libselinux/backport-libselinux-Fix-potential-undefined-shifts.patch

From c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4 Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Fri, 8 Oct 2021 15:07:36 -0400
Reference:https://github.com/SELinuxProject/selinux/commit/c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4
Conflict:adapter filepath
Subject: [PATCH] libselinux: Fix potential undefined shifts

An expression of the form "1 << x" is undefined if x == 31 because
the "1" is an int and cannot be left shifted by 31.

Instead, use "UINT32_C(1) << x" which will be an unsigned int of
at least 32 bits.

Signed-off-by: James Carter <jwcart2@gmail.com>
Signed-off-by: lujie42  <lujie42@huawei.com>
---
 src/mapping.c   | 22 +++++++++++-----------
 src/stringrep.c |  8 ++++----
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/mapping.c b/src/mapping.c
index 96395fd4..dd2f1039 100644
--- a/src/mapping.c
+++ b/src/mapping.c
@@ -144,9 +144,9 @@ unmap_perm(security_class_t tclass, access_vector_t tperm)
 		access_vector_t kperm = 0;
 
 		for (i = 0; i < current_mapping[tclass].num_perms; i++)
-			if (tperm & (1<<i)) {
+			if (tperm & (UINT32_C(1)<<i)) {
 				kperm |= current_mapping[tclass].perms[i];
-				tperm &= ~(1<<i);
+				tperm &= ~(UINT32_C(1)<<i);
 			}
 		return kperm;
 	}
@@ -191,7 +191,7 @@ map_perm(security_class_t tclass, access_vector_t kperm)
 
 		for (i = 0; i < current_mapping[tclass].num_perms; i++)
 			if (kperm & current_mapping[tclass].perms[i]) {
-				tperm |= 1<<i;
+				tperm |= UINT32_C(1)<<i;
 				kperm &= ~current_mapping[tclass].perms[i];
 			}
 
@@ -216,30 +216,30 @@ map_decision(security_class_t tclass, struct av_decision *avd)
 
 		for (i = 0, result = 0; i < n; i++) {
 			if (avd->allowed & mapping->perms[i])
-				result |= 1<<i;
+				result |= UINT32_C(1)<<i;
 			else if (allow_unknown && !mapping->perms[i])
-				result |= 1<<i;
+				result |= UINT32_C(1)<<i;
 		}
 		avd->allowed = result;
 
 		for (i = 0, result = 0; i < n; i++) {
 			if (avd->decided & mapping->perms[i])
-				result |= 1<<i;
+				result |= UINT32_C(1)<<i;
 			else if (allow_unknown && !mapping->perms[i])
-				result |= 1<<i;
+				result |= UINT32_C(1)<<i;
 		}
 		avd->decided = result;
 
 		for (i = 0, result = 0; i < n; i++)
 			if (avd->auditallow & mapping->perms[i])
-				result |= 1<<i;
+				result |= UINT32_C(1)<<i;
 		avd->auditallow = result;
 
 		for (i = 0, result = 0; i < n; i++) {
 			if (avd->auditdeny & mapping->perms[i])
-				result |= 1<<i;
+				result |= UINT32_C(1)<<i;
 			else if (!allow_unknown && !mapping->perms[i])
-				result |= 1<<i;
+				result |= UINT32_C(1)<<i;
 		}
 
 		/*
@@ -248,7 +248,7 @@ map_decision(security_class_t tclass, struct av_decision *avd)
 		 * a bug in the object manager.
 		 */
 		for (; i < (sizeof(result)*8); i++)
-			result |= 1<<i;
+			result |= UINT32_C(1)<<i;
 		avd->auditdeny = result;
 	}
 }
diff --git a/src/stringrep.c b/src/stringrep.c
index 012a740a..2fe69f43 100644
--- a/src/stringrep.c
+++ b/src/stringrep.c
@@ -229,7 +229,7 @@ access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
 		size_t i;
 		for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)
 			if (strcmp(node->perms[i],s) == 0)
-				return map_perm(tclass, 1<<i);
+				return map_perm(tclass, UINT32_C(1)<<i);
 	}
 
 	errno = EINVAL;
@@ -261,7 +261,7 @@ const char *security_av_perm_to_string(security_class_t tclass,
 	node = get_class_cache_entry_value(tclass);
 	if (av && node)
 		for (i = 0; i<MAXVECTORS; i++)
-			if ((1<<i) & av)
+			if ((UINT32_C(1)<<i) & av)
 				return node->perms[i];
 
 	return NULL;
@@ -279,7 +279,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
 	/* first pass computes the required length */
 	for (i = 0; tmp; tmp >>= 1, i++) {
 		if (tmp & 1) {
-			str = security_av_perm_to_string(tclass, av & (1<<i));
+			str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
 			if (str)
 				len += strlen(str) + 1;
 		}
@@ -303,7 +303,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
 	ptr += sprintf(ptr, "{ ");
 	for (i = 0; tmp; tmp >>= 1, i++) {
 		if (tmp & 1) {
-			str = security_av_perm_to_string(tclass, av & (1<<i));
+			str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
 			if (str)
 				ptr += sprintf(ptr, "%s ", str);
 		}
-- 
1.8.3.1
fix potential undefined shifts 2021-11-15 20:58:55 +08:00			`From c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4 Mon Sep 17 00:00:00 2001`
			`From: James Carter <jwcart2@gmail.com>`
			`Date: Fri, 8 Oct 2021 15:07:36 -0400`
			`Reference:https://github.com/SELinuxProject/selinux/commit/c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4`
			`Conflict:adapter filepath`
			`Subject: [PATCH] libselinux: Fix potential undefined shifts`

