Date: Wed, 17 May 2006 19:01:54 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 97364 for review Message-ID: <200605171901.k4HJ1sMN043284@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=97364 Change 97364 by millert@millert_ibook on 2006/05/17 19:01:33 Update to libsepol version 1.12.4 Obtained from: selinux.sourceforge.net Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/ChangeLog#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/VERSION#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/ebitmap.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/expand.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/module.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/write.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/ChangeLog#2 (text+ko) ==== @@ -1,3 +1,16 @@ +1.12.4 2006-03-29 + * Generalize test for bitmap overflow in ebitmap_set_bit. + +1.12.3 2006-03-27 + * Fixed attr_convert_callback and expand_convert_type_set + typemap bug. + +1.12.2 2006-03-24 + * Fixed avrule_block_write num_decls endian bug. + +1.12.1 2006-03-20 + * Fixed sepol_module_package_write buffer overflow bug. + 1.12 2006-03-14 * Updated version for release. ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/VERSION#2 (text+ko) ==== @@ -1,1 +1,1 @@ -1.12 +1.12.4 ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/ebitmap.c#3 (text+ko) ==== @@ -12,6 +12,7 @@ #include <sepol/policydb/ebitmap.h> #include <sepol/policydb/policydb.h> +#include "debug.h" #include "private.h" int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2) @@ -181,7 +182,13 @@ int ebitmap_set_bit(ebitmap_t * e, unsigned int bit, int value) { ebitmap_node_t *n, *prev, *new; + uint32_t startbit = bit & ~(MAPSIZE - 1); + uint32_t highbit = startbit + MAPSIZE; + if (highbit == 0) { + ERR(NULL, "bitmap overflow, bit 0x%x", bit); + return -EINVAL; + } prev = 0; n = e->node; @@ -226,12 +233,13 @@ return -ENOMEM; memset(new, 0, sizeof(ebitmap_node_t)); - new->startbit = bit & ~(MAPSIZE - 1); + new->startbit = startbit; new->map = (MAPBIT << (bit - new->startbit)); - if (!n) + if (!n) { /* this node will be the highest map within the bitmap */ - e->highbit = new->startbit + MAPSIZE; + e->highbit = highbit; + } if (prev) { new->next = prev->next; ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/expand.c#2 (text+ko) ==== @@ -138,6 +138,8 @@ ebitmap_for_each_bit(&type->types, node, i) { if (!ebitmap_node_get_bit(node, i)) continue; + if (!state->typemap[i]) + continue; if (ebitmap_set_bit(&new_type->types, state->typemap[i]-1, 1)) { ERR (state->handle, "out of memory"); @@ -1441,6 +1443,8 @@ ebitmap_for_each_bit(&tmp, tnode, i) { if (!ebitmap_node_get_bit(tnode, i)) continue; + if (!typemap[i]) + continue; if (ebitmap_set_bit(types, typemap[i] - 1, 1)) return -1; } ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/module.c#2 (text+ko) ==== @@ -661,7 +661,7 @@ { struct policy_file *file = &spf->pf; policy_file_t polfile; - uint32_t buf[3], offsets[5], len, nsec = 0; + uint32_t buf[5], offsets[5], len, nsec = 0; int i; if (p->policy) { ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/libsepol/src/write.c#3 (text+ko) ==== @@ -1340,7 +1340,7 @@ for (decl = cur->branch_list; decl != NULL; decl = decl->next) { num_decls++; } - buf[0] = num_decls; + buf[0] = cpu_to_le32(num_decls); if (put_entry(buf, sizeof(uint32_t), 1, fp) != 1) { return -1; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605171901.k4HJ1sMN043284>