packages/libselinux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:caeb3ac9615a156ec29e632466ef9c79ab24ecb4
Branches Tags
packages:main
...
compare: packages:d75fb6f8faee77179857a4040c87006ff2b265e5
Branches Tags
packages:main

10 Commits
caeb3ac961 ... d75fb6f8fa

Author SHA1 Message Date
openeuler-ci-bot
d75fb6f8fa
!68 Backport upstream patches 
From: @yixiangzhike 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2025-03-14 09:03:46 +00:00
yixiangzhike
e2042de448 Backport upstream patches 2025-03-14 16:19:44 +08:00
openeuler-ci-bot
2348cc687f
!62 [sync] PR-57: backport upstream patches 
From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2024-03-28 07:12:00 +00:00
fly_fzc
a0ce0a7214 backport upstream patches 
(cherry picked from commit 2d65b8edc7d1afcb021fbac7cc381fbfa33df3c2)
 2024-03-26 16:06:25 +08:00
openeuler-ci-bot
fd647a0aef
!43 add check for calloc in check_booleans 
From: @HuaxinLuGitee 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2023-07-25 12:33:25 +00:00
Huaxin Lu
f3590432c0 add check for calloc in check_booleans 2023-07-25 17:31:42 +08:00
openeuler-ci-bot
31300952e0
!41 update version to 3.5 
From: @zgzxx 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2023-07-20 02:31:30 +00:00
zgzxx
4a0652da08 update version to 3.5 2023-07-19 14:54:55 +08:00
openeuler-ci-bot
a75ffeba31
!35 update version to 3.4 
From: @zgzxx 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
 2023-02-02 02:35:02 +00:00
zgzxx
312420bf46 update version to 3.4 2023-01-31 11:00:20 +08:00
23 changed files with 1272 additions and 289 deletions
Show Stats Expand all files Collapse all files

55
backport-libselinux-Close-leaked-FILEs.patch
View File

@ -1,55 +0,0 @@
From c1a8da6e4a2b53ea346d4493346cde7c0a5a5f49 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 11 Mar 2022 12:53:30 +0100
Subject: [PATCH] libselinux: Close leaked FILEs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes:
label_media.c:94:24: warning: leak of FILE fopen (path_28, "re") [CWE-775] [-Wanalyzer-file-leak]
label_x.c:121:24: warning: leak of FILE fopen (path_28, "re") [CWE-775] [-Wanalyzer-file-leak]
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
src/label_media.c | 4 ++--
src/label_x.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/label_media.c b/src/label_media.c
index eb27deaf..3137c18e 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -95,10 +95,10 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
__fsetlocking(fp, FSETLOCKING_BYCALLER);
if (fstat(fileno(fp), &sb) < 0)
- return -1;
+ goto finish;
if (!S_ISREG(sb.st_mode)) {
errno = EINVAL;
- return -1;
+ goto finish;
}
rec->spec_file = strdup(path);
diff --git a/src/label_x.c b/src/label_x.c
index e9fa063f..e6e8d9f6 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -122,10 +122,10 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
__fsetlocking(fp, FSETLOCKING_BYCALLER);
if (fstat(fileno(fp), &sb) < 0)
- return -1;
+ goto finish;
if (!S_ISREG(sb.st_mode)) {
errno = EINVAL;
- return -1;
+ goto finish;
}
rec->spec_file = strdup(path);
--
2.27.0

32
backport-libselinux-Close-old-selabel-handle-when-setting-a-n.patch Normal file
View File

@ -0,0 +1,32 @@
From 45fdf23c7b37cfc776def253c0d5bfa1b0758c24 Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Wed, 22 Jan 2025 10:58:27 -0500
Subject: [PATCH] libselinux: Close old selabel handle when setting a new one
In selinux_restorecon_set_sehandle(), close the old selabel handle
(if it exists) before setting the new one.
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
---
src/selinux_restorecon.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index bc6ed935..ab1c5216 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -1367,6 +1367,10 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl)
unsigned char *fc_digest;
size_t num_specfiles, fc_digest_len;
+ if (fc_sehandle) {
+ selabel_close(fc_sehandle);
+ }
+
fc_sehandle = hndl;
if (!fc_sehandle)
return;
--
2.33.0

42
backport-libselinux-Fix-ordering-of-arguments-to-calloc.patch Normal file
View File

@ -0,0 +1,42 @@
From dfe30d9d0190ede292078d22ed45a160f331e1b6 Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Fri, 5 Jan 2024 15:16:26 -0500
Subject: [PATCH] libselinux: Fix ordering of arguments to calloc
The number of elements should be first and the size of the elements
second.
Signed-off-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/dfe30d9d0190ede292078d22ed45a160f331e1b6
Conflict:path adapt
---
src/audit2why.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/audit2why.c b/src/audit2why.c
index 8c4c07d5..ad846cc3 100644
--- a/src/audit2why.c
+++ b/src/audit2why.c
@@ -148,7 +148,7 @@ static int check_booleans(struct boolean_t **bools)
sepol_bool_free(boolean);
if (fcnt > 0) {
- *bools = calloc(sizeof(struct boolean_t), fcnt + 1);
+ *bools = calloc(fcnt + 1, sizeof(struct boolean_t));
if (!*bools) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
free(foundlist);
@@ -226,7 +226,7 @@ static int __policy_init(const char *init_path)
return 1;
}
- avc = calloc(sizeof(struct avc_t), 1);
+ avc = calloc(1, sizeof(struct avc_t));
if (!avc) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
fclose(fp);
--
2.33.0

33
backport-libselinux-add-check-for-calloc-in-check_booleans.patch Normal file
View File

@ -0,0 +1,33 @@
From d8edd363be3184c5738438fde937fd5ebc2d4923 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Mon, 19 Jun 2023 07:17:02 +0800
Subject: [PATCH] libselinux: add check for calloc in check_booleans
Check the return value of calloc() to avoid null pointer reference.
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
---
src/audit2why.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/audit2why.c b/src/audit2why.c
index ba1a66eb..8c4c07d5 100644
--- a/src/audit2why.c
+++ b/src/audit2why.c
@@ -149,6 +149,12 @@ static int check_booleans(struct boolean_t **bools)
if (fcnt > 0) {
*bools = calloc(sizeof(struct boolean_t), fcnt + 1);
+ if (!*bools) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ free(foundlist);
+ return 0;
+ }
+
struct boolean_t *b = *bools;
for (i = 0; i < fcnt; i++) {
int ctr = foundlist[i];
--
2.27.0

