packages/libsemanage
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport patches from upstream

Browse Source 
(cherry picked from commit a6c5156e71001ac8cf1b559ce274e5306006cede)
This commit is contained in:
hugel 2025-03-17 14:22:24 +08:00 committed by openeuler-sync-bot
parent ac87612eef
commit 670213ce64
12 changed files with 1089 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
backport-libsemanage-avoid-leak-on-realloc-failure.patch Normal file
View File

@ -0,0 +1,44 @@
From 73f958b01aa15c55cd69f188b8a5ed44601ac406 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 11 Nov 2024 15:16:38 +0100
Subject: [PATCH] libsemanage: avoid leak on realloc failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/73f958b01aa15c55cd69f188b8a5ed44601ac406
---
src/direct_api.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/direct_api.c b/src/direct_api.c
index ed4343dc..288e491a 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -599,12 +599,16 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int
while ((read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0) {
data_read_len += read_len;
if (data_read_len == max_len) {
+ char *tmp;
+
max_len *= 2;
- data_read = realloc(data_read, max_len);
- if (data_read == NULL) {
+ tmp = realloc(data_read, max_len);
+ if (tmp == NULL) {
ERR(sh, "Failed to realloc, out of memory.\n");
+ free(data_read);
return -1;
}
+ data_read = tmp;
}
}
--
2.33.0

168
backport-libsemanage-check-closing-written-files.patch Normal file
View File

@ -0,0 +1,168 @@
From 2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 25 Nov 2024 12:18:36 +0100
Subject: [PATCH] libsemanage: check closing written files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Check that closing a file that has been written to is successful, to
avoid potential unsuccessful writes/syncs.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504
---
src/database_file.c | 5 ++++-
src/direct_api.c | 15 +++++++++------
src/genhomedircon.c | 3 ++-
src/semanage_store.c | 18 +++++++++++++-----
4 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/src/database_file.c b/src/database_file.c
index 47814254..214dbe6c 100644
--- a/src/database_file.c
+++ b/src/database_file.c
@@ -149,7 +149,10 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
}
dbase_llist_set_modified(&dbase->llist, 0);
- fclose(str);
+ if (fclose(str) != 0 && errno != EINTR) {
+ str = NULL;
+ goto err;
+ }
return STATUS_SUCCESS;
err:
diff --git a/src/direct_api.c b/src/direct_api.c
index 0e7ef4da..87c7627d 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -467,7 +467,10 @@ static int write_file(semanage_handle_t * sh,
close(out);
return -1;
}
- close(out);
+ if (close(out) == -1 && errno != EINTR) {
+ ERR(sh, "Error while closing %s.", filename);
+ return -1;
+ }
return 0;
}
@@ -839,7 +842,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
goto cleanup;
}
- if (fclose(fp) != 0) {
+ if (fclose(fp) != 0 && errno != EINTR) {
ERR(sh, "Unable to close %s module ext file.", modinfo->name);
fp = NULL;
ret = -1;
@@ -1216,7 +1219,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
FILE *touch;
touch = fopen(path, "we");
if (touch != NULL) {
- if (fclose(touch) != 0) {
+ if (fclose(touch) != 0 && errno != EINTR) {
ERR(sh, "Error attempting to create disable_dontaudit flag.");
goto cleanup;
}
@@ -1248,7 +1251,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
FILE *touch;
touch = fopen(path, "we");
if (touch != NULL) {
- if (fclose(touch) != 0) {
+ if (fclose(touch) != 0 && errno != EINTR) {
ERR(sh, "Error attempting to create preserve_tunable flag.");
goto cleanup;
}
@@ -2120,7 +2123,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
ret = fclose(fp);
fp = NULL;
- if (ret != 0) {
+ if (ret != 0 && errno != EINTR) {
ERR(sh,
"Unable to close disabled file for module %s",
modkey->name);
@@ -2321,7 +2324,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
free(tmp);
tmp = NULL;
- if (fclose(fp) != 0) {
+ if (fclose(fp) != 0 && errno != EINTR) {
fp = NULL;
ERR(sh,
"Unable to close %s module lang ext file.",
diff --git a/src/genhomedircon.c b/src/genhomedircon.c
index 4949bc75..19543799 100644
--- a/src/genhomedircon.c
+++ b/src/genhomedircon.c
@@ -1429,7 +1429,8 @@ int semanage_genhomedircon(semanage_handle_t * sh,
done:
if (out != NULL)
- fclose(out);
+ if (fclose(out) != 0 && errno != EINTR)
+ retval = STATUS_ERR;
while (s.fallback)
pop_user_entry(&(s.fallback));
diff --git a/src/semanage_store.c b/src/semanage_store.c
index cdb495cb..e44efc16 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -717,7 +717,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst,
errsv = errno;
retval = -1;
}
- if (close(out) < 0) {
+ if (close(out) < 0 && errno != EINTR) {
errsv = errno;
retval = -1;
}
@@ -1536,9 +1536,11 @@ int semanage_split_fc(semanage_handle_t * sh)
if (file_con)
fclose(file_con);
if (fc >= 0)
- close(fc);
+ if (close(fc) == -1 && errno != EINTR)
+ retval = -1;
if (hd >= 0)
- close(hd);
+ if (close(hd) == -1 && errno != EINTR)
+ retval = -1;
return retval;
@@ -1732,7 +1734,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
close(fd);
return -1;
}
- close(fd);
+ if (close(fd) == -1 && errno != EINTR) {
+ ERR(sh, "Error while closing commit number file %s.",
+ commit_filename);
+ return -1;
+ }
/* sync changes in sandbox to filesystem */
fd = open(sandbox, O_DIRECTORY | O_CLOEXEC);
@@ -2157,7 +2163,9 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out,
cleanup:
if (outfile != NULL) {
- fclose(outfile);
+ if (fclose(outfile) != 0 && errno != EINTR) {
+ retval = STATUS_ERR;
+ }
}
umask(mask);
sepol_policy_file_free(pf);
--
2.33.0

