* [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d
@ 2024-03-13 11:10 Christian Göttsche
2024-03-13 11:10 ` [PATCH 2/5] libselinux/utils/selabel_digest: cleanup Christian Göttsche
` (4 more replies)
0 siblings, 5 replies; 7+ messages in thread
From: Christian Göttsche @ 2024-03-13 11:10 UTC (permalink / raw
To: selinux
The command line option -d is not supported, drop from usage message.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/utils/selabel_digest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index bf22b472..50f55311 100644
--- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c
@@ -11,7 +11,7 @@ static size_t digest_len;
static __attribute__ ((__noreturn__)) void usage(const char *progname)
{
fprintf(stderr,
- "usage: %s -b backend [-d] [-v] [-B] [-i] [-f file]\n\n"
+ "usage: %s -b backend [-v] [-B] [-i] [-f file]\n\n"
"Where:\n\t"
"-b The backend - \"file\", \"media\", \"x\", \"db\" or "
"\"prop\"\n\t"
--
2.43.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/5] libselinux/utils/selabel_digest: cleanup
2024-03-13 11:10 [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d Christian Göttsche
@ 2024-03-13 11:10 ` Christian Göttsche
2024-03-13 11:10 ` [PATCH 3/5] libselinux/utils/selabel_digest: avoid buffer overflow Christian Göttsche
` (3 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Christian Göttsche @ 2024-03-13 11:10 UTC (permalink / raw
To: selinux
Avoid global variable.
Constify read-only parameters.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/utils/selabel_digest.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index 50f55311..db0d443a 100644
--- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c
@@ -6,8 +6,6 @@
#include <selinux/selinux.h>
#include <selinux/label.h>
-static size_t digest_len;
-
static __attribute__ ((__noreturn__)) void usage(const char *progname)
{
fprintf(stderr,
@@ -25,11 +23,11 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
exit(1);
}
-static int run_check_digest(char *cmd, char *selabel_digest)
+static int run_check_digest(const char *cmd, const char *selabel_digest, size_t digest_len)
{
FILE *fp;
char files_digest[128];
- char *files_ptr;
+ const char *files_ptr;
int rc = 0;
fp = popen(cmd, "r");
@@ -64,7 +62,7 @@ int main(int argc, char **argv)
char *baseonly = NULL, *file = NULL, *digest = (char *)1;
char **specfiles = NULL;
unsigned char *sha1_digest = NULL;
- size_t i, num_specfiles;
+ size_t digest_len, i, num_specfiles;
char cmd_buf[4096];
char *cmd_ptr;
@@ -181,7 +179,7 @@ int main(int argc, char **argv)
sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha1 -hex");
if (validate)
- rc = run_check_digest(cmd_buf, sha1_buf);
+ rc = run_check_digest(cmd_buf, sha1_buf, digest_len);
}
free(sha1_buf);
--
2.43.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/5] libselinux/utils/selabel_digest: avoid buffer overflow
2024-03-13 11:10 [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d Christian Göttsche
2024-03-13 11:10 ` [PATCH 2/5] libselinux/utils/selabel_digest: cleanup Christian Göttsche
@ 2024-03-13 11:10 ` Christian Göttsche
2024-03-13 11:10 ` [PATCH 4/5] libselinux: free data on selabel open failure Christian Göttsche
` (2 subsequent siblings)
4 siblings, 0 replies; 7+ messages in thread
From: Christian Göttsche @ 2024-03-13 11:10 UTC (permalink / raw
To: selinux
In case the specfiles have very long paths or there are too many abort
instead of writing past the stack buffer.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/utils/selabel_digest.c | 45 ++++++++++++++++++++++++-------
1 file changed, 36 insertions(+), 9 deletions(-)
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index db0d443a..64051070 100644
--- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c