120
backport-libselinux-avoid-logs-in-get_ordered_context_list-wi.patch Normal file
View File

@ -0,0 +1,120 @@
From 6e2f7033406aeccc1fb93e580be8120f113520a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 22 Mar 2024 15:50:19 +0100
Subject: [PATCH] libselinux: avoid logs in get_ordered_context_list() without
policy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If no policy has been loaded yet and thus the current context is still
"kernel" avoid logging failures in get_ordered_context_list(), like:
get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/users/root
get_ordered_context_list: error in processing configuration file /etc/selinux/debian/contexts/default_contexts
Move the context parsing from get_context_user() to its caller
get_ordered_context_list(), so an invalid context is not treated as an
get_context_user() failure and not logged.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/get_context_list.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/get_context_list.c b/src/get_context_list.c
index 7e23be05..0ad24654 100644
--- a/src/get_context_list.c
+++ b/src/get_context_list.c
@@ -130,7 +130,7 @@ static int is_in_reachable(char **reachable, const char *usercon_str)
}
static int get_context_user(FILE * fp,
- const char * fromcon,
+ context_t fromcon,
const char * user,
char ***reachable,
unsigned int *nreachable)
@@ -146,7 +146,6 @@ static int get_context_user(FILE * fp,
char **new_reachable = NULL;
char *usercon_str;
const char *usercon_str2;
- context_t con;
context_t usercon;
int rc;
@@ -155,14 +154,10 @@ static int get_context_user(FILE * fp,
/* Extract the role and type of the fromcon for matching.
User identity and MLS range can be variable. */
- con = context_new(fromcon);
- if (!con)
- return -1;
- fromrole = context_role_get(con);
- fromtype = context_type_get(con);
- fromlevel = context_range_get(con);
+ fromrole = context_role_get(fromcon);
+ fromtype = context_type_get(fromcon);
+ fromlevel = context_range_get(fromcon);
if (!fromrole || !fromtype) {
- context_free(con);
return -1;
}
@@ -296,7 +291,6 @@ static int get_context_user(FILE * fp,
rc = 0;
out:
- context_free(con);
free(line);
return rc;
}
@@ -418,6 +412,7 @@ int get_ordered_context_list(const char *user,
char *fname = NULL;
size_t fname_len;
const char *user_contexts_path = selinux_user_contexts_path();
+ context_t con = NULL;
if (!fromcon) {
/* Get the current context and use it for the starting context */
@@ -427,6 +422,10 @@ int get_ordered_context_list(const char *user,
fromcon = backup_fromcon;
}
+ con = context_new(fromcon);
+ if (!con)
+ goto failsafe;
+
/* Determine the ordering to apply from the optional per-user config
and from the global config. */
fname_len = strlen(user_contexts_path) + strlen(user) + 2;
@@ -437,7 +436,7 @@ int get_ordered_context_list(const char *user,
fp = fopen(fname, "re");
if (fp) {
__fsetlocking(fp, FSETLOCKING_BYCALLER);
- rc = get_context_user(fp, fromcon, user, &reachable, &nreachable);
+ rc = get_context_user(fp, con, user, &reachable, &nreachable);
fclose(fp);
if (rc < 0 && errno != ENOENT) {
@@ -451,7 +450,7 @@ int get_ordered_context_list(const char *user,
fp = fopen(selinux_default_context_path(), "re");
if (fp) {
__fsetlocking(fp, FSETLOCKING_BYCALLER);
- rc = get_context_user(fp, fromcon, user, &reachable, &nreachable);
+ rc = get_context_user(fp, con, user, &reachable, &nreachable);
fclose(fp);
if (rc < 0 && errno != ENOENT) {
fprintf(stderr,
@@ -472,6 +471,7 @@ int get_ordered_context_list(const char *user,
else
freeconary(reachable);
+ context_free(con);
freecon(backup_fromcon);
return rc;
--
2.33.0

67
backport-libselinux-avoid-pointer-dereference-before-check.patch Normal file
View File

@ -0,0 +1,67 @@
From 2b6f639a5209f70a6c065f57bfd4b2bf3e28dbe4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 29 Apr 2024 18:39:00 +0200
Subject: [PATCH] libselinux: avoid pointer dereference before check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since commit 5876aca0 ("libselinux: free data on selabel open failure")
the close handler of label backends must support partial initialized
state, e.g. ->data being NULL. Thus checks for NULL were added, but in
two cases the pointers in question were already dereferenced before.
Reorder the dereference after the NULL-checks.
Fixes: 5876aca0 ("libselinux: free data on selabel open failure")
Reported-by: Cppcheck
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/label_media.c | 4 +++-
src/label_x.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/label_media.c b/src/label_media.c
index 94a58062..852aeada 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -164,12 +164,14 @@ finish:
static void close(struct selabel_handle *rec)
{
struct saved_data *data = (struct saved_data *)rec->data;
- struct spec *spec, *spec_arr = data->spec_arr;
+ struct spec *spec, *spec_arr;
unsigned int i;
if (!data)
return;
+ spec_arr = data->spec_arr;
+
for (i = 0; i < data->nspec; i++) {
spec = &spec_arr[i];
free(spec->key);
diff --git a/src/label_x.c b/src/label_x.c
index f994eefa..a8decc7a 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -191,12 +191,14 @@ finish:
static void close(struct selabel_handle *rec)
{
struct saved_data *data = (struct saved_data *)rec->data;
- struct spec *spec, *spec_arr = data->spec_arr;
+ struct spec *spec, *spec_arr;
unsigned int i;
if (!data)
return;
+ spec_arr = data->spec_arr;
+
for (i = 0; i < data->nspec; i++) {
spec = &spec_arr[i];
free(spec->key);
--
2.33.0

282
backport-libselinux-enable-usage-with-pedantic-UB-sanitizers.patch Normal file
View File

