mirror of
https://github.com/topjohnwu/selinux.git
synced 2025-02-12 23:08:51 +00:00
f7148d5973
The reading of bin files has been changed to follow that of loading policy to catch over-runs. Entries that should be NUL terminated are also checked. If any error, then process the text file. This should fix all problems highlighted in [1] with V2 fixing those in [2]. V3 corrects int32_t/uint32_t for *_len entries and V4 fixes [3] and adds pcre_fullinfo checks to validate regex and study data sizes. pcre_fullinfo also validates its magic number. Tested with bin files built using sefcontext_compile PCRE_VERS 1 and 2. The following is a rough guide to the difference in processing a bin file against a text file: 6K entries - x5 4K entries - x4 1K entries - x3 500 entries - x2 [1] http://marc.info/?l=selinux&m=143101983922281&w=2 [2] http://marc.info/?l=selinux&m=143161763905159&w=2 [3] http://marc.info/?l=selinux&m=143204170705586&w=2 Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>