			`An expression of the form "1 << x" is undefined if x == 31 because`
			`the "1" is an int and cannot be left shifted by 31.`

			`Instead, use "UINT32_C(1) << x" which will be an unsigned int of`
			`at least 32 bits.`

			`Signed-off-by: James Carter <jwcart2@gmail.com>`
			`Signed-off-by: lujie42 <lujie42@huawei.com>`
			`---`
			`src/mapping.c \| 22 +++++++++++-----------`
			`src/stringrep.c \| 8 ++++----`
			`2 files changed, 15 insertions(+), 15 deletions(-)`

			`diff --git a/src/mapping.c b/src/mapping.c`
			`index 96395fd4..dd2f1039 100644`
			`--- a/src/mapping.c`
			`+++ b/src/mapping.c`
			`@@ -144,9 +144,9 @@ unmap_perm(security_class_t tclass, access_vector_t tperm)`
			`access_vector_t kperm = 0;`

			`for (i = 0; i < current_mapping[tclass].num_perms; i++)`
			`- if (tperm & (1<<i)) {`
			`+ if (tperm & (UINT32_C(1)<<i)) {`
			`kperm \|= current_mapping[tclass].perms[i];`
			`- tperm &= ~(1<<i);`
			`+ tperm &= ~(UINT32_C(1)<<i);`
			`}`
			`return kperm;`
			`}`
			`@@ -191,7 +191,7 @@ map_perm(security_class_t tclass, access_vector_t kperm)`

			`for (i = 0; i < current_mapping[tclass].num_perms; i++)`
			`if (kperm & current_mapping[tclass].perms[i]) {`
			`- tperm \|= 1<<i;`
			`+ tperm \|= UINT32_C(1)<<i;`
			`kperm &= ~current_mapping[tclass].perms[i];`
			`}`

			`@@ -216,30 +216,30 @@ map_decision(security_class_t tclass, struct av_decision *avd)`

			`for (i = 0, result = 0; i < n; i++) {`
			`if (avd->allowed & mapping->perms[i])`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`else if (allow_unknown && !mapping->perms[i])`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`}`
			`avd->allowed = result;`

			`for (i = 0, result = 0; i < n; i++) {`
			`if (avd->decided & mapping->perms[i])`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`else if (allow_unknown && !mapping->perms[i])`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`}`
			`avd->decided = result;`

			`for (i = 0, result = 0; i < n; i++)`
			`if (avd->auditallow & mapping->perms[i])`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`avd->auditallow = result;`

			`for (i = 0, result = 0; i < n; i++) {`
			`if (avd->auditdeny & mapping->perms[i])`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`else if (!allow_unknown && !mapping->perms[i])`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`}`

			`/*`
			`@@ -248,7 +248,7 @@ map_decision(security_class_t tclass, struct av_decision *avd)`
			`* a bug in the object manager.`
			`*/`
			`for (; i < (sizeof(result)*8); i++)`
			`- result \|= 1<<i;`
			`+ result \|= UINT32_C(1)<<i;`
			`avd->auditdeny = result;`
			`}`
			`}`
			`diff --git a/src/stringrep.c b/src/stringrep.c`
			`index 012a740a..2fe69f43 100644`
			`--- a/src/stringrep.c`
			`+++ b/src/stringrep.c`
			`@@ -229,7 +229,7 @@ access_vector_t string_to_av_perm(security_class_t tclass, const char *s)`
			`size_t i;`
			`for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)`
			`if (strcmp(node->perms[i],s) == 0)`
			`- return map_perm(tclass, 1<<i);`
			`+ return map_perm(tclass, UINT32_C(1)<<i);`
			`}`

			`errno = EINVAL;`
			`@@ -261,7 +261,7 @@ const char *security_av_perm_to_string(security_class_t tclass,`
			`node = get_class_cache_entry_value(tclass);`
			`if (av && node)`
			`for (i = 0; i<MAXVECTORS; i++)`
			`- if ((1<<i) & av)`
			`+ if ((UINT32_C(1)<<i) & av)`
			`return node->perms[i];`

			`return NULL;`
			`@@ -279,7 +279,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)`
			`/* first pass computes the required length */`
			`for (i = 0; tmp; tmp >>= 1, i++) {`
			`if (tmp & 1) {`
			`- str = security_av_perm_to_string(tclass, av & (1<<i));`
			`+ str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));`
			`if (str)`
			`len += strlen(str) + 1;`
			`}`
			`@@ -303,7 +303,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)`
			`ptr += sprintf(ptr, "{ ");`
			`for (i = 0; tmp; tmp >>= 1, i++) {`
			`if (tmp & 1) {`
			`- str = security_av_perm_to_string(tclass, av & (1<<i));`
			`+ str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));`
			`if (str)`
			`ptr += sprintf(ptr, "%s ", str);`
			`}`
			`--`
			`1.8.3.1`