@ -0,0 +1,282 @@
From 454a9f248ba8f0959a85bf917a7b5b87ab71d1e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 19 Dec 2023 17:09:32 +0100
Subject: [PATCH] libselinux: enable usage with pedantic UB sanitizers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Clang's undefined behavior sanitizer supports checking for unsigned
integer overflow and underflow, and implicit conversions. While those
operations are well-defined by the C language they can signal logic
mistakes or processing of unchecked user input.
Annotate functions deliberately making use of integer overflow and adopt
the remaining code sites.
Example reports:
stringrep.c:348:7: runtime error: left shift of 2147483648 by 1 places cannot be represented in type 'access_vector_t' (aka 'unsigned int')
seusers.c:98:14: runtime error: implicit conversion from type 'int' of value -1 (32-bit, signed) to type 'gid_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/454a9f248ba8f0959a85bf917a7b5b87ab71d1e7
Conflict:path and context adapt, label_file.c: del symhash modification
---
src/avc.c | 4 +++-
src/avc_sidtab.c | 1 +
src/label.c | 7 +++++--
src/label_backends_android.c | 4 +++-
src/label_db.c | 3 ++-
src/label_file.c | 6 ++++--
src/label_media.c | 4 +++-
src/label_x.c | 4 +++-
src/selinux_internal.h | 11 +++++++++++
src/seusers.c | 2 +-
src/sha1.c | 3 +++
src/stringrep.c | 4 +++-
12 files changed, 42 insertions(+), 11 deletions(-)
diff --git a/src/avc.c b/src/avc.c
index 5e1c036e..ce87ac16 100644
--- a/src/avc.c
+++ b/src/avc.c
@@ -229,13 +229,15 @@ int avc_open(struct selinux_opt *opts, unsigned nopts)
{
avc_setenforce = 0;
- while (nopts--)
+ while (nopts) {
+ nopts--;
switch(opts[nopts].type) {
case AVC_OPT_SETENFORCE:
avc_setenforce = 1;
avc_enforcing = !!opts[nopts].value;
break;
}
+ }
return avc_init_internal("avc", NULL, NULL, NULL, NULL);
}
diff --git a/src/avc_sidtab.c b/src/avc_sidtab.c
index e396a938..3303537b 100644
--- a/src/avc_sidtab.c
+++ b/src/avc_sidtab.c
@@ -13,6 +13,7 @@
#include "avc_sidtab.h"
#include "avc_internal.h"
+ignore_unsigned_overflow_
static inline unsigned sidtab_hash(const char * key)
{
const char *p;
diff --git a/src/label.c b/src/label.c
index 4a7c6e6d..d2e703ef 100644
--- a/src/label.c
+++ b/src/label.c
@@ -60,7 +60,8 @@ static inline struct selabel_digest *selabel_is_digest_set
{
struct selabel_digest *digest = NULL;
- while (n--) {
+ while (n) {
+ n--;
if (opts[n].type == SELABEL_OPT_DIGEST &&
opts[n].value == (char *)1) {
digest = calloc(1, sizeof(*digest));
@@ -112,9 +113,11 @@ static void selabel_digest_fini(struct selabel_digest *ptr)
static inline int selabel_is_validate_set(const struct selinux_opt *opts,
unsigned n)
{
- while (n--)
+ while (n) {
+ n--;
if (opts[n].type == SELABEL_OPT_VALIDATE)
return !!opts[n].value;
+ }
return 0;
}
diff --git a/src/label_backends_android.c b/src/label_backends_android.c
index 7ddacdbe..33a17236 100644
--- a/src/label_backends_android.c
+++ b/src/label_backends_android.c
@@ -152,7 +152,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
struct stat sb;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch (opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -165,6 +166,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
path = opts[n].value;
break;
}
+ }
if (!path)
return -1;
diff --git a/src/label_db.c b/src/label_db.c
index 2daf1770..2ff10b2f 100644
--- a/src/label_db.c
+++ b/src/label_db.c
@@ -263,7 +263,8 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
* the default one. If RDBMS is not SE-PostgreSQL, it may need to
* specify an explicit specfile for database objects.
*/
- while (nopts--) {
+ while (nopts) {
+ nopts--;
switch (opts[nopts].type) {
case SELABEL_OPT_PATH:
path = opts[nopts].value;
diff --git a/src/label_file.c b/src/label_file.c
index 315298b3..3b2bda97 100644
--- a/src/label_file.c
+++ b/src/label_file.c
@@ -801,7 +801,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
int status = -1, baseonly = 0;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch(opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -820,6 +821,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
baseonly = !!opts[n].value;
break;
}
+ }
#if !defined(BUILD_HOST) && !defined(ANDROID)
char subs_file[PATH_MAX + 1];
diff --git a/src/label_media.c b/src/label_media.c
index 4c987988..fad5ea6d 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -80,7 +80,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
struct stat sb;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch(opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -93,6 +94,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
path = opts[n].value;
break;
}
+}
/* Open the specification file. */
if (!path)
diff --git a/src/label_x.c b/src/label_x.c
index f332dcb6..bf569ca5 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -107,7 +107,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
struct stat sb;
/* Process arguments */
- while (n--)
+ while (n) {
+ n--;
switch(opts[n].type) {
case SELABEL_OPT_PATH:
path = opts[n].value;
@@ -120,6 +121,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
path = opts[n].value;
break;
}
+ }
/* Open the specification file. */
if (!path)
diff --git a/src/selinux_internal.h b/src/selinux_internal.h
index af69ff04..b134808e 100644
--- a/src/selinux_internal.h
+++ b/src/selinux_internal.h
@@ -102,4 +102,15 @@ size_t strlcpy(char *dest, const char *src, size_t size);
size_t strlcpy(char *dest, const char *src, size_t size);
#endif
+/* Use to ignore intentional unsigned under- and overflows while running under UBSAN. */
+#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
+#if (__clang_major__ >= 12)
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow", "unsigned-shift-base")))
+#else
+#define ignore_unsigned_overflow_ __attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#else
+#define ignore_unsigned_overflow_
+#endif
+
#endif /* SELINUX_INTERNAL_H_ */
diff --git a/src/seusers.c b/src/seusers.c
index 16d69347..5a521f81 100644
--- a/src/seusers.c
+++ b/src/seusers.c
@@ -99,7 +99,7 @@ int require_seusers = 0;
static gid_t get_default_gid(const char *name) {
struct passwd pwstorage, *pwent = NULL;
- gid_t gid = -1;
+ gid_t gid = (gid_t)-1;
/* Allocate space for the getpwnam_r buffer */
long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
if (rbuflen <= 0) return -1;
diff --git a/src/sha1.c b/src/sha1.c
index 9d51e04a..452b0cc2 100644
--- a/src/sha1.c
+++ b/src/sha1.c
@@ -26,6 +26,8 @@
#include "sha1.h"
#include <memory.h>
+#include "selinux_internal.h"
+
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// TYPES
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -62,6 +64,7 @@ typedef union
//
// Hash a single 512-bit block. This is the core of the algorithm
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ignore_unsigned_overflow_
static
void
TransformFunction
diff --git a/src/stringrep.c b/src/stringrep.c
index d2237d1c..1b460224 100644
--- a/src/stringrep.c
+++ b/src/stringrep.c
@@ -337,13 +337,15 @@ void print_access_vector(security_class_t tclass, access_vector_t av)
printf(" {");
- while (av) {
+ for (;;) {
if (av & bit) {
permstr = security_av_perm_to_string(tclass, bit);
if (!permstr)
break;
printf(" %s", permstr);
av &= ~bit;
+ if (!av)
+ break;
}
bit <<= 1;
}
--
2.33.0