80
backport-libsemanage-check-for-path-formatting-failures.patch Normal file
View File

@ -0,0 +1,80 @@
From 50f3cfd27b59f1a5efdf728827974ad02472c0b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 11 Nov 2024 15:16:43 +0100
Subject: [PATCH] libsemanage: check for path formatting failures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/50f3cfd27b59f1a5efdf728827974ad02472c0b2
---
src/semanage_store.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/semanage_store.c b/src/semanage_store.c
index 23b91ae2..2cd992eb 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -798,7 +798,7 @@ static int semanage_copy_dir(const char *src, const char *dst)
* well. Returns 0 on success, -1 on error. */
static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
{
- int i, len = 0, retval = -1;
+ int i, len = 0, rc, retval = -1;
struct stat sb;
struct dirent **names = NULL;
char path[PATH_MAX], path2[PATH_MAX];
@@ -822,13 +822,21 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
}
for (i = 0; i < len; i++) {
- snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name);
+ rc = snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name);
+ if (rc < 0 || (size_t)rc >= sizeof(path)) {
+ errno = EOVERFLOW;
+ goto cleanup;
+ }
/* stat() to see if this entry is a file or not since
* d_type isn't set properly on XFS */
if (stat(path, &sb)) {
goto cleanup;
}
- snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name);
+ rc = snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name);
+ if (rc < 0 || (size_t)rc >= sizeof(path2)) {
+ errno = EOVERFLOW;
+ goto cleanup;
+ }
if (S_ISDIR(sb.st_mode)) {
mask = umask(0077);
if (mkdir(path2, 0700) == -1 ||
@@ -862,7 +870,7 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag)
int semanage_remove_directory(const char *path)
{
struct dirent **namelist = NULL;
- int num_entries, i;
+ int num_entries, i, rc;
if ((num_entries = scandir(path, &namelist, semanage_filename_select,
NULL)) == -1) {
return -1;
@@ -870,7 +878,11 @@ int semanage_remove_directory(const char *path)
for (i = 0; i < num_entries; i++) {
char s[PATH_MAX];
struct stat buf;
- snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name);
+ rc = snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name);
+ if (rc < 0 || (size_t)rc >= sizeof(s)) {
+ errno = EOVERFLOW;
+ return -2;
+ }
if (stat(s, &buf) == -1) {
return -2;
}
--
2.33.0

