From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Ensure the attribute-to-type maps contain no invalid entries, required for generating typeattributeset statements when converting to CIL. Reported-by: oss-fuzz (issue 69283) Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/src/policydb_validate.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 84c1071c..9746f562 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -1654,6 +1654,26 @@ bad: return -1; } +static int validate_attrtype_map(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[]) +{ + const ebitmap_t *maps = p->attr_type_map; + uint32_t i; + + if (p->policy_type == POLICY_KERN) { + for (i = 0; i < p->p_types.nprim; i++) { + if (validate_ebitmap(&maps[i], &flavors[SYM_TYPES])) + goto bad; + } + } else if (maps) + goto bad; + + return 0; + +bad: + ERR(handle, "Invalid attr type map"); + return -1; +} + static int validate_properties(sepol_handle_t *handle, const policydb_t *p) { switch (p->policy_type) { @@ -1790,6 +1810,9 @@ int policydb_validate(sepol_handle_t *handle, const policydb_t *p) if (validate_typeattr_map(handle, p, flavors)) goto bad; + if (validate_attrtype_map(handle, p, flavors)) + goto bad; + validate_array_destroy(flavors); return 0; -- 2.45.1