120
backport-libselinux-free-data-on-selabel-open-failure.patch Normal file
View File

@ -0,0 +1,120 @@
From 5876aca0484f3b45636ef6337f06b914a8769cb4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 13 Mar 2024 12:10:24 +0100
Subject: [PATCH] libselinux: free data on selabel open failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case the init function for a selabel backend fails, free the possible
already allocated data:
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x5e7e2bf001e3 in malloc (/tmp/destdir/usr/sbin/selabel_digest+0xc71e3)
#1 0x7233764baa65 in selabel_media_init /home/christian/Coding/workspaces/selinux/libselinux/src/label_media.c:226:30
#2 0x7233764ac1fe in selabel_open /home/christian/Coding/workspaces/selinux/libselinux/src/label.c:227:6
#3 0x5e7e2bf3ebfc in main /home/christian/Coding/workspaces/selinux/libselinux/utils/selabel_digest.c:125:8
#4 0x7233761856c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/label.c | 5 +----
src/label_backends_android.c | 3 +++
src/label_db.c | 3 +++
src/label_file.c | 3 +++
src/label_media.c | 3 +++
src/label_x.c | 3 +++
6 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/label.c b/src/label.c
index d2e703ef..06d743ec 100644
--- a/src/label.c
+++ b/src/label.c
@@ -225,10 +225,7 @@ struct selabel_handle *selabel_open(unsigned int backend,
rec->digest = selabel_is_digest_set(opts, nopts, rec->digest);
if ((*initfuncs[backend])(rec, opts, nopts)) {
- if (rec->digest)
- selabel_digest_fini(rec->digest);
- free(rec->spec_file);
- free(rec);
+ selabel_close(rec);
rec = NULL;
}
diff --git a/src/label_backends_android.c b/src/label_backends_android.c
index 33a17236..49a87686 100644
--- a/src/label_backends_android.c
+++ b/src/label_backends_android.c
@@ -246,6 +246,9 @@ static void closef(struct selabel_handle *rec)
struct spec *spec;
unsigned int i;
+ if (!data)
+ return;
+
for (i = 0; i < data->nspec; i++) {
spec = &data->spec_arr[i];
free(spec->property_key);
diff --git a/src/label_db.c b/src/label_db.c
index 2ff10b2f..40d5fc4a 100644
--- a/src/label_db.c
+++ b/src/label_db.c
@@ -178,6 +178,9 @@ db_close(struct selabel_handle *rec)
spec_t *spec;
unsigned int i;
+ if (!catalog)
+ return;
+
for (i = 0; i < catalog->nspec; i++) {
spec = &catalog->specs[i];
free(spec->key);
diff --git a/src/label_file.c b/src/label_file.c
index 3b2bda97..2732972e 100644
--- a/src/label_file.c
+++ b/src/label_file.c
@@ -904,6 +904,9 @@ static void closef(struct selabel_handle *rec)
struct stem *stem;
unsigned int i;
+ if (!data)
+ return;
+
selabel_subs_fini(data->subs);
selabel_subs_fini(data->dist_subs);
diff --git a/src/label_media.c b/src/label_media.c
index fad5ea6d..94a58062 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -167,6 +167,9 @@ static void close(struct selabel_handle *rec)
struct spec *spec, *spec_arr = data->spec_arr;
unsigned int i;
+ if (!data)
+ return;
+
for (i = 0; i < data->nspec; i++) {
spec = &spec_arr[i];
free(spec->key);
diff --git a/src/label_x.c b/src/label_x.c
index bf569ca5..f994eefa 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -194,6 +194,9 @@ static void close(struct selabel_handle *rec)
struct spec *spec, *spec_arr = data->spec_arr;
unsigned int i;
+ if (!data)
+ return;
+
for (i = 0; i < data->nspec; i++) {
spec = &spec_arr[i];
free(spec->key);
--
2.33.0

41
backport-libselinux-free-empty-scandir-3-result.patch Normal file
View File

@ -0,0 +1,41 @@
From c8b1f5928236e9ed3192a4393cb563cb718ccca4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 29 Apr 2024 18:38:59 +0200
Subject: [PATCH] libselinux: free empty scandir(3) result
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case scandir(3) finds no entries still free the returned result to
avoid leaking it.
Also do not override errno in case of a failure.
Reported.by: Cppcheck
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/booleans.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/booleans.c b/src/booleans.c
index c557df65..1ede8e2d 100644
--- a/src/booleans.c
+++ b/src/booleans.c
@@ -53,7 +53,11 @@ int security_get_boolean_names(char ***names, int *len)
snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR);
*len = scandir(path, &namelist, &filename_select, alphasort);
- if (*len <= 0) {
+ if (*len < 0) {
+ return -1;
+ }
+ if (*len == 0) {
+ free(namelist);
errno = ENOENT;
return -1;
}
--
2.33.0