52
backport-libsemanage-check-memory-allocations.patch Normal file
View File

@ -0,0 +1,52 @@
From 7a35e57c64faedbb11a880652604b36dd35afad1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 11 Nov 2024 15:16:30 +0100
Subject: [PATCH] libsemanage: check memory allocations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/7a35e57c64faedbb11a880652604b36dd35afad1
---
src/conf-parse.y | 6 ++++++
src/handle.c | 2 ++
2 files changed, 8 insertions(+)
diff --git a/src/conf-parse.y b/src/conf-parse.y
index 2b131eeb..b93080cd 100644
--- a/src/conf-parse.y
+++ b/src/conf-parse.y
@@ -382,6 +382,12 @@ static int semanage_conf_init(semanage_conf_t * conf)
conf->save_previous = 0;
conf->save_linked = 0;
+ if (!conf->store_path ||
+ !conf->store_root_path ||
+ !conf->compiler_directory_path) {
+ return -1;
+ }
+
if ((conf->load_policy =
calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) {
return -1;
diff --git a/src/handle.c b/src/handle.c
index d5baa614..f048f6d7 100644
--- a/src/handle.c
+++ b/src/handle.c
@@ -45,6 +45,8 @@ int semanage_set_root(const char *root)
{
free(private_semanage_root);
private_semanage_root = strdup(root);
+ if (!private_semanage_root)
+ return -1;
return 0;
}
--
2.33.0

47
backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch Normal file
View File

@ -0,0 +1,47 @@
From 9b4eff9222b24d4b5f2784db281f4f53019263b0 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 25 Oct 2024 20:32:07 +0200
Subject: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read()
The following statement is always true if read_len is unsigned:
(read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0
Fixes:
Error: INTEGER_OVERFLOW (CWE-190): [#def19] [important]
libsemanage-3.7/src/direct_api.c:598:2: tainted_data_return: Called function "read(fd, data_read + data_read_len, max_len - data_read_len)", and a possible return value may be less than zero.
libsemanage-3.7/src/direct_api.c:598:2: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow.
libsemanage-3.7/src/direct_api.c:599:3: overflow: The expression "data_read_len += read_len" is deemed underflowed because at least one of its arguments has underflowed.
libsemanage-3.7/src/direct_api.c:598:2: overflow: The expression "max_len - data_read_len" is deemed underflowed because at least one of its arguments has underflowed.
libsemanage-3.7/src/direct_api.c:598:2: overflow_sink: "max_len - data_read_len", which might have underflowed, is passed to "read(fd, data_read + data_read_len, max_len - data_read_len)". [Note: The source code implementation of the function has been overridden by a builtin model.]
\# 596| }
\# 597|
\# 598|-> while ((read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0) {
\# 599| data_read_len += read_len;
\# 600| if (data_read_len == max_len) {
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/9b4eff9222b24d4b5f2784db281f4f53019263b0
---
src/direct_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/direct_api.c b/src/direct_api.c
index d740070d..7631c7bf 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -582,7 +582,7 @@ cleanup:
static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int fd, char **out_data_read, size_t *out_read_len)
{
size_t max_len = initial_len;
- size_t read_len = 0;
+ ssize_t read_len = 0;
size_t data_read_len = 0;
char *data_read = NULL;
--
2.33.0

