                           p->p_cat_val_to_name[cat->high - 1]);
> > +                           cat->low > 0 ? p->p_cat_val_to_name[cat->low - 1] : "Invalid",
> > +                           cat->high > 0 ? p->p_cat_val_to_name[cat->high - 1] : "Invalid");
> >                         return -1;
> >                 }
> >                 for (i = cat->low - 1; i < cat->high; i++) {
> > --
> > 2.33.0
> >