git: fa4352b74580 - main - MAC/do: parse_rule_element(): Bug in parsing the origin ID
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Dec 2024 14:46:01 UTC
The branch main has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=fa4352b74580832d7b501d34d09a564438a82c3d
commit fa4352b74580832d7b501d34d09a564438a82c3d
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-05 11:49:27 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-12-16 14:42:37 +0000
MAC/do: parse_rule_element(): Bug in parsing the origin ID
The ID field was allowed to be empty, which would be then parsed as 0 by
strtol(). There remains bugs in this function, where parsing for from-
or to- IDs accepts spaces and produces 0, but this will conveniently be
fixed in a later commit introducing strtoui_strict().
Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47612
---
sys/security/mac_do/mac_do.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 4ef9b68bf513..edd728ea070a 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -105,7 +105,7 @@ parse_rule_element(char *element, struct rule **rule)
}
id = strsep(&element, ":");
- if (id == NULL) {
+ if (id == NULL || *id == '\0') {
error = EINVAL;
goto error;
}