40
backport-libsemanage-fix-asprintf-error-branch.patch Normal file
View File

@ -0,0 +1,40 @@
From 44f1323941cd3053e2cd5cdd6995667feca5fb52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 11 Nov 2024 15:16:37 +0100
Subject: [PATCH] libsemanage: fix asprintf error branch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The content of the first argument after a failure of asprintf(3) is
undefined and must not be used.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/44f1323941cd3053e2cd5cdd6995667feca5fb52
---
src/boolean_record.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/boolean_record.c b/src/boolean_record.c
index 40dc6545..7878b04d 100644
--- a/src/boolean_record.c
+++ b/src/boolean_record.c
@@ -107,8 +107,10 @@ int semanage_bool_set_name(semanage_handle_t * handle,
end++;
*end = '\0';
rc = asprintf(&newroot, "%s%s%s", prefix, olddir, storename);
- if (rc < 0)
+ if (rc < 0) {
+ newroot = NULL;
goto out;
+ }
if (strcmp(oldroot, newroot)) {
rc = selinux_set_policy_root(newroot);
--
2.33.0

73
backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch Normal file
View File

@ -0,0 +1,73 @@
From 61856379a15a7ed311a7bc55178407d53e553d3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 11 Nov 2024 15:16:41 +0100
Subject: [PATCH] libsemanage: free ibdev names in
semanage_ibendport_validate_local()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/61856379a15a7ed311a7bc55178407d53e553d3a
---
src/ibendports_local.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/ibendports_local.c b/src/ibendports_local.c
index e696fdca..feebfa63 100644
--- a/src/ibendports_local.c
+++ b/src/ibendports_local.c
@@ -80,8 +80,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle)
semanage_ibendport_t **ibendports = NULL;
unsigned int nibendports = 0;
unsigned int i = 0, j = 0;
- char *ibdev_name;
- char *ibdev_name2;
+ char *ibdev_name = NULL;
+ char *ibdev_name2 = NULL;
int port;
int port2;
@@ -97,6 +97,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle)
while (i < nibendports) {
int stop = 0;
+ free(ibdev_name);
+ ibdev_name = NULL;
if (STATUS_SUCCESS !=
semanage_ibendport_get_ibdev_name(handle,
ibendports[i],
@@ -114,6 +116,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle)
if (j == nibendports - 1)
goto next;
j++;
+ free(ibdev_name2);
+ ibdev_name2 = NULL;
if (STATUS_SUCCESS !=
semanage_ibendport_get_ibdev_name(handle,
ibendports[j],
@@ -136,6 +140,8 @@ next:
j = i;
}
+ free(ibdev_name);
+ free(ibdev_name2);
for (i = 0; i < nibendports; i++)
semanage_ibendport_free(ibendports[i]);
free(ibendports);
@@ -145,6 +151,8 @@ err:
ERR(handle, "could not complete ibendports validity check");
invalid:
+ free(ibdev_name);
+ free(ibdev_name2);
for (i = 0; i < nibendports; i++)
semanage_ibendport_free(ibendports[i]);
free(ibendports);
--
2.33.0

115
backport-libsemanage-free-resources-on-failed-connect-attempt.patch Normal file
View File

