** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libselinux in Ubuntu. https://bugs.launchpad.net/bugs/1662397
Title: a suspicious integer overflow in libselinux/src/compute_user.c : 54 Status in libselinux package in Ubuntu: New Bug description: Hello. A suspicious integer overflow is found in libselinux/src/compute_user.c : 54. The source code is here. (https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/compute_user.c#L54) If variable "nel" can be crafted as 0xffff ffff, the integer addition at line 54 would overflow to 0, leading to no memory space allocated. This would further lead to buffer overflow at line 62 in a loop. Note that vulnerable "nel" is read from a file "selinux_mnt/user", following the path, i.e. line 27, line 28, line 45 and line 49. Since I'm not an expert in the source code of libselinux, I'm not sure whether "nel" can be assigned with that very big integer (0xffff ffff). If so, this issue is a severe bug definitely. If not, it is a false positive and please ignore it. Thanks a lot. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libselinux/+bug/1662397/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp