libsepol/backport-libsepol-validate-old-style-range-trans-classes.patch

From 4cf37608b563327ce433ce392931a9eb8bda9524 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 12 May 2023 11:29:58 +0200
Subject: [PATCH] libsepol: validate old style range trans classes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For old style range transition rules the class defaults to process.
However the policy might not declare the process class leading to
setting a wrong bit later on via:

    if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))

UBSAN report:

    policydb.c:3684:56: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'uint32_t' (aka 'unsigned int')

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 libsepol/src/policydb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index b79c19b94c..605d290a71 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -3650,10 +3650,10 @@ static int range_read(policydb_t * p, struct policy_file *fp)
 			if (rc < 0)
 				goto err;
 			rt->target_class = le32_to_cpu(buf[0]);
-			if (!value_isvalid(rt->target_class, p->p_classes.nprim))
-				goto err;
 		} else
 			rt->target_class = p->process_class;
+		if (!value_isvalid(rt->target_class, p->p_classes.nprim))
+			goto err;
 		r = calloc(1, sizeof(*r));
 		if (!r)
 			goto err;