38
backport-libselinux-free-memory-in-error-branch.patch
View File

@ -1,38 +0,0 @@
From 8266fd9401b920bd3552410ebe215069891c373f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 10 May 2022 19:45:51 +0200
Subject: [PATCH] libselinux: free memory in error branch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case the allocation for the filename fails, free the memory of the context.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/selinux_restorecon.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index 12b85101..c8db26c2 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -487,11 +487,13 @@ static int filespec_add(ino_t ino, const char *con, const char *file,
goto oom_freefl;
fl->file = strdup(file);
if (!fl->file)
- goto oom_freefl;
+ goto oom_freeflcon;
fl->next = prevfl->next;
prevfl->next = fl;
return 0;
+oom_freeflcon:
+ free(fl->con);
oom_freefl:
free(fl);
oom:
--
2.27.0

34
backport-libselinux-free-memory-on-selabel_open-3-failure.patch
View File

@ -1,34 +0,0 @@
From b9a4d13a300665098f04bf5108929ea54668b1bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 13 Apr 2022 17:56:32 +0200
Subject: [PATCH] libselinux: free memory on selabel_open(3) failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If selabel_open(3) fails, e.g. when a specfile has the wrong file
permissions, free the memory allocated for digests.
Fixes: e40bbea9 ("libselinux: Add selabel_digest function")
Acked-by: James Carter <jwcart2@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
src/label.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/label.c b/src/label.c
index a03192e5..586e5e5e 100644
--- a/src/label.c
+++ b/src/label.c
@@ -226,6 +226,8 @@ struct selabel_handle *selabel_open(unsigned int backend,
rec->digest = selabel_is_digest_set(opts, nopts, rec->digest);
if ((*initfuncs[backend])(rec, opts, nopts)) {
+ if (rec->digest)
+ selabel_digest_fini(rec->digest);
free(rec->spec_file);
free(rec);
rec = NULL;
--
2.27.0

40
backport-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch Normal file
View File

@ -0,0 +1,40 @@
From f18f9e5ea155015b4b2ad6c9ba6ce5e0e3b30646 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 25 Oct 2024 20:30:14 +0200
Subject: [PATCH] libselinux/matchpathcon: RESOURCE_LEAK: Variable "con"
Fixes:
Error: RESOURCE_LEAK (CWE-772):
libselinux-3.6/src/matchpathcon.c:519: alloc_arg: "lgetfilecon_raw" allocates memory that is stored into "con". [Note: The source code implementation of the function has been overridden by a user model.]
libselinux-3.6/src/matchpathcon.c:528: leaked_storage: Variable "con" going out of scope leaks the storage it points to.
\# 526|
\# 527| if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
\# 528|-> return -1;
\# 529|
\# 530| if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/matchpathcon.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/matchpathcon.c b/src/matchpathcon.c
index e44734c3..967520e4 100644
--- a/src/matchpathcon.c
+++ b/src/matchpathcon.c
@@ -524,8 +524,10 @@ int selinux_file_context_verify(const char *path, mode_t mode)
return 0;
}
- if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)){
+ freecon(con);
return -1;
+ }
if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
if (errno != ENOENT)
--
2.33.0

43
backport-libselinux-reorder-calloc-3-arguments.patch Normal file
View File

@ -0,0 +1,43 @@
From b18fddef2e0aecb1cfba4cc3e495ea9ba09b49bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 5 Jan 2024 19:35:32 +0100
Subject: [PATCH] libselinux: reorder calloc(3) arguments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The canonical order of calloc(3) parameters is the number of elements
first and the size of each element second.
Reported by GCC 14:
is_customizable_type.c:43:45: warning: 'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args]
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/b18fddef2e0aecb1cfba4cc3e495ea9ba09b49bd
Conflict:path adapt
---
src/is_customizable_type.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/is_customizable_type.c b/src/is_customizable_type.c
index da301c60..0ae92c8d 100644
--- a/src/is_customizable_type.c
+++ b/src/is_customizable_type.c
@@ -39,9 +39,7 @@ static int get_customizable_type_list(char *** retlist)
}
rewind(fp);
if (ctr) {
- list =
- (char **) calloc(sizeof(char *),
- ctr + 1);
+ list = calloc(ctr + 1, sizeof(char *));
if (list) {
i = 0;
while (fgets_unlocked(buf, selinux_page_size, fp)
--
2.33.0

36
backport-libselinux-restorecon-avoid-printing-NULL-pointer.patch
View File

@ -1,36 +0,0 @@
From 956bda08f6183078f13b70f6aa27d0529a3ec20a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 7 Jun 2022 19:00:35 +0200
Subject: [PATCH] libselinux: restorecon: avoid printing NULL pointer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The variable `curcon` is NULL in case the file has no current security
context. Most C standard libraries handle it fine, avoid it nonetheless
for standard conformance.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
src/selinux_restorecon.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index 66e6a4a2..2d24559f 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -744,7 +744,9 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
selinux_log(SELINUX_INFO,
"%s %s from %s to %s\n",
updated ? "Relabeled" : "Would relabel",
- pathname, curcon, newcon);
+ pathname,
+ curcon ? curcon : "<no context>",
+ newcon);
if (flags->syslog_changes && !flags->nochange) {
if (curcon)
--
2.27.0

