forked from pool/libsepol
Accepting request 907663 from home:jsegitz:branches:security:SELinux
- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928. Added CVE-2021-36087.patch OBS-URL: https://build.opensuse.org/request/show/907663 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=88
This commit is contained in:
parent
d28af01c4e
commit
dbf4cf0499
83
CVE-2021-36087.patch
Normal file
83
CVE-2021-36087.patch
Normal file
@ -0,0 +1,83 @@
|
||||
diff -r -u libsepol-3.2_orig/cil/src/cil_build_ast.c libsepol-3.2/cil/src/cil_build_ast.c
|
||||
--- libsepol-3.2_orig/cil/src/cil_build_ast.c 2021-07-21 15:15:01.875585374 +0200
|
||||
+++ libsepol-3.2/cil/src/cil_build_ast.c 2021-07-21 15:15:10.655704516 +0200
|
||||
@@ -50,6 +50,7 @@
|
||||
struct cil_tree_node *ast;
|
||||
struct cil_db *db;
|
||||
struct cil_tree_node *macro;
|
||||
+ struct cil_tree_node *optional;
|
||||
struct cil_tree_node *boolif;
|
||||
struct cil_tree_node *tunif;
|
||||
struct cil_tree_node *in;
|
||||
@@ -6098,6 +6099,7 @@
|
||||
struct cil_db *db = NULL;
|
||||
struct cil_tree_node *ast_node = NULL;
|
||||
struct cil_tree_node *macro = NULL;
|
||||
+ struct cil_tree_node *optional = NULL;
|
||||
struct cil_tree_node *boolif = NULL;
|
||||
struct cil_tree_node *tunif = NULL;
|
||||
struct cil_tree_node *in = NULL;
|
||||
@@ -6143,6 +6145,18 @@
|
||||
}
|
||||
}
|
||||
|
||||
+ if (optional != NULL) {
|
||||
+ if (parse_current->data == CIL_KEY_TUNABLE ||
|
||||
+ parse_current->data == CIL_KEY_IN ||
|
||||
+ parse_current->data == CIL_KEY_BLOCK ||
|
||||
+ parse_current->data == CIL_KEY_BLOCKABSTRACT ||
|
||||
+ parse_current->data == CIL_KEY_MACRO) {
|
||||
+ rc = SEPOL_ERR;
|
||||
+ cil_tree_log(parse_current, CIL_ERR, "%s is not allowed in optionals", (char *)parse_current->data);
|
||||
+ goto exit;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (boolif != NULL) {
|
||||
if (parse_current->data != CIL_KEY_CONDTRUE &&
|
||||
parse_current->data != CIL_KEY_CONDFALSE &&
|
||||
@@ -6524,6 +6538,19 @@
|
||||
args->macro = NULL;
|
||||
}
|
||||
|
||||
+ if (ast->flavor == CIL_OPTIONAL) {
|
||||
+ struct cil_tree_node *n = ast->parent;
|
||||
+ args->optional = NULL;
|
||||
+ /* Optionals can be nested */
|
||||
+ while (n && n->flavor != CIL_ROOT) {
|
||||
+ if (n->flavor == CIL_OPTIONAL) {
|
||||
+ args->optional = n;
|
||||
+ break;
|
||||
+ }
|
||||
+ n = n->parent;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (ast->flavor == CIL_BOOLEANIF) {
|
||||
args->boolif = NULL;
|
||||
}
|
||||
@@ -6561,6 +6588,7 @@
|
||||
extra_args.ast = ast;
|
||||
extra_args.db = db;
|
||||
extra_args.macro = NULL;
|
||||
+ extra_args.optional = NULL;
|
||||
extra_args.boolif = NULL;
|
||||
extra_args.tunif = NULL;
|
||||
extra_args.in = NULL;
|
||||
diff -r -u libsepol-3.2_orig/cil/src/cil_resolve_ast.c libsepol-3.2/cil/src/cil_resolve_ast.c
|
||||
--- libsepol-3.2_orig/cil/src/cil_resolve_ast.c 2021-07-21 15:15:01.879585428 +0200
|
||||
+++ libsepol-3.2/cil/src/cil_resolve_ast.c 2021-07-21 15:15:15.559771063 +0200
|
||||
@@ -3788,8 +3788,11 @@
|
||||
}
|
||||
|
||||
if (optstack != NULL) {
|
||||
- if (node->flavor == CIL_TUNABLE || node->flavor == CIL_MACRO) {
|
||||
- /* tuanbles and macros are not allowed in optionals*/
|
||||
+ if (node->flavor == CIL_TUNABLE ||
|
||||
+ node->flavor == CIL_IN ||
|
||||
+ node->flavor == CIL_BLOCK ||
|
||||
+ node->flavor == CIL_BLOCKABSTRACT ||
|
||||
+ node->flavor == CIL_MACRO) {
|
||||
cil_tree_log(node, CIL_ERR, "%s statement is not allowed in optionals", cil_node_to_string(node));
|
||||
rc = SEPOL_ERR;
|
||||
goto exit;
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 21 13:16:54 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
|
||||
Added CVE-2021-36087.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 5 11:31:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
|
@ -30,6 +30,7 @@ Source2: baselibs.conf
|
||||
# all upstream, remove in next version
|
||||
Patch0: CVE-2021-36085.patch
|
||||
Patch1: CVE-2021-36086.patch
|
||||
Patch2: CVE-2021-36087.patch
|
||||
BuildRequires: flex
|
||||
BuildRequires: pkgconfig
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -91,7 +92,9 @@ policies.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autopatch -p2
|
||||
%patch0 -p2
|
||||
%patch1 -p2
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
%define _lto_cflags %{nil}
|
||||
|
Loading…
Reference in New Issue
Block a user