@@ -66,7 +66,7 @@ int main(int argc, char **argv)
char cmd_buf[4096];
char *cmd_ptr;
- char *sha1_buf;
+ char *sha1_buf = NULL;
struct selabel_handle *hnd;
struct selinux_opt selabel_option[] = {
@@ -167,23 +167,50 @@ int main(int argc, char **argv)
printf("calculated using the following specfile(s):\n");
if (specfiles) {
- cmd_ptr = &cmd_buf[0];
- sprintf(cmd_ptr, "/usr/bin/cat ");
- cmd_ptr = &cmd_buf[0] + strlen(cmd_buf);
+ size_t cmd_rem = sizeof(cmd_buf);
+ int ret;
+
+ if (validate) {
+ cmd_ptr = &cmd_buf[0];
+ ret = snprintf(cmd_ptr, cmd_rem, "/usr/bin/cat ");
+ if (ret < 0 || (size_t)ret >= cmd_rem) {
+ fprintf(stderr, "Could not format validate command\n");
+ rc = -1;
+ goto err;
+ }
+ cmd_ptr += ret;
+ cmd_rem -= ret;
+ }
for (i = 0; i < num_specfiles; i++) {
- sprintf(cmd_ptr, "%s ", specfiles[i]);
- cmd_ptr += strlen(specfiles[i]) + 1;
+ if (validate) {
+ ret = snprintf(cmd_ptr, cmd_rem, "%s ", specfiles[i]);
+ if (ret < 0 || (size_t)ret >= cmd_rem) {
+ fprintf(stderr, "Could not format validate command\n");
+ rc = -1;
+ goto err;
+ }
+ cmd_ptr += ret;
+ cmd_rem -= ret;
+ }
+
printf("%s\n", specfiles[i]);
}
- sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha1 -hex");
- if (validate)
+ if (validate) {
+ ret = snprintf(cmd_ptr, cmd_rem, "| /usr/bin/openssl dgst -sha1 -hex");
+ if (ret < 0 || (size_t)ret >= cmd_rem) {
+ fprintf(stderr, "Could not format validate command\n");
+ rc = -1;
+ goto err;
+ }
+
rc = run_check_digest(cmd_buf, sha1_buf, digest_len);
+ }
}
- free(sha1_buf);
err:
+ free(sha1_buf);
selabel_close(hnd);
return rc;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 4/5] libselinux: free data on selabel open failure
2024-03-13 11:10 [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d Christian Göttsche
2024-03-13 11:10 ` [PATCH 2/5] libselinux/utils/selabel_digest: cleanup Christian Göttsche
2024-03-13 11:10 ` [PATCH 3/5] libselinux/utils/selabel_digest: avoid buffer overflow Christian Göttsche
@ 2024-03-13 11:10 ` Christian Göttsche
2024-03-13 11:10 ` [PATCH 5/5] libselinux/utils/selabel_digest: pass BASEONLY only for file backend Christian Göttsche
2024-03-14 16:06 ` [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d James Carter
4 siblings, 0 replies; 7+ messages in thread
From: Christian Göttsche @ 2024-03-13 11:10 UTC (permalink / raw
To: selinux
In case the init function for a selabel backend fails, free the possible
already allocated data:
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x5e7e2bf001e3 in malloc (/tmp/destdir/usr/sbin/selabel_digest+0xc71e3)
#1 0x7233764baa65 in selabel_media_init /home/christian/Coding/workspaces/selinux/libselinux/src/label_media.c:226:30
#2 0x7233764ac1fe in selabel_open /home/christian/Coding/workspaces/selinux/libselinux/src/label.c:227:6
#3 0x5e7e2bf3ebfc in main /home/christian/Coding/workspaces/selinux/libselinux/utils/selabel_digest.c:125:8
#4 0x7233761856c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/src/label.c | 5 +----
libselinux/src/label_backends_android.c | 3 +++
libselinux/src/label_db.c | 3 +++
libselinux/src/label_file.c | 3 +++
libselinux/src/label_media.c | 3 +++
libselinux/src/label_x.c | 3 +++
6 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index d2e703ef..06d743ec 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -225,10 +225,7 @@ struct selabel_handle *selabel_open(unsigned int backend,
rec->digest = selabel_is_digest_set(opts, nopts);
if ((*initfuncs[backend])(rec, opts, nopts)) {
- if (rec->digest)
- selabel_digest_fini(rec->digest);
- free(rec->spec_file);
- free(rec);
+ selabel_close(rec);
rec = NULL;
}
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index 33a17236..49a87686 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -246,6 +246,9 @@ static void closef(struct selabel_handle *rec)