114
backport-libselinux-restorecon-misc-tweaks.patch
View File

@ -1,114 +0,0 @@
From 657420d67fcca479fa495b09c540b3cecb539e9e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 11 May 2022 20:42:23 +0200
Subject: [PATCH] libselinux: restorecon: misc tweaks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* mark read-only parameters const
* check for overflow when adding exclude directory
* use 64 bit integer for file counting
* avoid implicit conversions
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/selinux_restorecon.c | 26 +++++++++++++++++---------
1 file changed, 17 insertions(+), 9 deletions(-)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index e6192912..c158ead8 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -44,7 +44,7 @@
static struct selabel_handle *fc_sehandle = NULL;
static bool selabel_no_digest;
static char *rootpath = NULL;
-static int rootpathlen;
+static size_t rootpathlen;
/* Information on excluded fs and directories. */
struct edir {
@@ -55,7 +55,7 @@ struct edir {
};
#define CALLER_EXCLUDED true
static bool ignore_mounts;
-static int exclude_non_seclabel_mounts(void);
+static uint64_t exclude_non_seclabel_mounts(void);
static int exclude_count = 0;
static struct edir *exclude_lst = NULL;
static uint64_t fc_count = 0; /* Number of files processed so far */
@@ -169,6 +169,12 @@ static int add_exclude(const char *directory, bool who)
return -1;
}
+ if (exclude_count >= INT_MAX - 1) {
+ selinux_log(SELINUX_ERROR, "Too many directory excludes: %d.\n", exclude_count);
+ errno = EOVERFLOW;
+ return -1;
+ }
+
tmp_list = realloc(exclude_lst,
sizeof(struct edir) * (exclude_count + 1));
if (!tmp_list)
@@ -211,10 +217,10 @@ static int check_excluded(const char *file)
return 0;
}
-static int file_system_count(char *name)
+static uint64_t file_system_count(const char *name)
{
struct statvfs statvfs_buf;
- int nfile = 0;
+ uint64_t nfile = 0;
memset(&statvfs_buf, 0, sizeof(statvfs_buf));
if (!statvfs(name, &statvfs_buf))
@@ -230,12 +236,13 @@ static int file_system_count(char *name)
* that support security labels have the seclabel option, return
* approximate total file count.
*/
-static int exclude_non_seclabel_mounts(void)
+static uint64_t exclude_non_seclabel_mounts(void)
{
struct utsname uts;
FILE *fp;
size_t len;
- int index = 0, found = 0, nfile = 0;
+ int index = 0, found = 0;
+ uint64_t nfile = 0;
char *mount_info[4];
char *buf = NULL, *item;
@@ -300,7 +307,8 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
{
char *sha1_buf = NULL;
size_t i, digest_len = 0;
- int rc, digest_result;
+ int rc;
+ enum digest_result digest_result;
bool match;
struct dir_xattr *new_entry;
uint8_t *xattr_digest = NULL;
@@ -573,7 +581,7 @@ static void filespec_destroy(void)
* Called if SELINUX_RESTORECON_SET_SPECFILE_CTX is not set to check if
* the type components differ, updating newtypecon if so.
*/
-static int compare_types(char *curcon, char *newcon, char **newtypecon)
+static int compare_types(const char *curcon, const char *newcon, char **newtypecon)
{
int types_differ = 0;
context_t cona;
@@ -1398,7 +1406,7 @@ void selinux_restorecon_set_exclude_list(const char **exclude_list)
/* selinux_restorecon_set_alt_rootpath(3) sets an alternate rootpath. */
int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath)
{
- int len;
+ size_t len;
/* This should be NULL on first use */
if (rootpath)
--
2.27.0

78
backport-libselinux-set-free-d-data-to-NULL.patch Normal file
View File

@ -0,0 +1,78 @@
From f398662ea19d2cf6db6cb791e3b787889e5af883 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Tue, 9 Jul 2024 21:23:46 +0200
Subject: [PATCH] libselinux: set free'd data to NULL
Fixes segfault in selabel_open() on systems with SELinux disabled and without any
SELinux policy installed introduced by commit 5876aca0484f ("libselinux: free
data on selabel open failure"):
$ sestatus
SELinux status: disabled
$ cat /etc/selinux/config
cat: /etc/selinux/config: No such file or directory
$ matchpathcon /abc
[1] 907999 segmentation fault (core dumped) matchpathcon /abc
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
src/label_backends_android.c | 1 +
src/label_file.c | 1 +
src/label_media.c | 1 +
src/label_x.c | 1 +
4 files changed, 4 insertions(+)
diff --git a/src/label_backends_android.c b/src/label_backends_android.c
index 49a87686..5bad24f2 100644
--- a/src/label_backends_android.c
+++ b/src/label_backends_android.c
@@ -260,6 +260,7 @@ static void closef(struct selabel_handle *rec)
free(data->spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec,
diff --git a/src/label_file.c b/src/label_file.c
index 2732972e..59c9f2ef 100644
--- a/src/label_file.c
+++ b/src/label_file.c
@@ -942,6 +942,7 @@ static void closef(struct selabel_handle *rec)
free(last_area);
}
free(data);
+ rec->data = NULL;
}
// Finds all the matches of |key| in the given context. Returns the result in
diff --git a/src/label_media.c b/src/label_media.c
index 852aeada..bae065c1 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -183,6 +183,7 @@ static void close(struct selabel_handle *rec)
free(spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
diff --git a/src/label_x.c b/src/label_x.c
index a8decc7a..ddae4f6c 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -210,6 +210,7 @@ static void close(struct selabel_handle *rec)
free(spec_arr);
free(data);
+ rec->data = NULL;
}
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
--
2.33.0

72
backport-libselinux-use-reentrant-strtok_r-3.patch Normal file
View File

@ -0,0 +1,72 @@
From 82195e77e317d322dd9b5fc31d402462d6845357 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 15 Jan 2024 14:36:01 +0100
Subject: [PATCH] libselinux: use reentrant strtok_r(3)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use the reentrant version strtok_r(3) instead of strtok(3) to avoid
potential data races with concurrent threads.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/82195e77e317d322dd9b5fc31d402462d6845357
Conflict:path adapt
---
src/selinux_restorecon.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
index 38f10f1c..acb729c8 100644
--- a/src/selinux_restorecon.c
+++ b/src/selinux_restorecon.c
@@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
int index = 0, found = 0;
uint64_t nfile = 0;
char *mount_info[4];
- char *buf = NULL, *item;
+ char *buf = NULL, *item, *saveptr;
/* Check to see if the kernel supports seclabel */
if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
@@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void)
while (getline(&buf, &len, fp) != -1) {
found = 0;
index = 0;
- item = strtok(buf, " ");
+ saveptr = NULL;
+ item = strtok_r(buf, " ", &saveptr);
while (item != NULL) {
mount_info[index] = item;
index++;
if (index == 4)
break;
- item = strtok(NULL, " ");
+ item = strtok_r(NULL, " ", &saveptr);
}
if (index < 4) {
selinux_log(SELINUX_ERROR,
@@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void)
/* Remove pre-existing entry */
remove_exclude(mount_info[1]);
- item = strtok(mount_info[3], ",");
+ saveptr = NULL;
+ item = strtok_r(mount_info[3], ",", &saveptr);
while (item != NULL) {
if (strcmp(item, "seclabel") == 0) {
found = 1;
nfile += file_system_count(mount_info[1]);
break;
}
- item = strtok(NULL, ",");
+ item = strtok_r(NULL, ",", &saveptr);
}
/* Exclude mount points without the seclabel option */
--
2.33.0

