From 6fc695cb4a26f09dfeef8b1c24895a707055334e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
Date: Wed, 11 Nov 2020 17:22:33 +0000
Subject: [PATCH] ls: fix crash printing SELinux context for unstatable files

This crash was identified by Cyber Independent Testing Lab:
https://cyber-itl.org/2020/10/28/citl-7000-defects.html
and was introduced with commit v6.9.90-11-g4245876e2

* src/ls.c (gobble_file): Ensure scontext is initialized
in the case where files are not statable.
* tests/ls/selinux-segfault.sh: Renamed from proc-selinux-segfault.sh,
and added test case for broken symlinks.
* tests/local.mk: Adjust for the renamed test.
* NEWS: Mention the bug fix.
---
 src/ls.c                          |  3 +++
 tests/local.mk                    |  2 +-
 tests/ls/proc-selinux-segfault.sh | 27 ---------------------------
 tests/ls/selinux-segfault.sh      | 33 +++++++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+), 28 deletions(-)
 delete mode 100755 tests/ls/proc-selinux-segfault.sh
 create mode 100755 tests/ls/selinux-segfault.sh

diff --git a/src/ls.c b/src/ls.c
index 1f6afbc..1b4834c 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -3424,6 +3424,9 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
              provokes an exit status of 1.  */
           file_failure (command_line_arg,
                         _("cannot access %s"), full_name);
+
+          f->scontext = UNKNOWN_SECURITY_CONTEXT;
+
           if (command_line_arg)
             return 0;
 
diff --git a/tests/local.mk b/tests/local.mk
index 7992003..e1c4675 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -613,7 +613,7 @@ all_tests =					\
   tests/ls/multihardlink.sh			\
   tests/ls/no-arg.sh				\
   tests/ls/no-cap.sh				\
-  tests/ls/proc-selinux-segfault.sh		\
+  tests/ls/selinux-segfault.sh			\
   tests/ls/quote-align.sh			\
   tests/ls/readdir-mountpoint-inode.sh		\
   tests/ls/recursive.sh				\
diff --git a/tests/ls/proc-selinux-segfault.sh b/tests/ls/proc-selinux-segfault.sh
deleted file mode 100755
index 831a00e..0000000
--- a/tests/ls/proc-selinux-segfault.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
-
-# Copyright (C) 2008-2020 Free Software Foundation, Inc.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
-print_ver_ ls
-
-f=/proc/sys
-test -r $f || f=.
-
-ls -l $f > out || fail=1
-
-Exit $fail
diff --git a/tests/ls/selinux-segfault.sh b/tests/ls/selinux-segfault.sh
new file mode 100755
index 0000000..e2b7ef6
--- /dev/null
+++ b/tests/ls/selinux-segfault.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Ensure we don't segfault in selinux handling
+
+# Copyright (C) 2008-2020 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ ls
+
+# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
+f=/proc/sys
+test -r $f || f=.
+ls -l $f > out || fail=1
+
+# ls <= 8.32 would segfault when printing
+# the security context of broken symlink targets
+mkdir sedir || framework_failure_
+ln -sf missing sedir/broken || framework_failure_
+returns_ 1 ls -L -R -Z -m sedir > out || fail=1
+
+Exit $fail
-- 
1.8.3.1