@ -0,0 +1,115 @@
From e6d03452223c2404b9cfd04855ac8fca556e409d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 11 Nov 2024 15:16:32 +0100
Subject: [PATCH] libsemanage: free resources on failed connect attempt
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case connecting to the semanage database fails, free all already
allocated resources.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/e6d03452223c2404b9cfd04855ac8fca556e409d
---
src/database_activedb.c | 3 +++
src/database_file.c | 3 +++
src/database_join.c | 3 +++
src/database_policydb.c | 2 +-
src/direct_api.c | 1 +
src/handle.c | 5 ++---
6 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/database_activedb.c b/src/database_activedb.c
index fa6b6105..e0369963 100644
--- a/src/database_activedb.c
+++ b/src/database_activedb.c
@@ -139,6 +139,9 @@ int dbase_activedb_init(semanage_handle_t * handle,
void dbase_activedb_release(dbase_activedb_t * dbase)
{
+ if (!dbase)
+ return;
+
dbase_llist_drop_cache(&dbase->llist);
free(dbase);
}
diff --git a/src/database_file.c b/src/database_file.c
index a7773fb5..09b32f8f 100644
--- a/src/database_file.c
+++ b/src/database_file.c
@@ -191,6 +191,9 @@ int dbase_file_init(semanage_handle_t * handle,
void dbase_file_release(dbase_file_t * dbase)
{
+ if (!dbase)
+ return;
+
dbase_llist_drop_cache(&dbase->llist);
free(dbase);
}
diff --git a/src/database_join.c b/src/database_join.c
index 2a2008e8..bf260952 100644
--- a/src/database_join.c
+++ b/src/database_join.c
@@ -271,6 +271,9 @@ int dbase_join_init(semanage_handle_t * handle,
void dbase_join_release(dbase_join_t * dbase)
{
+ if (!dbase)
+ return;
+
dbase_llist_drop_cache(&dbase->llist);
free(dbase);
}
diff --git a/src/database_policydb.c b/src/database_policydb.c
index 95418365..54b82958 100644
--- a/src/database_policydb.c
+++ b/src/database_policydb.c
@@ -44,7 +44,7 @@ struct dbase_policydb {
static void dbase_policydb_drop_cache(dbase_policydb_t * dbase)
{
- if (dbase->cache_serial >= 0) {
+ if (dbase && dbase->cache_serial >= 0) {
sepol_policydb_free(dbase->policydb);
dbase->cache_serial = -1;
dbase->modified = 0;
diff --git a/src/direct_api.c b/src/direct_api.c
index 8f8dc0da..ed4343dc 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -321,6 +321,7 @@ int semanage_direct_connect(semanage_handle_t * sh)
err:
ERR(sh, "could not establish direct connection");
+ (void) semanage_direct_disconnect(sh);
return STATUS_ERR;
}
diff --git a/src/handle.c b/src/handle.c
index f048f6d7..9bb84546 100644
--- a/src/handle.c
+++ b/src/handle.c
@@ -361,12 +361,11 @@ int semanage_access_check(semanage_handle_t * sh)
int semanage_disconnect(semanage_handle_t * sh)
{
- assert(sh != NULL && sh->funcs != NULL
- && sh->funcs->disconnect != NULL);
+ assert(sh != NULL);
if (!sh->is_connected) {
return 0;
}
- if (sh->funcs->disconnect(sh) < 0) {
+ if (sh->funcs && sh->funcs->disconnect(sh) < 0) {
return -1;
}
sh->is_in_transaction = 0;
--
2.33.0

35
backport-libsemanage-handle-cil_set_handle_unknown-failure.patch Normal file
View File

@ -0,0 +1,35 @@
From 419a76e65693affcf89746fe9b9ad20c62e541bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 25 Nov 2024 12:18:33 +0100
Subject: [PATCH] libsemanage: handle cil_set_handle_unknown() failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Conflict:Context adaptation
Reference:https://github.com/SELinuxProject/selinux/commit/419a76e65693affcf89746fe9b9ad20c62e541bb
---
src/direct_api.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/direct_api.c b/src/direct_api.c
index 85876676..a271a576 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -1417,7 +1417,9 @@ rebuild:
cil_set_policy_version(cildb, sh->conf->policyvers);
if (sh->conf->handle_unknown != -1) {
- cil_set_handle_unknown(cildb, sh->conf->handle_unknown);
+ retval = cil_set_handle_unknown(cildb, sh->conf->handle_unknown);
+ if (retval < 0)
+ goto cleanup;
}
retval = semanage_load_files(sh, cildb, mod_filenames, num_modinfos);
--
2.33.0

