libsepol/cil: Check that sym_index is within bounds

Make sure sym_index is within the bounds of symtab array before using it to index the array. Fixes: Error: OVERRUN (CWE-119): libsepol-3.6/cil/src/cil_resolve_ast.c:3157: assignment: Assigning: "sym_index" = "CIL_SYM_UNKNOWN". libsepol-3.6/cil/src/cil_resolve_ast.c:3189: overrun-call: Overrunning callee's array of size 19 by passing argument "sym_index" (which evaluates to 20) in call to "cil_resolve_name". \# 3187| switch (curr->flavor) { \# 3188| case CIL_STRING: \# 3189|-> rc = cil_resolve_name(parent, curr->data, sym_index, db, &res_datum); \# 3190| if (rc != SEPOL_OK) { \# 3191| goto exit; Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
stephensmalley · Jul 30, 2024 · fe8ae55 · fe8ae55
1 parent 84a33fb
commit fe8ae55
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
@@ -4291,7 +4291,7 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en
 	int rc = SEPOL_ERR;
 	struct cil_tree_node *node = NULL;
 
-	if (name == NULL) {
+	if (name == NULL || sym_index >= CIL_SYM_NUM) {
 		cil_log(CIL_ERR, "Invalid call to cil_resolve_name\n");
 		goto exit;
 	}