struct spec *spec;
unsigned int i;
+ if (!data)
+ return;
+
for (i = 0; i < data->nspec; i++) {
spec = &data->spec_arr[i];
free(spec->property_key);
diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
index 2ff10b2f..40d5fc4a 100644
--- a/libselinux/src/label_db.c
+++ b/libselinux/src/label_db.c
@@ -178,6 +178,9 @@ db_close(struct selabel_handle *rec)
spec_t *spec;
unsigned int i;
+ if (!catalog)
+ return;
+
for (i = 0; i < catalog->nspec; i++) {
spec = &catalog->specs[i];
free(spec->key);
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 3b2bda97..2732972e 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -904,6 +904,9 @@ static void closef(struct selabel_handle *rec)
struct stem *stem;
unsigned int i;
+ if (!data)
+ return;
+
selabel_subs_fini(data->subs);
selabel_subs_fini(data->dist_subs);
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
index fad5ea6d..94a58062 100644
--- a/libselinux/src/label_media.c
+++ b/libselinux/src/label_media.c
@@ -167,6 +167,9 @@ static void close(struct selabel_handle *rec)
struct spec *spec, *spec_arr = data->spec_arr;
unsigned int i;
+ if (!data)
+ return;
+
for (i = 0; i < data->nspec; i++) {
spec = &spec_arr[i];
free(spec->key);
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
index bf569ca5..f994eefa 100644
--- a/libselinux/src/label_x.c
+++ b/libselinux/src/label_x.c
@@ -194,6 +194,9 @@ static void close(struct selabel_handle *rec)
struct spec *spec, *spec_arr = data->spec_arr;
unsigned int i;
+ if (!data)
+ return;
+
for (i = 0; i < data->nspec; i++) {
spec = &spec_arr[i];
free(spec->key);
--
2.43.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 5/5] libselinux/utils/selabel_digest: pass BASEONLY only for file backend
2024-03-13 11:10 [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d Christian Göttsche
` (2 preceding siblings ...)
2024-03-13 11:10 ` [PATCH 4/5] libselinux: free data on selabel open failure Christian Göttsche
@ 2024-03-13 11:10 ` Christian Göttsche
2024-03-14 16:06 ` [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d James Carter
4 siblings, 0 replies; 7+ messages in thread
From: Christian Göttsche @ 2024-03-13 11:10 UTC (permalink / raw
To: selinux
Since commit 65c8fd45 ("libselinux: fail selabel_open(3) on invalid
option") selabel_open(3) rejects options not supported for the
respective backend. Pass SELABEL_OPT_BASEONLY only if the file backend
is selected.
Reported-by: zgzxx (https://github.com/SELinuxProject/selinux/issues/427)
Fixes: 65c8fd45 ("libselinux: fail selabel_open(3) on invalid option")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/utils/selabel_digest.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index 64051070..47aad21f 100644
--- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c
@@ -71,8 +71,8 @@ int main(int argc, char **argv)
struct selabel_handle *hnd;
struct selinux_opt selabel_option[] = {
{ SELABEL_OPT_PATH, file },
- { SELABEL_OPT_BASEONLY, baseonly },
- { SELABEL_OPT_DIGEST, digest }
+ { SELABEL_OPT_DIGEST, digest },
+ { SELABEL_OPT_BASEONLY, baseonly }
};
if (argc < 3)
@@ -119,10 +119,10 @@ int main(int argc, char **argv)
memset(cmd_buf, 0, sizeof(cmd_buf));
selabel_option[0].value = file;
- selabel_option[1].value = baseonly;
- selabel_option[2].value = digest;
+ selabel_option[1].value = digest;
+ selabel_option[2].value = baseonly;
- hnd = selabel_open(backend, selabel_option, 3);
+ hnd = selabel_open(backend, selabel_option, backend == SELABEL_CTX_FILE ? 3 : 2);
if (!hnd) {
switch (errno) {
case EOVERFLOW:
--
2.43.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d
2024-03-13 11:10 [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d Christian Göttsche
` (3 preceding siblings ...)
