115 lines
3.5 KiB
Diff
115 lines
3.5 KiB
Diff
From 657420d67fcca479fa495b09c540b3cecb539e9e Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Wed, 11 May 2022 20:42:23 +0200
|
|
Subject: [PATCH] libselinux: restorecon: misc tweaks
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
* mark read-only parameters const
|
|
* check for overflow when adding exclude directory
|
|
* use 64 bit integer for file counting
|
|
* avoid implicit conversions
|
|
|
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
Acked-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
src/selinux_restorecon.c | 26 +++++++++++++++++---------
|
|
1 file changed, 17 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/src/selinux_restorecon.c b/src/selinux_restorecon.c
|
|
index e6192912..c158ead8 100644
|
|
--- a/src/selinux_restorecon.c
|
|
+++ b/src/selinux_restorecon.c
|
|
@@ -44,7 +44,7 @@
|
|
static struct selabel_handle *fc_sehandle = NULL;
|
|
static bool selabel_no_digest;
|
|
static char *rootpath = NULL;
|
|
-static int rootpathlen;
|
|
+static size_t rootpathlen;
|
|
|
|
/* Information on excluded fs and directories. */
|
|
struct edir {
|
|
@@ -55,7 +55,7 @@ struct edir {
|
|
};
|
|
#define CALLER_EXCLUDED true
|
|
static bool ignore_mounts;
|
|
-static int exclude_non_seclabel_mounts(void);
|
|
+static uint64_t exclude_non_seclabel_mounts(void);
|
|
static int exclude_count = 0;
|
|
static struct edir *exclude_lst = NULL;
|
|
static uint64_t fc_count = 0; /* Number of files processed so far */
|
|
@@ -169,6 +169,12 @@ static int add_exclude(const char *directory, bool who)
|
|
return -1;
|
|
}
|
|
|
|
+ if (exclude_count >= INT_MAX - 1) {
|
|
+ selinux_log(SELINUX_ERROR, "Too many directory excludes: %d.\n", exclude_count);
|
|
+ errno = EOVERFLOW;
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
tmp_list = realloc(exclude_lst,
|
|
sizeof(struct edir) * (exclude_count + 1));
|
|
if (!tmp_list)
|
|
@@ -211,10 +217,10 @@ static int check_excluded(const char *file)
|
|
return 0;
|
|
}
|
|
|
|
-static int file_system_count(char *name)
|
|
+static uint64_t file_system_count(const char *name)
|
|
{
|
|
struct statvfs statvfs_buf;
|
|
- int nfile = 0;
|
|
+ uint64_t nfile = 0;
|
|
|
|
memset(&statvfs_buf, 0, sizeof(statvfs_buf));
|
|
if (!statvfs(name, &statvfs_buf))
|
|
@@ -230,12 +236,13 @@ static int file_system_count(char *name)
|
|
* that support security labels have the seclabel option, return
|
|
* approximate total file count.
|
|
*/
|
|
-static int exclude_non_seclabel_mounts(void)
|
|
+static uint64_t exclude_non_seclabel_mounts(void)
|
|
{
|
|
struct utsname uts;
|
|
FILE *fp;
|
|
size_t len;
|
|
- int index = 0, found = 0, nfile = 0;
|
|
+ int index = 0, found = 0;
|
|
+ uint64_t nfile = 0;
|
|
char *mount_info[4];
|
|
char *buf = NULL, *item;
|
|
|
|
@@ -300,7 +307,8 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
|
|
{
|
|
char *sha1_buf = NULL;
|
|
size_t i, digest_len = 0;
|
|
- int rc, digest_result;
|
|
+ int rc;
|
|
+ enum digest_result digest_result;
|
|
bool match;
|
|
struct dir_xattr *new_entry;
|
|
uint8_t *xattr_digest = NULL;
|
|
@@ -573,7 +581,7 @@ static void filespec_destroy(void)
|
|
* Called if SELINUX_RESTORECON_SET_SPECFILE_CTX is not set to check if
|
|
* the type components differ, updating newtypecon if so.
|
|
*/
|
|
-static int compare_types(char *curcon, char *newcon, char **newtypecon)
|
|
+static int compare_types(const char *curcon, const char *newcon, char **newtypecon)
|
|
{
|
|
int types_differ = 0;
|
|
context_t cona;
|
|
@@ -1398,7 +1406,7 @@ void selinux_restorecon_set_exclude_list(const char **exclude_list)
|
|
/* selinux_restorecon_set_alt_rootpath(3) sets an alternate rootpath. */
|
|
int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath)
|
|
{
|
|
- int len;
|
|
+ size_t len;
|
|
|
|
/* This should be NULL on first use */
|
|
if (rootpath)
|
|
--
|
|
2.27.0
|
|
|