packages/libselinux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!17 fix potential undefined shifts

Browse Source 
From: @lujie42
Reviewed-by: @zhujianwei001
Signed-off-by: @zhujianwei001
This commit is contained in:
openeuler-ci-bot 2021-11-16 04:09:52 +00:00 committed by Gitee
commit 9f00feb649
3 changed files with 146 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
backport-libselinux-Fix-potential-undefined-shifts.patch Normal file
View File

@ -0,0 +1,135 @@
From c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4 Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Fri, 8 Oct 2021 15:07:36 -0400
Reference:https://github.com/SELinuxProject/selinux/commit/c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4
Conflict:adapter filepath
Subject: [PATCH] libselinux: Fix potential undefined shifts
An expression of the form "1 << x" is undefined if x == 31 because
the "1" is an int and cannot be left shifted by 31.
Instead, use "UINT32_C(1) << x" which will be an unsigned int of
at least 32 bits.
Signed-off-by: James Carter <jwcart2@gmail.com>
Signed-off-by: lujie42 <lujie42@huawei.com>
---
src/mapping.c | 22 +++++++++++-----------
src/stringrep.c | 8 ++++----
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/src/mapping.c b/src/mapping.c
index 96395fd4..dd2f1039 100644
--- a/src/mapping.c
+++ b/src/mapping.c
@@ -144,9 +144,9 @@ unmap_perm(security_class_t tclass, access_vector_t tperm)
access_vector_t kperm = 0;
for (i = 0; i < current_mapping[tclass].num_perms; i++)
- if (tperm & (1<<i)) {
+ if (tperm & (UINT32_C(1)<<i)) {
kperm |= current_mapping[tclass].perms[i];
- tperm &= ~(1<<i);
+ tperm &= ~(UINT32_C(1)<<i);
}
return kperm;
}
@@ -191,7 +191,7 @@ map_perm(security_class_t tclass, access_vector_t kperm)
for (i = 0; i < current_mapping[tclass].num_perms; i++)
if (kperm & current_mapping[tclass].perms[i]) {
- tperm |= 1<<i;
+ tperm |= UINT32_C(1)<<i;
kperm &= ~current_mapping[tclass].perms[i];
}
@@ -216,30 +216,30 @@ map_decision(security_class_t tclass, struct av_decision *avd)
for (i = 0, result = 0; i < n; i++) {
if (avd->allowed & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
avd->allowed = result;
for (i = 0, result = 0; i < n; i++) {
if (avd->decided & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
avd->decided = result;
for (i = 0, result = 0; i < n; i++)
if (avd->auditallow & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
avd->auditallow = result;
for (i = 0, result = 0; i < n; i++) {
if (avd->auditdeny & mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
else if (!allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
}
/*
@@ -248,7 +248,7 @@ map_decision(security_class_t tclass, struct av_decision *avd)
* a bug in the object manager.
*/
for (; i < (sizeof(result)*8); i++)
- result |= 1<<i;
+ result |= UINT32_C(1)<<i;
avd->auditdeny = result;
}
}
diff --git a/src/stringrep.c b/src/stringrep.c
index 012a740a..2fe69f43 100644
--- a/src/stringrep.c
+++ b/src/stringrep.c
@@ -229,7 +229,7 @@ access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
size_t i;
for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)
if (strcmp(node->perms[i],s) == 0)
- return map_perm(tclass, 1<<i);
+ return map_perm(tclass, UINT32_C(1)<<i);
}
errno = EINVAL;
@@ -261,7 +261,7 @@ const char *security_av_perm_to_string(security_class_t tclass,
node = get_class_cache_entry_value(tclass);
if (av && node)
for (i = 0; i<MAXVECTORS; i++)
- if ((1<<i) & av)
+ if ((UINT32_C(1)<<i) & av)
return node->perms[i];
return NULL;
@@ -279,7 +279,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
/* first pass computes the required length */
for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) {
- str = security_av_perm_to_string(tclass, av & (1<<i));
+ str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
if (str)
len += strlen(str) + 1;
}
@@ -303,7 +303,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
ptr += sprintf(ptr, "{ ");
for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) {
- str = security_av_perm_to_string(tclass, av & (1<<i));
+ str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
if (str)
ptr += sprintf(ptr, "%s ", str);
}
--
1.8.3.1

8
do-malloc-trim-after-load-policy.patch
View File

@ -4,13 +4,13 @@ Date: Wed, 2 Jun 2021 16:24:47 +0800
Subject: [PATCH] do malloc trim after load policy Subject: [PATCH] do malloc trim after load policy
--- ---
libselinux/src/load_policy.c | 5 ++++- src/load_policy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-) 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c diff --git a/src/load_policy.c b/src/load_policy.c
index 2aea826..ace898c 100644 index 2aea826..ace898c 100644
--- a/libselinux/src/load_policy.c --- a/src/load_policy.c
+++ b/libselinux/src/load_policy.c +++ b/src/load_policy.c
@@ -18,6 +18,7 @@ @@ -18,6 +18,7 @@
#include <dlfcn.h> #include <dlfcn.h>
#include "policy.h" #include "policy.h"

9
libselinux.spec
View File

@ -3,7 +3,7 @@
Name: libselinux Name: libselinux
Version: 3.1 Version: 3.1
Release: 3 Release: 4
License: Public Domain License: Public Domain
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Url: https://github.com/SELinuxProject/selinux/wiki Url: https://github.com/SELinuxProject/selinux/wiki
@ -12,6 +12,8 @@ Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/li
#Patch0: libselinux-Use-Python-distutils-to-install-SELinux-p.patch #Patch0: libselinux-Use-Python-distutils-to-install-SELinux-p.patch
Patch1: do-malloc-trim-after-load-policy.patch Patch1: do-malloc-trim-after-load-policy.patch
Patch6000: backport-libselinux-Fix-potential-undefined-shifts.patch
BuildRequires: gcc python3-devel systemd swig pcre2-devel xz-devel BuildRequires: gcc python3-devel systemd swig pcre2-devel xz-devel
BuildRequires: ruby-devel libsepol-static BuildRequires: ruby-devel libsepol-static
@ -59,7 +61,7 @@ SELinux applications.
%package_help %package_help
%prep %prep
%autosetup -p 2 -n libselinux-%{version} %autosetup -p 1 -n libselinux-%{version}
%build %build
export LDFLAGS="%{?__global_ldflags}" export LDFLAGS="%{?__global_ldflags}"
@ -129,6 +131,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
%{_mandir}/ru/man8/* %{_mandir}/ru/man8/*
%changelog %changelog
* Mon Nov 15 2021 lujie <lujie42@huawei.com> - 3.1-4
- fix potential undefined shifts
* Wed Jul 2 2021 luhuaxin <1539327763@qq.com> - 3.1-3 * Wed Jul 2 2021 luhuaxin <1539327763@qq.com> - 3.1-3
- do malloc trim after load policy - do malloc trim after load policy