On Wed, Jun 12, 2024 at 11:33 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Sat, Jun 8, 2024 at 1:18 PM Christian Göttsche
> <cgoettsche@xxxxxxxxxxxxx> wrote:
> >
> > From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> >
> > Ensure the attribute-to-type maps contain no invalid entries, required
> > for generating typeattributeset statements when converting to CIL.
> >
> > Reported-by: oss-fuzz (issue 69283)
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > libsepol/src/policydb_validate.c | 23 +++++++++++++++++++++++
> > 1 file changed, 23 insertions(+)
> >
> > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> > index 84c1071c..9746f562 100644
> > --- a/libsepol/src/policydb_validate.c
> > +++ b/libsepol/src/policydb_validate.c
> > @@ -1654,6 +1654,26 @@ bad:
> > return -1;
> > }
> >
> > +static int validate_attrtype_map(sepol_handle_t *handle, const policydb_t *p, validate_t flavors[])
> > +{
> > + const ebitmap_t *maps = p->attr_type_map;
> > + uint32_t i;
> > +
> > + if (p->policy_type == POLICY_KERN) {
> > + for (i = 0; i < p->p_types.nprim; i++) {
> > + if (validate_ebitmap(&maps[i], &flavors[SYM_TYPES]))
> > + goto bad;
> > + }
> > + } else if (maps)
> > + goto bad;
> > +
> > + return 0;
> > +
> > +bad:
> > + ERR(handle, "Invalid attr type map");
> > + return -1;
> > +}
> > +
> > static int validate_properties(sepol_handle_t *handle, const policydb_t *p)
> > {
> > switch (p->policy_type) {
> > @@ -1790,6 +1810,9 @@ int policydb_validate(sepol_handle_t *handle, const policydb_t *p)
> > if (validate_typeattr_map(handle, p, flavors))
> > goto bad;
> >
> > + if (validate_attrtype_map(handle, p, flavors))
> > + goto bad;
> > +
> > validate_array_destroy(flavors);
> >
> > return 0;
> > --
> > 2.45.1
> >
> >