140
backport-libselinux-utils-free-allocated-resources.patch Normal file
View File

@ -0,0 +1,140 @@
From 1d5c3b7204b418710a257b80feaae04527585546 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 19 Dec 2023 17:09:25 +0100
Subject: [PATCH] libselinux/utils: free allocated resources
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Remove noise while running with sanitizers or under valgrind.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference:https://github.com/SELinuxProject/selinux/commit/1d5c3b7204b418710a257b80feaae04527585546
Conflict:path and context adapt
---
utils/getconlist.c | 10 +++++++---
utils/getdefaultcon.c | 20 +++++++++++++++++---
utils/selinuxexeccon.c | 1 +
3 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/utils/getconlist.c b/utils/getconlist.c
index 92f6a793..1ff05209 100644
--- a/utils/getconlist.c
+++ b/utils/getconlist.c
@@ -19,8 +19,9 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
int main(int argc, char **argv)
{
- char **list, *cur_context = NULL;
- char *user = NULL, *level = NULL;
+ char **list;
+ const char *cur_context, *user;
+ char *cur_con = NULL, *level = NULL;
int ret, i, opt;
while ((opt = getopt(argc, argv, "l:")) > 0) {
@@ -54,11 +55,12 @@ int main(int argc, char **argv)
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
- if (getcon(&cur_context) < 0) {
+ if (getcon(&cur_con) < 0) {
fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
free(level);
return 2;
}
+ cur_context = cur_con;
} else {
cur_context = argv[optind + 1];
if (security_check_context(cur_context) != 0) {
@@ -82,10 +84,12 @@ int main(int argc, char **argv)
} else {
fprintf(stderr, "get_ordered_context_list%s failure: %d(%s)\n",
level ? "_with_level" : "", errno, strerror(errno));
+ free(cur_con);
free(level);
return 4;
}
+ free(cur_con);
free(level);
return 0;
diff --git a/utils/getdefaultcon.c b/utils/getdefaultcon.c
index 50f1ea91..67c84f94 100644
--- a/utils/getdefaultcon.c
+++ b/utils/getdefaultcon.c
@@ -19,8 +19,9 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
int main(int argc, char **argv)
{
- char * usercon = NULL, *cur_context = NULL;
- char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ const char *cur_context, *user;
+ char *usercon = NULL, *cur_con = NULL;
+ char *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
char *service = NULL;
int ret, opt;
int verbose = 0;
@@ -54,6 +55,9 @@ int main(int argc, char **argv)
if (!is_selinux_enabled()) {
fprintf(stderr,
"%s may be used only on a SELinux kernel.\n", argv[0]);
+ free(level);
+ free(role);
+ free(service);
return 1;
}
@@ -61,15 +65,23 @@ int main(int argc, char **argv)
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
- if (getcon(&cur_context) < 0) {
+ if (getcon(&cur_con) < 0) {
fprintf(stderr, "Couldn't get current context: %s\n", strerror(errno));
+ free(level);
+ free(role);
+ free(service);
return 2;
}
+ cur_context = cur_con;
} else
cur_context = argv[optind + 1];
if (security_check_context(cur_context)) {
fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context);
+ free(cur_con);
+ free(level);
+ free(role);
+ free(service);
return 3;
}
@@ -101,6 +113,8 @@ out:
if (level != dlevel) free(level);
free(dlevel);
free(usercon);
+ free(cur_con);
+ free(service);
return ret >= 0;
}
diff --git a/utils/selinuxexeccon.c b/utils/selinuxexeccon.c
index 66754b6a..463bf5aa 100644
--- a/utils/selinuxexeccon.c
+++ b/utils/selinuxexeccon.c
@@ -45,6 +45,7 @@ int main(int argc, char **argv)
con = strdup(argv[2]);
if (security_check_context(con)) {
fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con);
+ free(con);
return -1;
}
}
--
2.33.0

92
backport-libselinux-utils-selabel_digest-avoid-buffer-overflo.patch Normal file
View File

@ -0,0 +1,92 @@
From 994b9b205e36f3cc849b75f075e057686f3f9cd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 13 Mar 2024 12:10:23 +0100
Subject: [PATCH] libselinux/utils/selabel_digest: avoid buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case the specfiles have very long paths or there are too many abort
instead of writing past the stack buffer.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
utils/selabel_digest.c | 45 ++++++++++++++++++++++++-------
1 file changed, 36 insertions(+), 9 deletions(-)
diff --git a/utils/selabel_digest.c b/utils/selabel_digest.c
index db0d443a..64051070 100644
--- a/utils/selabel_digest.c
+++ b/utils/selabel_digest.c
@@ -66,7 +66,7 @@ int main(int argc, char **argv)
char cmd_buf[4096];
char *cmd_ptr;
- char *sha1_buf;
+ char *sha1_buf = NULL;
struct selabel_handle *hnd;
struct selinux_opt selabel_option[] = {
@@ -167,23 +167,50 @@ int main(int argc, char **argv)
printf("calculated using the following specfile(s):\n");
if (specfiles) {
- cmd_ptr = &cmd_buf[0];
- sprintf(cmd_ptr, "/usr/bin/cat ");
- cmd_ptr = &cmd_buf[0] + strlen(cmd_buf);
+ size_t cmd_rem = sizeof(cmd_buf);
+ int ret;
+
+ if (validate) {
+ cmd_ptr = &cmd_buf[0];
+ ret = snprintf(cmd_ptr, cmd_rem, "/usr/bin/cat ");
+ if (ret < 0 || (size_t)ret >= cmd_rem) {
+ fprintf(stderr, "Could not format validate command\n");
+ rc = -1;
+ goto err;
+ }
+ cmd_ptr += ret;
+ cmd_rem -= ret;
+ }
for (i = 0; i < num_specfiles; i++) {
- sprintf(cmd_ptr, "%s ", specfiles[i]);
- cmd_ptr += strlen(specfiles[i]) + 1;
+ if (validate) {
+ ret = snprintf(cmd_ptr, cmd_rem, "%s ", specfiles[i]);
+ if (ret < 0 || (size_t)ret >= cmd_rem) {
+ fprintf(stderr, "Could not format validate command\n");
+ rc = -1;
+ goto err;
+ }
+ cmd_ptr += ret;
+ cmd_rem -= ret;
+ }
+
printf("%s\n", specfiles[i]);
}
- sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha1 -hex");
- if (validate)
+ if (validate) {
+ ret = snprintf(cmd_ptr, cmd_rem, "| /usr/bin/openssl dgst -sha1 -hex");
+ if (ret < 0 || (size_t)ret >= cmd_rem) {
+ fprintf(stderr, "Could not format validate command\n");
+ rc = -1;
+ goto err;
+ }
+
rc = run_check_digest(cmd_buf, sha1_buf);
+ }
}
- free(sha1_buf);
err:
+ free(sha1_buf);
selabel_close(hnd);
return rc;
}
--
2.33.0

