From b1b3467a476b109f20ad581d73c56262205a021e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 1 Nov 2023 17:37:24 +0100 Subject: [PATCH] libsepol: reject avtab entries with invalid specifier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Neverallow avtab entries are not supported (normal and extended). Reject them to avoid lookup confusions via avtab_search(), e.g. when searching for a invalid key of AVTAB_TRANSITION|AVTAB_NEVERALLOW and the result of only AVTAB_NEVERALLOW has no transition value. Simplify the check for the number of specifiers by using the compiler popcount builtin (already used in libsepol). Reported-by: oss-fuzz (issue 60568), caused at the time by the filetrans prefix proposal Signed-off-by: Christian Göttsche Acked-by: James Carter Reference: https://github.com/SELinuxProject/selinux/commit/b1b3467a476b109f20ad581d73c56262205a021e Conflict: NA --- libsepol/src/avtab.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c index 6ab49c5e..1ef5ee00 100644 --- a/libsepol/src/avtab.c +++ b/libsepol/src/avtab.c @@ -441,7 +441,6 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, avtab_key_t key; avtab_datum_t datum; avtab_extended_perms_t xperms; - unsigned set; unsigned int i; int rc; @@ -535,13 +534,13 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, key.target_class = le16_to_cpu(buf16[items++]); key.specified = le16_to_cpu(buf16[items++]); - set = 0; - for (i = 0; i < ARRAY_SIZE(spec_order); i++) { - if (key.specified & spec_order[i]) - set++; + if (key.specified & ~(AVTAB_AV | AVTAB_TYPE | AVTAB_XPERMS | AVTAB_ENABLED)) { + ERR(fp->handle, "invalid specifier"); + return -1; } - if (!set || set > 1) { - ERR(fp->handle, "more than one specifier"); + + if (__builtin_popcount(key.specified & ~AVTAB_ENABLED) != 1) { + ERR(fp->handle, "not exactly one specifier"); return -1; } -- 2.33.0