1382490 – semodule_unpackage segfaults on certain inputs

Bug 1382490 - semodule_unpackage segfaults on certain inputs

Summary: semodule_unpackage segfaults on certain inputs

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	7.3
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Lautrbach
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-06 19:37 UTC by Milos Malik
Modified:	2017-06-29 13:41 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1382472
Clones:	1382760 (view as bug list)
Environment:
Last Closed:	2017-06-29 13:41:58 UTC
Target Upstream Version:

Attachments	(Terms of Use)
first input file found by AFL that crashed semodule_unpackage (1.28 KB, application/octet-stream) 2016-10-06 19:38 UTC, Milos Malik	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Milos Malik 2016-10-06 19:37:32 UTC

Description of problem:
* found by American Fuzzy Lop

Version-Release number of selected component (if applicable):
libselinux-2.5-6.el7.x86_64
libselinux-devel-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libsemanage-2.5-4.el7.x86_64
libsemanage-devel-2.5-4.el7.x86_64
libsemanage-python-2.5-4.el7.x86_64
libsemanage-static-2.5-4.el7.x86_64
libsepol-2.5-6.el7.x86_64
libsepol-devel-2.5-6.el7.x86_64
libsepol-static-2.5-6.el7.x86_64
policycoreutils-2.5-9.el7.x86_64
policycoreutils-devel-2.5-9.el7.x86_64
policycoreutils-python-2.5-9.el7.x86_64

How reproducible:
* always

Steps to Reproduce:
# semodule_unpackage crash3 mypolicy.mod
security: ebitmap: high bit (1) is not a multiple of the map size (64)
security: ebitmap: map size 1 does not match my size 64 (high bit was 64)
security: ebitmap: map size 1 does not match my size 64 (high bit was 0)
Segmentation fault
# echo $?
139
# dmesg | tail -n 1
[ 2949.753911] semodule_unpack[10082]: segfault at 7f18626abfc8 ip 00007f10613f6dd4 sp 00007fff7b7c5200 error 6 in libsepol.so.1[7f10613c8000+95000]
# 

Actual results:
* segfault

Expected results:
* some error message but no segfault

Comment 1 Milos Malik 2016-10-06 19:38:14 UTC

Created attachment 1208028 [details]
first input file found by AFL that crashed semodule_unpackage

Note You need to log in before you can comment on or make changes to this bug.