packages/libsepol
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!37 libsepol/cil: do not allow \0 in quoted strings

Browse Source 
From: @panxh_purple 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2022-02-16 09:26:37 +00:00 committed by Gitee
commit 962e4e0313
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
backport-libsepol-cil-do-not-allow-0-in-quoted-strings.patch Normal file
View File

@ -0,0 +1,41 @@
From af29a235531f66882e5a027e1348658b8d8c1e68 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Mon, 12 Jul 2021 10:44:28 +0200
Subject: [PATCH] libsepol/cil: do not allow \0 in quoted strings
Using the '\0' character in strings in a CIL policy is not expected to
happen, and makes the flex tokenizer very slow. For example when
generating a file with:
python -c 'print("\"" + "\0"*100000 + "\"")' > policy.cil
secilc fails after 26 seconds, on my desktop computer. Increasing the
numbers of \0 makes this time increase significantly. But replacing \0
with another character makes secilc fail in only few milliseconds.
Fix this "possible denial of service" issue by forbidding \0 in strings
in CIL policies.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36016
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsepol/cil/src/cil_lexer.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_lexer.l b/libsepol/cil/src/cil_lexer.l
index e28c33e..8bf2b6e 100644
--- a/libsepol/cil/src/cil_lexer.l
+++ b/libsepol/cil/src/cil_lexer.l
@@ -49,7 +49,7 @@ spec_char [\[\]\.\@\=\/\*\-\_\$\%\+\-\!\|\&\^\:\~\`\#\{\}\'\<\>\?\,]
symbol ({digit}|{alpha}|{spec_char})+
white [ \t]
newline [\n\r]
-qstring \"[^"\n]*\"
+qstring \"[^"\n\0]*\"
hll_lm ^;;\*
comment ;
--
1.8.3.1

6
libsepol.spec
View File

@ -1,6 +1,6 @@
Name: libsepol Name: libsepol
Version: 3.1 Version: 3.1
Release: 6 Release: 7
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/SELinuxProject/selinux/wiki/Releases URL: https://github.com/SELinuxProject/selinux/wiki/Releases
@ -46,6 +46,7 @@ Patch36: backport-libsepol-cil-Allow-permission-expressions-when-using.pa
Patch37: backport-libsepol-cil-fix-NULL-pointer-dereference-in-__cil_i.patch Patch37: backport-libsepol-cil-fix-NULL-pointer-dereference-in-__cil_i.patch
Patch38: backport-libsepol-cil-Properly-check-for-parameter-when-inser.patch Patch38: backport-libsepol-cil-Properly-check-for-parameter-when-inser.patch
Patch39: backport-libsepol-cil-Reset-expandtypeattribute-rules-when-re.patch Patch39: backport-libsepol-cil-Reset-expandtypeattribute-rules-when-re.patch
Patch40: backport-libsepol-cil-do-not-allow-0-in-quoted-strings.patch
BuildRequires: gcc flex BuildRequires: gcc flex
@ -105,6 +106,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Tue Feb 15 2022 panxiaohe <panxh.life@foxmail.com> - 3.1-7
- libsepol/cil: do not allow \0 in quoted strings
* Fri Dec 10 2021 panxiaohe <panxiaohe@huawei.com> - 3.1-6 * Fri Dec 10 2021 panxiaohe <panxiaohe@huawei.com> - 3.1-6
- fix secilc-fuzzer issues - fix secilc-fuzzer issues