Bug 1382760 - semodule_link segfaults on certain inputs
Summary: semodule_link segfaults on certain inputs
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: policycoreutils
Version: 7.3
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-07 16:04 UTC by Milos Malik
Modified: 2017-06-29 13:42 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1382490
: 1382769 (view as bug list)
Environment:
Last Closed: 2017-06-29 13:42:15 UTC
Target Upstream Version:


Attachments (Terms of Use)
bzip2 archive of input files causing a crash (125.38 KB, application/x-bzip)
2016-10-07 16:04 UTC, Milos Malik
no flags Details

Description Milos Malik 2016-10-07 16:04:47 UTC
Created attachment 1208185 [details]
bzip2 archive of input files causing a crash

Description of problem:
* found by American Fuzzy Lop

Version-Release number of selected component (if applicable):
libselinux-2.5-6.el7.x86_64
libselinux-debuginfo-2.5-6.el7.x86_64
libselinux-devel-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64
libselinux-ruby-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libsemanage-2.5-4.el7.x86_64
libsemanage-devel-2.5-4.el7.x86_64
libsemanage-python-2.5-4.el7.x86_64
libsemanage-static-2.5-4.el7.x86_64
libsepol-2.5-6.el7.x86_64
libsepol-debuginfo-2.5-6.el7.x86_64
libsepol-devel-2.5-6.el7.x86_64
libsepol-static-2.5-6.el7.x86_64
policycoreutils-2.5-9.el7.x86_64
policycoreutils-debuginfo-2.5-9.el7.x86_64
policycoreutils-devel-2.5-9.el7.x86_64
policycoreutils-gui-2.5-9.el7.x86_64
policycoreutils-newrole-2.5-9.el7.x86_64
policycoreutils-python-2.5-9.el7.x86_64
policycoreutils-sandbox-2.5-9.el7.x86_64
selinux-policy-3.13.1-102.el7.noarch
selinux-policy-devel-3.13.1-102.el7.noarch
selinux-policy-doc-3.13.1-102.el7.noarch
selinux-policy-minimum-3.13.1-102.el7.noarch
selinux-policy-mls-3.13.1-102.el7.noarch
selinux-policy-sandbox-3.13.1-102.el7.noarch
selinux-policy-targeted-3.13.1-102.el7.noarch