32
backport-libselinux-utils-selabel_digest-drop-unsupported-opt.patch Normal file
View File

@ -0,0 +1,32 @@
From c774f15a4a726eb57b9815a55980eb81d09ad9c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 13 Mar 2024 12:10:21 +0100
Subject: [PATCH] libselinux/utils/selabel_digest: drop unsupported option -d
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The command line option -d is not supported, drop from usage message.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
utils/selabel_digest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/selabel_digest.c b/utils/selabel_digest.c
index bf22b472..50f55311 100644
--- a/utils/selabel_digest.c
+++ b/utils/selabel_digest.c
@@ -11,7 +11,7 @@ static size_t digest_len;
static __attribute__ ((__noreturn__)) void usage(const char *progname)
{
fprintf(stderr,
- "usage: %s -b backend [-d] [-v] [-B] [-i] [-f file]\n\n"
+ "usage: %s -b backend [-v] [-B] [-i] [-f file]\n\n"
"Where:\n\t"
"-b The backend - \"file\", \"media\", \"x\", \"db\" or "
"\"prop\"\n\t"
--
2.33.0

BIN
libselinux-3.3.tar.gz
View File

Binary file not shown.

BIN
libselinux-3.5.tar.gz Normal file
View File

Binary file not shown.

50
libselinux.spec
View File

@ -1,24 +1,34 @@
%global ruby_inc %(pkg-config --cflags ruby)
%global libsepol_version 3.3
%global libsepol_version 3.5
Name: libselinux
Version: 3.3
Release: 2
Version: 3.5
Release: 4
License: Public Domain
Summary: SELinux library and simple utilities
Url: https://github.com/SELinuxProject/selinux/wiki
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/libselinux-3.3.tar.gz
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz
Patch6000: backport-libselinux-Close-leaked-FILEs.patch
Patch6001: backport-libselinux-free-memory-on-selabel_open-3-failure.patch
Patch6002: backport-libselinux-restorecon-misc-tweaks.patch
Patch6003: backport-libselinux-free-memory-in-error-branch.patch
Patch6004: backport-libselinux-restorecon-avoid-printing-NULL-pointer.patch
Patch0001: backport-libselinux-add-check-for-calloc-in-check_booleans.patch
Patch0002: backport-libselinux-utils-free-allocated-resources.patch
Patch0003: backport-libselinux-enable-usage-with-pedantic-UB-sanitizers.patch
Patch0004: backport-libselinux-reorder-calloc-3-arguments.patch
Patch0005: backport-libselinux-Fix-ordering-of-arguments-to-calloc.patch
Patch0006: backport-libselinux-use-reentrant-strtok_r-3.patch
Patch0007: backport-libselinux-utils-selabel_digest-drop-unsupported-opt.patch
Patch0008: backport-libselinux-utils-selabel_digest-avoid-buffer-overflo.patch
Patch0009: backport-libselinux-free-data-on-selabel-open-failure.patch
Patch0010: backport-libselinux-avoid-logs-in-get_ordered_context_list-wi.patch
Patch0011: backport-libselinux-free-empty-scandir-3-result.patch
Patch0012: backport-libselinux-avoid-pointer-dereference-before-check.patch
Patch0013: backport-libselinux-set-free-d-data-to-NULL.patch
Patch0014: backport-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch
Patch0015: backport-libselinux-Close-old-selabel-handle-when-setting-a-n.patch
Patch9000: do-malloc-trim-after-load-policy.patch
BuildRequires: gcc python3-devel systemd swig pcre2-devel xz-devel
BuildRequires: ruby-devel libsepol-static
BuildRequires: ruby-devel libsepol-static python3-pip python3-setuptools python3-wheel
Requires: libsepol >= %{libsepol_version} pcre2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@ -106,7 +116,7 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
%license LICENSE
%{_libdir}/libselinux.so.*
%{_sbindir}/{selabel_lookup_best_match,selabel_partial_match,selinux_check_access}
%{_sbindir}/{avcstat,getenforce,getsebool,matchpathcon,sefcontext_compile,selinuxconlist}
%{_sbindir}/{avcstat,getenforce,getpidprevcon,getsebool,matchpathcon,sefcontext_compile,selinuxconlist}
%{_sbindir}/{selinuxdefcon,selinuxexeccon,selinuxenabled,setenforce,selabel_digest,selabel_lookup}
%{_sbindir}/{selabel_get_digests_all_partial_matches,validatetrans}
%dir %{_rundir}/setrans/
@ -120,7 +130,7 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
%files -n python3-libselinux
%{python3_sitearch}/selinux/
%{python3_sitearch}/selinux-%{version}-*
%{python3_sitearch}/selinux-%{version}*
%{python3_sitearch}/_selinux.*.so
%files ruby
@ -134,6 +144,22 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
%{_mandir}/ru/man8/*
%changelog
* Fri Mar 14 2025 yixiangzhike <yixiangzhike007@163.com> - 3.5-4
- backport upstream patches
* Mon Mar 25 2024 fuanan <fuanan3@h-partners.com> - 3.5-3
- backport upstream patches
* Tue Jul 25 2023 luhuaxin <luhuaxin1@huawei.com> - 3.5-2
- add check for calloc in check_booleans
- fix python build issue
* Mon Jul 17 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 3.5-1
- update version to 3.5
* Mon Jan 30 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 3.4-1
- update version to 3.4
* Sun Oct 9 2022 lujie <lujie54@huawei.com> - 3.3-2
- backport upstream patches