55
backport-libsemanage-open-lock_file-with-O_RDWR.patch Normal file
View File

@ -0,0 +1,55 @@
From 267d4f9bf5bce81eaaf2192ea297db0fadc173b9 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Mon, 11 Nov 2024 13:32:50 +0100
Subject: [PATCH] libsemanage: open lock_file with O_RDWR
man 2 flock:
Since Linux 2.6.12, NFS clients support flock() locks by emulating
them as fcntl(2) byte-range locks on the entire file. This means
that fcntl(2) and flock() locks do interact with one another
over NFS. It also means that in order to place an exclusive lock,
the file must be opened for writing.
Fixes:
# semanage fcontext -d -e /home /tmp/testdir
libsemanage.semanage_get_lock: Error obtaining direct transaction lock at /var/lib/selinux/targeted/semanage.trans.LOCK. (Bad file descriptor).
OSError: Bad file descriptor
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
Conflict:NA
Reference:https://github.com/SELinuxProject/selinux/commit/267d4f9bf5bce81eaaf2192ea297db0fadc173b9
---
src/semanage_store.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/semanage_store.c b/src/semanage_store.c
index 0ac2e5b2..c26f5667 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -1899,14 +1899,12 @@ static int semanage_get_lock(semanage_handle_t * sh,
struct timeval origtime, curtime;
int got_lock = 0;
- if ((fd = open(lock_file, O_RDONLY)) == -1) {
- if ((fd =
- open(lock_file, O_RDWR | O_CREAT | O_TRUNC,
- S_IRUSR | S_IWUSR)) == -1) {
- ERR(sh, "Could not open direct %s at %s.", lock_name,
- lock_file);
- return -1;
- }
+ if ((fd =
+ open(lock_file, O_RDWR | O_CREAT | O_TRUNC,
+ S_IRUSR | S_IWUSR)) == -1) {
+ ERR(sh, "Could not open direct %s at %s.", lock_name,
+ lock_file);
+ return -1;
}
if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) {
ERR(sh, "Could not set close-on-exec for %s at %s.", lock_name,
--
2.33.0

364
backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch Normal file
View File