How reproducible:
* always

Steps to Reproduce:
# tar jxf crashes.tar.bz2 
# ls -l semodule_link
total 3752
-rw-r--r--. 1 root root   64540 Oct  7 17:49 empty.pp
-rw-------. 1 root root 1888053 Oct  7 17:47 id000000
-rw-------. 1 root root 1888053 Oct  7 17:46 id000001
# semodule_link -o output semodule_link/id000001 semodule_link/empty.pp 
semodule_link:  loading package from file semodule_link/id000001
Segmentation fault
# dmesg | tail -n 1
[26281.682140] semodule_link[10834]: segfault at 0 ip 00007f0637b40544 sp 00007ffea7f02680 error 4 in libsepol.so.1[7f0637b2f000+95000]
# semodule_link -o output semodule_link/id000000 semodule_link/empty.pp
semodule_link:  loading package from file semodule_link/id000000
semodule_link:  loading package from file semodule_link/empty.pp
libsepol.ebitmap_set_bit: bitmap overflow, bit 0xffffffff
libsepol.copy_scope_index: Out of memory!
*** Error in `semodule_link': double free or corruption (out): 0x00007fd735663040 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7fd7334a7503]
/lib64/libsepol.so.1(+0xa63c)[0x7fd733a1d63c]
/lib64/libsepol.so.1(+0xa662)[0x7fd733a1d662]
/lib64/libsepol.so.1(+0xa6bf)[0x7fd733a1d6bf]
/lib64/libsepol.so.1(+0x7982)[0x7fd733a1a982]
/lib64/libsepol.so.1(+0x7b0f)[0x7fd733a1ab0f]
/lib64/libsepol.so.1(+0x7b4c)[0x7fd733a1ab4c]
/lib64/libsepol.so.1(+0x1e764)[0x7fd733a31764]
/lib64/libsepol.so.1(sepol_link_packages+0x68)[0x7fd733a34aa8]
semodule_link(+0xfee)[0x7fd733ecdfee]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fd73344cb35]
semodule_link(+0x1194)[0x7fd733ece194]
======= Memory map: ========
7fd72c000000-7fd72c021000 rw-p 00000000 00:00 0 
7fd72c021000-7fd730000000 ---p 00000000 00:00 0 
7fd732b94000-7fd732ba9000 r-xp 00000000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732ba9000-7fd732da8000 ---p 00015000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732da8000-7fd732da9000 r--p 00014000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732da9000-7fd732daa000 rw-p 00015000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732daa000-7fd732dc1000 r-xp 00000000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732dc1000-7fd732fc0000 ---p 00017000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732fc0000-7fd732fc1000 r--p 00016000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732fc1000-7fd732fc2000 rw-p 00017000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732fc2000-7fd732fc6000 rw-p 00000000 00:00 0 
7fd732fc6000-7fd732fc8000 r-xp 00000000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd732fc8000-7fd7331c8000 ---p 00002000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd7331c8000-7fd7331c9000 r--p 00002000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd7331c9000-7fd7331ca000 rw-p 00003000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd7331ca000-7fd73322a000 r-xp 00000000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd73322a000-7fd733429000 ---p 00060000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd733429000-7fd73342a000 r--p 0005f000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd73342a000-7fd73342b000 rw-p 00060000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd73342b000-7fd7335e1000 r-xp 00000000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7335e1000-7fd7337e1000 ---p 001b6000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7337e1000-7fd7337e5000 r--p 001b6000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7337e5000-7fd7337e7000 rw-p 001ba000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7337e7000-7fd7337ec000 rw-p 00000000 00:00 0 
7fd7337ec000-7fd733810000 r-xp 00000000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733810000-7fd733a0f000 ---p 00024000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733a0f000-7fd733a10000 r--p 00023000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733a10000-7fd733a11000 rw-p 00024000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733a11000-7fd733a13000 rw-p 00000000 00:00 0 
7fd733a13000-7fd733aa8000 r-xp 00000000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733aa8000-7fd733ca8000 ---p 00095000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733ca8000-7fd733ca9000 r--p 00095000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733ca9000-7fd733caa000 rw-p 00096000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733caa000-7fd733cab000 rw-p 00000000 00:00 0 
7fd733cab000-7fd733ccb000 r-xp 00000000 fd:02 33640401                   /usr/lib64/ld-2.17.so
7fd733e9c000-7fd733ea1000 rw-p 00000000 00:00 0 
7fd733ec7000-7fd733eca000 rw-p 00000000 00:00 0 
7fd733eca000-7fd733ecb000 r--p 0001f000 fd:02 33640401                   /usr/lib64/ld-2.17.so
7fd733ecb000-7fd733ecc000 rw-p 00020000 fd:02 33640401                   /usr/lib64/ld-2.17.so
7fd733ecc000-7fd733ecd000 rw-p 00000000 00:00 0 
7fd733ecd000-7fd733ecf000 r-xp 00000000 fd:02 16993335                   /usr/bin/semodule_link
7fd7340ce000-7fd7340cf000 r--p 00001000 fd:02 16993335                   /usr/bin/semodule_link
7fd7340cf000-7fd7340d0000 rw-p 00002000 fd:02 16993335                   /usr/bin/semodule_link
7fd735162000-7fd735669000 rw-p 00000000 00:00 0                          [heap]
7ffdc6ec9000-7ffdc6eea000 rw-p 00000000 00:00 0                          [stack]
7ffdc6f5a000-7ffdc6f5c000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted
# 

Actual results:
* segfaults

Expected results:
* some error message but no segfault


Note You need to log in before you can comment on or make changes to this bug.