packages/coreutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
coreutils/backport-ls-fix-crash-printing-SELinux-context-for-unstatable.patch
wangchen2020 b11a8e419b backport patches from upstream
2021-01-11 19:43:32 +08:00

127 lines
4.4 KiB
Diff
Raw Blame History

From 6fc695cb4a26f09dfeef8b1c24895a707055334e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
Date: Wed, 11 Nov 2020 17:22:33 +0000
Subject: [PATCH] ls: fix crash printing SELinux context for unstatable files
This crash was identified by Cyber Independent Testing Lab:
https://cyber-itl.org/2020/10/28/citl-7000-defects.html
and was introduced with commit v6.9.90-11-g4245876e2
* src/ls.c (gobble_file): Ensure scontext is initialized
in the case where files are not statable.
* tests/ls/selinux-segfault.sh: Renamed from proc-selinux-segfault.sh,
and added test case for broken symlinks.
* tests/local.mk: Adjust for the renamed test.
* NEWS: Mention the bug fix.
---
src/ls.c | 3 +++
tests/local.mk | 2 +-
tests/ls/proc-selinux-segfault.sh | 27 ---------------------------
tests/ls/selinux-segfault.sh | 33 +++++++++++++++++++++++++++++++++
4 files changed, 40 insertions(+), 28 deletions(-)
delete mode 100755 tests/ls/proc-selinux-segfault.sh
create mode 100755 tests/ls/selinux-segfault.sh
diff --git a/src/ls.c b/src/ls.c
index 1f6afbc..1b4834c 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -3424,6 +3424,9 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
provokes an exit status of 1. */
file_failure (command_line_arg,
_("cannot access %s"), full_name);
+
+ f->scontext = UNKNOWN_SECURITY_CONTEXT;
+
if (command_line_arg)
return 0;
diff --git a/tests/local.mk b/tests/local.mk
index 7992003..e1c4675 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -613,7 +613,7 @@ all_tests = \
tests/ls/multihardlink.sh \
tests/ls/no-arg.sh \
tests/ls/no-cap.sh \
- tests/ls/proc-selinux-segfault.sh \
+ tests/ls/selinux-segfault.sh \
tests/ls/quote-align.sh \
tests/ls/readdir-mountpoint-inode.sh \
tests/ls/recursive.sh \
diff --git a/tests/ls/proc-selinux-segfault.sh b/tests/ls/proc-selinux-segfault.sh
deleted file mode 100755
index 831a00e..0000000
--- a/tests/ls/proc-selinux-segfault.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
-
-# Copyright (C) 2008-2020 Free Software Foundation, Inc.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
-print_ver_ ls
-
-f=/proc/sys
-test -r $f || f=.
-
-ls -l $f > out || fail=1
-
-Exit $fail
diff --git a/tests/ls/selinux-segfault.sh b/tests/ls/selinux-segfault.sh
new file mode 100755
index 0000000..e2b7ef6
--- /dev/null
+++ b/tests/ls/selinux-segfault.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Ensure we don't segfault in selinux handling
+
+# Copyright (C) 2008-2020 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ ls
+
+# ls -l /proc/sys would segfault when built against libselinux1 2.0.15-2+b1
+f=/proc/sys
+test -r $f || f=.
+ls -l $f > out || fail=1
+
+# ls <= 8.32 would segfault when printing
+# the security context of broken symlink targets
+mkdir sedir || framework_failure_
+ln -sf missing sedir/broken || framework_failure_
+returns_ 1 ls -L -R -Z -m sedir > out || fail=1
+
+Exit $fail
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink