Author: markj Date: Wed Aug 1 03:46:07 2018 New Revision: 337031 URL: https://svnweb.freebsd.org/changeset/base/337031
Log: Require that MAC label buffers be able to store a non-empty string. The buffer size may be used to initialize an sbuf in MAC_POLICY_EXTERNALIZE, and without this constraint it's possible to trigger an assertion failure in the sbuf code. With INVARIANTS disabled, the first attempt to write to the sbuf will fail. Reported by: pho Reviewed by: delphij MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D16527 Modified: head/sys/security/mac/mac_framework.c Modified: head/sys/security/mac/mac_framework.c ============================================================================== --- head/sys/security/mac/mac_framework.c Wed Aug 1 03:21:17 2018 (r337030) +++ head/sys/security/mac/mac_framework.c Wed Aug 1 03:46:07 2018 (r337031) @@ -586,7 +586,9 @@ int mac_check_structmac_consistent(struct mac *mac) { - if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN) + /* Require that labels have a non-zero length. */ + if (mac->m_buflen > MAC_MAX_LABEL_BUF_LEN || + mac->m_buflen <= sizeof("")) return (EINVAL); return (0); _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
