You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation of sepol_av_to_string does not NULL-terminate avbuf if av == 0 or if none of the bits match a permission.
char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
sepol_access_vector_t av)
{
// ...
static char avbuf[1024];
// ...
for (i = 0; i < cladatum->permissions.nprim; i++) {
if (av & (1 << i)) {
// ...
if (perm) {
len =
snprintf(p, sizeof(avbuf) - avlen, " %s",
perm);
// ...
}
}
}
return avbuf;
}
This may not be an issue if av is validated elsewhere. I'm personally using libsepol to disable all the auditdeny/dontaudit rules by removing the permission bits (ie. av_cur->datum.data = ~0U) and ran into this issue trying to print the result.
EDIT: The buffer may be NULL-terminated since static arrays are zero-initialized, but with the inputs mentioned above, the result is still incorrect.
The text was updated successfully, but these errors were encountered:
chenxiaolong reported this via
#23
A nicer fix would be to rework the interface to be more
like security_av_string() in libselinux, but that requires
updating all callers.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The current implementation of
sepol_av_to_string
does not NULL-terminateavbuf
ifav == 0
or if none of the bits match a permission.This may not be an issue if
av
is validated elsewhere. I'm personally using libsepol to disable all the auditdeny/dontaudit rules by removing the permission bits (ie.av_cur->datum.data = ~0U
) and ran into this issue trying to print the result.EDIT: The buffer may be NULL-terminated since static arrays are zero-initialized, but with the inputs mentioned above, the result is still incorrect.
The text was updated successfully, but these errors were encountered: