|
 |
71cd55 |
From 44d56761bed0a394cceb4b0c57fee4fc0e4d9a85 Mon Sep 17 00:00:00 2001
|
|
|
71cd55 |
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
|
71cd55 |
Date: Tue, 6 Jul 2021 19:36:29 +0200
|
|
|
71cd55 |
Subject: [PATCH] libsepol: avoid unsigned integer overflow
|
|
|
71cd55 |
MIME-Version: 1.0
|
|
|
71cd55 |
Content-Type: text/plain; charset=UTF-8
|
|
|
71cd55 |
Content-Transfer-Encoding: 8bit
|
|
|
71cd55 |
|
|
|
71cd55 |
Unsigned integer overflow is well-defined and not undefined behavior.
|
|
|
71cd55 |
It is commonly used for hashing or pseudo random number generation.
|
|
|
71cd55 |
But it is still useful to enable undefined behavior sanitizer checks on
|
|
|
71cd55 |
unsigned arithmetic to detect possible issues on counters or variables
|
|
|
71cd55 |
with similar purpose or missed overflow checks on user input.
|
|
|
71cd55 |
|
|
|
71cd55 |
Use a spaceship operator like comparison instead of subtraction.
|
|
|
71cd55 |
|
|
|
71cd55 |
policydb.c:851:24: runtime error: unsigned integer overflow: 801 - 929 cannot be represented in type 'unsigned int'
|
|
|
71cd55 |
|
|
|
71cd55 |
Follow-up of: 1537ea8412e4 ("libsepol: avoid unsigned integer overflow")
|
|
|
71cd55 |
|
|
|
71cd55 |
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
|
71cd55 |
---
|
|
|
71cd55 |
libsepol/src/policydb.c | 10 +++++-----
|
|
|
71cd55 |
libsepol/src/private.h | 2 ++
|
|
|
71cd55 |
2 files changed, 7 insertions(+), 5 deletions(-)
|
|
|
71cd55 |
|
|
|
71cd55 |
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
|
|
|
71cd55 |
index ef2217c28c91..0398ceed2574 100644
|
|
|
71cd55 |
--- a/libsepol/src/policydb.c
|
|
|
71cd55 |
+++ b/libsepol/src/policydb.c
|
|
|
71cd55 |
@@ -817,11 +817,11 @@ static int filenametr_cmp(hashtab_t h __attribute__ ((unused)),
|
|
|
71cd55 |
const filename_trans_key_t *ft2 = (const filename_trans_key_t *)k2;
|
|
|
71cd55 |
int v;
|
|
|
71cd55 |
|
|
|
71cd55 |
- v = (ft1->ttype > ft2->ttype) - (ft1->ttype < ft2->ttype);
|
|
|
71cd55 |
+ v = spaceship_cmp(ft1->ttype, ft2->ttype);
|
|
|
71cd55 |
if (v)
|
|
|
71cd55 |
return v;
|
|
|
71cd55 |
|
|
|
71cd55 |
- v = (ft1->tclass > ft2->tclass) - (ft1->tclass < ft2->tclass);
|
|
|
71cd55 |
+ v = spaceship_cmp(ft1->tclass, ft2->tclass);
|
|
|
71cd55 |
if (v)
|
|
|
71cd55 |
return v;
|
|
|
71cd55 |
|
|
|
71cd55 |
@@ -843,15 +843,15 @@ static int rangetr_cmp(hashtab_t h __attribute__ ((unused)),
|
|
|
71cd55 |
const struct range_trans *key2 = (const struct range_trans *)k2;
|
|
|
71cd55 |
int v;
|
|
|
71cd55 |
|
|
|
71cd55 |
- v = key1->source_type - key2->source_type;
|
|
|
71cd55 |
+ v = spaceship_cmp(key1->source_type, key2->source_type);
|
|
|
71cd55 |
if (v)
|
|
|
71cd55 |
return v;
|
|
|
71cd55 |
|
|
|
71cd55 |
- v = key1->target_type - key2->target_type;
|
|
|
71cd55 |
+ v = spaceship_cmp(key1->target_type, key2->target_type);
|
|
|
71cd55 |
if (v)
|
|
|
71cd55 |
return v;
|
|
|
71cd55 |
|
|
|
71cd55 |
- v = key1->target_class - key2->target_class;
|
|
|
71cd55 |
+ v = spaceship_cmp(key1->target_class, key2->target_class);
|
|
|
71cd55 |
|
|
|
71cd55 |
return v;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
|
|
|
71cd55 |
index 72f212628314..c63238abe5f3 100644
|
|
|
71cd55 |
--- a/libsepol/src/private.h
|
|
|
71cd55 |
+++ b/libsepol/src/private.h
|
|
|
71cd55 |
@@ -47,6 +47,8 @@
|
|
|
71cd55 |
#define is_saturated(x) (x == (typeof(x))-1)
|
|
|
71cd55 |
#define zero_or_saturated(x) ((x == 0) || is_saturated(x))
|
|
|
71cd55 |
|
|
|
71cd55 |
+#define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b)))
|
|
|
71cd55 |
+
|
|
|
71cd55 |
/* Policy compatibility information. */
|
|
|
71cd55 |
struct policydb_compat_info {
|
|
|
71cd55 |
unsigned int type;
|
|
|
71cd55 |
--
|
|
|
71cd55 |
2.32.0
|
|
|
71cd55 |
|