On Sat, Jun 8, 2024 at 1:18 PM Christian Göttsche
<cgoettsche@xxxxxxxxxxxxx> wrote:
>
> From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Ensure the attribute-to-type maps contain no invalid entries, required
> for generating typeattributeset statements when converting to CIL.
>
> Reported-by: oss-fuzz (issue 69283)
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libsepol/src/policydb_validate.c | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index 84c1071c..9746f562 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -1654,6 +1654,26 @@ bad:
> return -1;
> }
>
> +static int validate_attrtype_map(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
> +{
> + const ebitmap_t *maps = p->attr_type_map;
> + uint32_t i;
> +
> + if (p->policy_type == POLICY_KERN) {
> + for (i = 0; i < p->p_types.nprim; i++) {
> + if (validate_ebitmap(&maps[i], &flavors[SYM_TYPES]))
> + goto bad;
> + }
> + } else if (maps)
> + goto bad;
> +
> + return 0;
> +
> +bad:
> + ERR(handle, "Invalid attr type map");
> + return -1;
> +}
> +
> static int validate_properties(sepol_handle_t *handle, const policydb_t *p)
> {
> switch (p->policy_type) {
> @@ -1790,6 +1810,9 @@ int policydb_validate(sepol_handle_t *handle, const policydb_t *p)
> if (validate_typeattr_map(handle, p, flavors))
> goto bad;
>
> + if (validate_attrtype_map(handle, p, flavors))
> + goto bad;
> +
> validate_array_destroy(flavors);
>
> return 0;
> --
> 2.45.1
>
>