@ -0,0 +1,364 @@
From f1eb41d1061b0aafce406ac6e2352de149d4e641 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 25 Nov 2024 12:18:32 +0100
Subject: [PATCH] libsemanage: set O_CLOEXEC flag for file descriptors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Close internal managed file descriptors in case of an concurrent execve.
Also avoid leaking file descriptors in get_shell_list().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Conflict:Context adaptation in compressed_file.c, database_policydb.c and semanage_store.c.
There is no semanage_setfiles() function.
Reference:https://github.com/SELinuxProject/selinux/commit/f1eb41d1061b0aafce406ac6e2352de149d4e641
---
src/compressed_file.c | 4 ++--
src/conf-parse.y | 2 +-
src/database_file.c | 2 +-
src/database_policydb.c | 2 +-
src/direct_api.c | 20 ++++++++++----------
src/genhomedircon.c | 8 +++++---
src/parse_utils.c | 2 +-
src/semanage_store.c | 24 ++++++++++++------------
src/utilities.c | 2 +-
9 files changed, 34 insertions(+), 32 deletions(-)
diff --git a/src/compressed_file.c b/src/compressed_file.c
index e62d2a18..e4a1efb0 100644
--- a/src/compressed_file.c
+++ b/src/compressed_file.c
@@ -48,7 +48,7 @@ static int bzip(semanage_handle_t *sh, const char *filename, void *data,
size_t len = 0;
FILE *f;
- if ((f = fopen(filename, "wb")) == NULL) {
+ if ((f = fopen(filename, "wbe")) == NULL) {
return -1;
}
@@ -177,7 +177,7 @@ int map_compressed_file(semanage_handle_t *sh, const char *path,
int ret = 0, fd = -1;
FILE *file = NULL;
- fd = open(path, O_RDONLY);
+ fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd == -1) {
ERR(sh, "Unable to open %s\n", path);
return -1;
diff --git a/src/conf-parse.y b/src/conf-parse.y
index d6481359..b2b84892 100644
--- a/src/conf-parse.y
+++ b/src/conf-parse.y
@@ -468,7 +468,7 @@ semanage_conf_t *semanage_conf_parse(const char *config_filename)
if (semanage_conf_init(current_conf) == -1) {
goto cleanup;
}
- if ((semanage_in = fopen(config_filename, "r")) == NULL) {
+ if ((semanage_in = fopen(config_filename, "re")) == NULL) {
/* configuration file does not exist or could not be
* read. THIS IS NOT AN ERROR. just rely on the
* defaults. */
diff --git a/src/database_file.c b/src/database_file.c
index 42e308d5..a54c5aee 100644
--- a/src/database_file.c
+++ b/src/database_file.c
@@ -127,7 +127,7 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
fname = dbase->path[handle->is_in_transaction];
mask = umask(0077);
- str = fopen(fname, "w");
+ str = fopen(fname, "we");
umask(mask);
if (!str) {
ERR(handle, "could not open %s for writing: %s",
diff --git a/src/database_policydb.c b/src/database_policydb.c
index da64a3ad..62467d15 100644
--- a/src/database_policydb.c
+++ b/src/database_policydb.c
@@ -111,7 +111,7 @@ static int dbase_policydb_cache(semanage_handle_t * handle,
/* Try opening file
* ENOENT is not fatal - we just create an empty policydb */
- fp = fopen(fname, "rb");
+ fp = fopen(fname, "rbe");
if (fp == NULL && errno != ENOENT) {
ERR(handle, "could not open %s for reading: %s",
fname, strerror(errno));
diff --git a/src/direct_api.c b/src/direct_api.c
index d5299796..85876676 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -457,7 +457,7 @@ static int write_file(semanage_handle_t * sh,
int out;
if ((out =
- open(filename, O_WRONLY | O_CREAT | O_TRUNC,
+ open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
S_IRUSR | S_IWUSR)) == -1) {
ERR(sh, "Could not open %s for writing.", filename);
return -1;
@@ -644,17 +644,17 @@ static int semanage_pipe_data(semanage_handle_t *sh, const char *path, const cha
*/
sigaction(SIGPIPE, &new_signal, &old_signal);
- retval = pipe(input_fd);
+ retval = pipe2(input_fd, O_CLOEXEC);
if (retval == -1) {
ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno));
goto cleanup;
}
- retval = pipe(output_fd);
+ retval = pipe2(output_fd, O_CLOEXEC);
if (retval == -1) {
ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno));
goto cleanup;
}
- retval = pipe(err_fd);
+ retval = pipe2(err_fd, O_CLOEXEC);
if (retval == -1) {
ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno));
goto cleanup;
@@ -826,7 +826,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
goto cleanup;
}
- fp = fopen(fn, "w");
+ fp = fopen(fn, "we");
if (fp == NULL) {
ERR(sh, "Unable to open %s module ext file.", modinfo->name);
ret = -1;
@@ -1077,7 +1077,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc
int fd, retval;
char *data;
- fd = open(path, O_RDONLY);
+ fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd == -1) {
if (errno != ENOENT) {
ERR(sh, "Unable to open %s: %s\n", path, strerror(errno));
@@ -1218,7 +1218,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
}
if (sepol_get_disable_dontaudit(sh->sepolh) == 1) {
FILE *touch;
- touch = fopen(path, "w");
+ touch = fopen(path, "we");
if (touch != NULL) {
if (fclose(touch) != 0) {
ERR(sh, "Error attempting to create disable_dontaudit flag.");
@@ -1250,7 +1250,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
