checkpolicy bombing on Fedora devel...

Stephen Smalley sds at tycho.nsa.gov
Tue Sep 20 20:41:26 UTC 2005 

On Tue, 2005-09-20 at 16:31 -0400, Valdis.Kletnieks at vt.edu wrote:
> Something is causing checkpolicy to segfault.  I ended up building
> it from the .src.rpm so it was compiled with -g and not stripped.
> 
> checkpolicy-1.27.1-1, libselinux-1.26-6, updated to -devel tree as of this morning.
> 
> gdb then says:
> 
> (gdb) run -M -o policy.20 policy.conf
> Starting program: /usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy -M -o policy.20 policy.conf
> Reading symbols from shared object read from target memory...done.
> Loaded system supplied DSO at 0xffffe000
> /usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy:  loading policy configuration from policy.conf
> 
> Program received signal SIGSEGV, Segmentation fault.
> parse_categories (id=0x8bbff28 "s0", levdatum=0x80a75b8, cats=0x80a00bc)
>     at policy_parse.y:3569
> 3569                    range_start = range_end = cdatum->value - 1;
> (gdb) where
> #0  parse_categories (id=0x8bbff28 "s0", levdatum=0x80a75b8, cats=0x80a00bc)
>     at policy_parse.y:3569
> #1  0x0804f340 in parse_security_context (c=0x80a00ac) at policy_parse.y:3850
> #2  0x080534f2 in yyparse () at policy_parse.y:3925
> #3  0x0804a743 in main (argc=5, argv=0xbfeecd74) at checkpolicy.c:549
> 
> This ring any bells?  Have I dorked up a file ('users' most likely) during the
> conversion to MCS in a way that didn't flag a syntax error but causes a crash?
> Hints, etc accepted..

>From the info above, you have an id "s0" that is a sensitivity rather
than a category, so the hashtab_search fails, but that code path fails
to check for such failure and thus crashes rather than reporting it.
Try the patch below.

Index: checkpolicy/policy_parse.y
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/checkpolicy/policy_parse.y,v
retrieving revision 1.43
diff -u -p -r1.43 policy_parse.y
--- checkpolicy/policy_parse.y	16 Sep 2005 17:24:11 -0000	1.43
+++ checkpolicy/policy_parse.y	20 Sep 2005 20:38:34 -0000
@@ -3566,6 +3566,11 @@ parse_categories(char *id, level_datum_t
 	} else {
 		cdatum = (cat_datum_t *)hashtab_search(policydbp->p_cats.table,
 		                                       (hashtab_key_t)id);
+		if (!cdatum) {
+			sprintf(errormsg, "unknown category %s", id);
+			yyerror(errormsg);
+			return -1;
+		}
 		range_start = range_end = cdatum->value - 1;
 	}
 

-- 
Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list