!37 libsepol/cil: do not allow \0 in quoted strings
From: @panxh_purple Reviewed-by: @zhujianwei001 Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot
Gitee
commit
962e4e0313
41
backport-libsepol-cil-do-not-allow-0-in-quoted-strings.patch
Normal file
41
backport-libsepol-cil-do-not-allow-0-in-quoted-strings.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From af29a235531f66882e5a027e1348658b8d8c1e68 Mon Sep 17 00:00:00 2001
|
||||
From: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||
Date: Mon, 12 Jul 2021 10:44:28 +0200
|
||||
Subject: [PATCH] libsepol/cil: do not allow \0 in quoted strings
|
||||
|
||||
Using the '\0' character in strings in a CIL policy is not expected to
|
||||
happen, and makes the flex tokenizer very slow. For example when
|
||||
generating a file with:
|
||||
|
||||
python -c 'print("\"" + "\0"*100000 + "\"")' > policy.cil
|
||||
|
||||
secilc fails after 26 seconds, on my desktop computer. Increasing the
|
||||
numbers of \0 makes this time increase significantly. But replacing \0
|
||||
with another character makes secilc fail in only few milliseconds.
|
||||
|
||||
Fix this "possible denial of service" issue by forbidding \0 in strings
|
||||
in CIL policies.
|
||||
|
||||
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36016
|
||||
|
||||
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||||
---
|
||||
libsepol/cil/src/cil_lexer.l | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libsepol/cil/src/cil_lexer.l b/libsepol/cil/src/cil_lexer.l
|
||||
index e28c33e..8bf2b6e 100644
|
||||
--- a/libsepol/cil/src/cil_lexer.l
|
||||
+++ b/libsepol/cil/src/cil_lexer.l
|
||||
@@ -49,7 +49,7 @@ spec_char [\[\]\.\@\=\/\*\-\_\$\%\+\-\!\|\&\^\:\~\`\#\{\}\'\<\>\?\,]
|
||||
symbol ({digit}|{alpha}|{spec_char})+
|
||||
white [ \t]
|
||||
newline [\n\r]
|
||||
-qstring \"[^"\n]*\"
|
||||
+qstring \"[^"\n\0]*\"
|
||||
hll_lm ^;;\*
|
||||
comment ;
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libsepol
|
||||
Version: 3.1
|
||||
Release: 6
|
||||
Release: 7
|
||||
Summary: SELinux binary policy manipulation library
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
@ -46,6 +46,7 @@ Patch36: backport-libsepol-cil-Allow-permission-expressions-when-using.pa
|
||||
Patch37: backport-libsepol-cil-fix-NULL-pointer-dereference-in-__cil_i.patch
|
||||
Patch38: backport-libsepol-cil-Properly-check-for-parameter-when-inser.patch
|
||||
Patch39: backport-libsepol-cil-Reset-expandtypeattribute-rules-when-re.patch
|
||||
Patch40: backport-libsepol-cil-do-not-allow-0-in-quoted-strings.patch
|
||||
|
||||
BuildRequires: gcc flex
|
||||
|
||||
@ -105,6 +106,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Tue Feb 15 2022 panxiaohe <panxh.life@foxmail.com> - 3.1-7
|
||||
- libsepol/cil: do not allow \0 in quoted strings
|
||||
|
||||
* Fri Dec 10 2021 panxiaohe <panxiaohe@huawei.com> - 3.1-6
|
||||
- fix secilc-fuzzer issues
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user