Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

checkpolicy/oss-fuzz: add libfuzz based fuzzer #313

Closed
wants to merge 15 commits into from
Closed

checkpolicy/oss-fuzz: add libfuzz based fuzzer #313

wants to merge 15 commits into from

Commits on Jan 22, 2024

  1. checkpolicy: add libfuzz based fuzzer 

    Introduce a libfuzz[1] based fuzzer testing the parsing and policy
generation code used within checkpolicy(8) and checkmodule(8), similar
to the fuzzer for secilc(8).
The fuzzer will work on generated source policy input and try to parse,
link, expand, optimize, sort and output it.
This fuzzer will also ensure policy validation is not too strict by
checking compilable source policies are valid.

Build the fuzzer in the oss-fuzz script.

[1]: https://llvm.org/docs/LibFuzzer.html

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    8aed880 View commit details
    Browse the repository at this point in the history

  2. checkpolicy: cleanup resources on parse error 

    Close the input file and free all memory by the queue and lexer on a
syntax or parse error.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    e7ba55f View commit details
    Browse the repository at this point in the history

  3. checkpolicy: cleanup identifiers on error 

    Free identifiers removed from the queue but not yet owned by the policy
on errors.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    748bbaf View commit details
    Browse the repository at this point in the history

  4. checkpolicy: free ebitmap on error 

    Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    7a38093 View commit details
    Browse the repository at this point in the history

  5. checkpolicy: check allocation and free memory on error at type defini… 

    …tion

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    8ec2078 View commit details
    Browse the repository at this point in the history

  6. checkpolicy: clean expression on error 

    The passed expression needs to be transferred into the policy or free'd
by the sink functions define_constraint() and define_validatetrans().

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    cf8fcbc View commit details
    Browse the repository at this point in the history

  7. checkpolicy: call YYABORT on parse errors 

    Calling the parser macro YYABORT allows the parser to cleanup up any
allocated resources before returning.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    b8d7c36 View commit details
    Browse the repository at this point in the history

  8. checkpolicy: bail out on invalid role 

    Return early on invalid roles in user definition.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    ee32f0b View commit details
    Browse the repository at this point in the history

  9. libsepol: use typedef 

    Convert the only usage of the raw type struct level_datum to use the
typedef.  Simplifies refactorizations on the type.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    7a21205 View commit details
    Browse the repository at this point in the history

  10. libsepol: add copy member to level_datum 

    Add a new member to the struct level_datum to indicate whether the
member `level` is owned by the current instance, and free it on cleanup
only then.

This helps to implement a fix for a use-after-free issue in the
checkpolicy(8) compiler.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    ce8ddaf View commit details
    Browse the repository at this point in the history

  11. checkpolicy: fix use-after-free on invalid sens alias 

    During compilation sensitivity aliases share the level with their prime
sensitivity, until after the level has been fully defined they are
deduplicated.  If an error happens by that time the cleanup will free
the shared level multiple times, leading to a use-after-free.

Make use of the added new member of the struct level_datum.

Example policy:

    class c sid e class c{i}sensitivity S alias L;

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    ecb67d0 View commit details
    Browse the repository at this point in the history

  12. checkpolicy: provide more descriptive error messages 

    Provide more descriptive error messages by including the identifier
or other kind of value if available.

Also drop duplicate newlines at the end of messages.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    9c7b2be View commit details
    Browse the repository at this point in the history

  13. checkpolicy: free temporary bounds type 

    Free the temporary bounds type in the error branches.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    42fd67e View commit details
    Browse the repository at this point in the history

  14. checkpolicy: avoid assigning garbage values 

    Only assign the computed value on success, since it is not set by
declare_symbol() on failure.

Reported by GCC:

    module_compiler.c: In function 'create_role':
    module_compiler.c:287:24: warning: use of uninitialized value 'value' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
      287 |         datum->s.value = value;
          |         ~~~~~~~~~~~~~~~^~~~~~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    7f429a8 View commit details
    Browse the repository at this point in the history

  15. checkpolicy: misc policy_define.c cleanup 

    Sync function parameter names.

Drop superfluous return value.

  The function avrule_merge_ioctls() has no failure conditions and
  always returns 0.

Drop duplicate include.

Use native type for ranges.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
    @cgzones
    cgzones committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    d4bb604 View commit details
    Browse the repository at this point in the history