2024-03-13 11:10 ` [PATCH 5/5] libselinux/utils/selabel_digest: pass BASEONLY only for file backend Christian Göttsche
@ 2024-03-14 16:06 ` James Carter
2024-03-20 20:06 ` James Carter
4 siblings, 1 reply; 7+ messages in thread
From: James Carter @ 2024-03-14 16:06 UTC (permalink / raw
To: Christian Göttsche; +Cc: selinux
On Wed, Mar 13, 2024 at 7:12 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> The command line option -d is not supported, drop from usage message.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
For these 5 patches:
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libselinux/utils/selabel_digest.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
> index bf22b472..50f55311 100644
> --- a/libselinux/utils/selabel_digest.c
> +++ b/libselinux/utils/selabel_digest.c
> @@ -11,7 +11,7 @@ static size_t digest_len;
> static __attribute__ ((__noreturn__)) void usage(const char *progname)
> {
> fprintf(stderr,
> - "usage: %s -b backend [-d] [-v] [-B] [-i] [-f file]\n\n"
> + "usage: %s -b backend [-v] [-B] [-i] [-f file]\n\n"
> "Where:\n\t"
> "-b The backend - \"file\", \"media\", \"x\", \"db\" or "
> "\"prop\"\n\t"
> --
> 2.43.0
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d
2024-03-14 16:06 ` [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d James Carter
@ 2024-03-20 20:06 ` James Carter
0 siblings, 0 replies; 7+ messages in thread
From: James Carter @ 2024-03-20 20:06 UTC (permalink / raw
To: Christian Göttsche; +Cc: selinux
On Thu, Mar 14, 2024 at 12:06 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, Mar 13, 2024 at 7:12 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > The command line option -d is not supported, drop from usage message.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For these 5 patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>
These 5 patches have been merged.
Thanks,
Jim
> > ---
> > libselinux/utils/selabel_digest.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
> > index bf22b472..50f55311 100644
> > --- a/libselinux/utils/selabel_digest.c
> > +++ b/libselinux/utils/selabel_digest.c
> > @@ -11,7 +11,7 @@ static size_t digest_len;
> > static __attribute__ ((__noreturn__)) void usage(const char *progname)
> > {
> > fprintf(stderr,
> > - "usage: %s -b backend [-d] [-v] [-B] [-i] [-f file]\n\n"
> > + "usage: %s -b backend [-v] [-B] [-i] [-f file]\n\n"
> > "Where:\n\t"
> > "-b The backend - \"file\", \"media\", \"x\", \"db\" or "
> > "\"prop\"\n\t"
> > --
> > 2.43.0
> >
> >
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-03-20 20:06 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-13 11:10 [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d Christian Göttsche
2024-03-13 11:10 ` [PATCH 2/5] libselinux/utils/selabel_digest: cleanup Christian Göttsche
2024-03-13 11:10 ` [PATCH 3/5] libselinux/utils/selabel_digest: avoid buffer overflow Christian Göttsche
2024-03-13 11:10 ` [PATCH 4/5] libselinux: free data on selabel open failure Christian Göttsche
2024-03-13 11:10 ` [PATCH 5/5] libselinux/utils/selabel_digest: pass BASEONLY only for file backend Christian Göttsche
2024-03-14 16:06 ` [PATCH 1/5] libselinux/utils/selabel_digest: drop unsupported option -d James Carter
2024-03-20 20:06 ` James Carter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).