libselinux/backport-libselinux-use-reentrant-strtok_r-3.patch

From 82195e77e317d322dd9b5fc31d402462d6845357 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 15 Jan 2024 14:36:01 +0100
Subject: [PATCH] libselinux: use reentrant strtok_r(3)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use the reentrant version strtok_r(3) instead of strtok(3) to avoid
potential data races with concurrent threads.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>

Reference:https://github.com/SELinuxProject/selinux/commit/82195e77e317d322dd9b5fc31d402462d6845357
Conflict:path adapt

---
 src/selinux_restorecon.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index 38f10f1c..acb729c8 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
 	int index = 0, found = 0;
 	uint64_t nfile = 0;
 	char *mount_info[4];
-	char *buf = NULL, *item;
+	char *buf = NULL, *item, *saveptr;
 
 	/* Check to see if the kernel supports seclabel */
 	if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
@@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void)
 	while (getline(&buf, &len, fp) != -1) {
 		found = 0;
 		index = 0;
-		item = strtok(buf, " ");
+		saveptr = NULL;
+		item = strtok_r(buf, " ", &saveptr);
 		while (item != NULL) {
 			mount_info[index] = item;
 			index++;
 			if (index == 4)
 				break;
-			item = strtok(NULL, " ");
+			item = strtok_r(NULL, " ", &saveptr);
 		}
 		if (index < 4) {
 			selinux_log(SELINUX_ERROR,
@@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void)
 		/* Remove pre-existing entry */
 		remove_exclude(mount_info[1]);
 
-		item = strtok(mount_info[3], ",");
+		saveptr = NULL;
+		item = strtok_r(mount_info[3], ",", &saveptr);
 		while (item != NULL) {
 			if (strcmp(item, "seclabel") == 0) {
 				found = 1;
 				nfile += file_system_count(mount_info[1]);
 				break;
 			}
-			item = strtok(NULL, ",");
+			item = strtok_r(NULL, ",", &saveptr);
 		}
 
 		/* Exclude mount points without the seclabel option */
-- 
2.33.0
backport upstream patches (cherry picked from commit 2d65b8edc7d1afcb021fbac7cc381fbfa33df3c2) 2024-03-25 19:11:30 +08:00			`From 82195e77e317d322dd9b5fc31d402462d6845357 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>`
			`Date: Mon, 15 Jan 2024 14:36:01 +0100`
			`Subject: [PATCH] libselinux: use reentrant strtok_r(3)`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Use the reentrant version strtok_r(3) instead of strtok(3) to avoid`
			`potential data races with concurrent threads.`

			`Signed-off-by: Christian Göttsche <cgzones@googlemail.com>`
			`Acked-by: James Carter <jwcart2@gmail.com>`

			`Reference:https://github.com/SELinuxProject/selinux/commit/82195e77e317d322dd9b5fc31d402462d6845357`
			`Conflict:path adapt`

			`---`
			`src/selinux_restorecon.c \| 12 +++++++-----`
			`1 file changed, 7 insertions(+), 5 deletions(-)`

			`diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c`
			`index 38f10f1c..acb729c8 100644`
			`--- a/src/selinux_restorecon.c`
			`+++ b/src/selinux_restorecon.c`
			`@@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void)`
			`int index = 0, found = 0;`
			`uint64_t nfile = 0;`
			`char *mount_info[4];`
			`- char buf = NULL, item;`
			`+ char buf = NULL, item, *saveptr;`

			`/* Check to see if the kernel supports seclabel */`
			`if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)`
			`@@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void)`
			`while (getline(&buf, &len, fp) != -1) {`
			`found = 0;`
			`index = 0;`
			`- item = strtok(buf, " ");`
			`+ saveptr = NULL;`
			`+ item = strtok_r(buf, " ", &saveptr);`
			`while (item != NULL) {`
			`mount_info[index] = item;`
			`index++;`
			`if (index == 4)`
			`break;`
			`- item = strtok(NULL, " ");`
			`+ item = strtok_r(NULL, " ", &saveptr);`
			`}`
			`if (index < 4) {`
			`selinux_log(SELINUX_ERROR,`
			`@@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void)`
			`/* Remove pre-existing entry */`
			`remove_exclude(mount_info[1]);`

			`- item = strtok(mount_info[3], ",");`
			`+ saveptr = NULL;`
			`+ item = strtok_r(mount_info[3], ",", &saveptr);`
			`while (item != NULL) {`
			`if (strcmp(item, "seclabel") == 0) {`
			`found = 1;`
			`nfile += file_system_count(mount_info[1]);`
			`break;`
			`}`
			`- item = strtok(NULL, ",");`
			`+ item = strtok_r(NULL, ",", &saveptr);`
			`}`

			`/* Exclude mount points without the seclabel option */`
			`--`
			`2.33.0`