if (sepol_get_preserve_tunables(sh->sepolh) == 1) {
FILE *touch;
- touch = fopen(path, "w");
+ touch = fopen(path, "we");
if (touch != NULL) {
if (fclose(touch) != 0) {
ERR(sh, "Error attempting to create preserve_tunable flag.");
@@ -2109,7 +2109,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
switch (enabled) {
case 0: /* disable the module */
mask = umask(0077);
- fp = fopen(fn, "w");
+ fp = fopen(fn, "we");
umask(mask);
if (fp == NULL) {
@@ -2296,7 +2296,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
goto cleanup;
}
- fp = fopen(fn, "r");
+ fp = fopen(fn, "re");
if (fp == NULL) {
ERR(sh,
diff --git a/src/genhomedircon.c b/src/genhomedircon.c
index fd2f8a89..53673645 100644
--- a/src/genhomedircon.c
+++ b/src/genhomedircon.c
@@ -218,7 +218,7 @@ static semanage_list_t *get_shell_list(void)
size_t buff_len = 0;
ssize_t len;
- shells = fopen(PATH_SHELLS_FILE, "r");
+ shells = fopen(PATH_SHELLS_FILE, "re");
if (!shells)
return default_shell_list();
while ((len = getline(&temp, &buff_len, shells)) > 0) {
@@ -227,11 +227,13 @@ static semanage_list_t *get_shell_list(void)
if (semanage_list_push(&list, temp)) {
free(temp);
semanage_list_destroy(&list);
+ fclose(shells);
return default_shell_list();
}
}
}
free(temp);
+ fclose(shells);
return list;
}
@@ -503,7 +505,7 @@ static semanage_list_t *make_template(genhomedircon_settings_t * s,
FILE *template_file = NULL;
semanage_list_t *template_data = NULL;
- template_file = fopen(s->homedir_template_path, "r");
+ template_file = fopen(s->homedir_template_path, "re");
if (!template_file)
return NULL;
template_data = semanage_slurp_file_filter(template_file, pred);
@@ -1413,7 +1415,7 @@ int semanage_genhomedircon(semanage_handle_t * sh,
s.h_semanage = sh;
s.policydb = policydb;
- if (!(out = fopen(s.fcfilepath, "w"))) {
+ if (!(out = fopen(s.fcfilepath, "we"))) {
/* couldn't open output file */
ERR(sh, "Could not open the file_context file for writing");
retval = STATUS_ERR;
diff --git a/src/parse_utils.c b/src/parse_utils.c
index 2f33f629..d1d6e930 100644
--- a/src/parse_utils.c
+++ b/src/parse_utils.c
@@ -45,7 +45,7 @@ void parse_release(parse_info_t * info)
int parse_open(semanage_handle_t * handle, parse_info_t * info)
{
- info->file_stream = fopen(info->filename, "r");
+ info->file_stream = fopen(info->filename, "re");
if (!info->file_stream && (errno != ENOENT)) {
ERR(handle, "could not open file %s: %s",
info->filename, strerror(errno));
diff --git a/src/semanage_store.c b/src/semanage_store.c
index 5cd2d219..d75aab68 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -585,7 +585,7 @@ int semanage_create_store(semanage_handle_t * sh, int create)
if (stat(path, &sb) == -1) {
if (errno == ENOENT && create) {
mask = umask(0077);
- if ((fd = creat(path, S_IRUSR | S_IWUSR)) == -1) {
+ if ((fd = open(path, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) {
umask(mask);
ERR(sh, "Could not create lock file at %s.",
path);
@@ -682,7 +682,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst,
if (n < 0 || n >= PATH_MAX)
return -1;
- if ((in = open(src, O_RDONLY)) == -1) {
+ if ((in = open(src, O_RDONLY | O_CLOEXEC)) == -1) {
return -1;
}
@@ -690,7 +690,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst,
mode = S_IRUSR | S_IWUSR;
mask = umask(0);
- if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) {
+ if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, mode)) == -1) {
umask(mask);
errsv = errno;
close(in);
@@ -1489,7 +1489,7 @@ int semanage_split_fc(semanage_handle_t * sh)
char buf[PATH_MAX] = { 0 };
/* I use fopen here instead of open so that I can use fgets which only reads a single line */
- file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "r");
+ file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "re");
if (!file_con) {
ERR(sh, "Could not open %s for reading.",
semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
@@ -1497,14 +1497,14 @@ int semanage_split_fc(semanage_handle_t * sh)
}
fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+ O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
if (fc < 0) {
ERR(sh, "Could not open %s for writing.",
semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC));
goto cleanup;
}
hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL),
- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
+ O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR);
if (hd < 0) {
ERR(sh, "Could not open %s for writing.",
semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL));
@@ -1719,7 +1719,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
memset(write_buf, 0, sizeof(write_buf));
snprintf(write_buf, sizeof(write_buf), "%d", commit_number);
if ((fd =
- open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC,
+ open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
S_IRUSR | S_IWUSR)) == -1) {
ERR(sh, "Could not open commit number file %s for writing.",
commit_filename);
@@ -1735,7 +1735,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
close(fd);
/* sync changes in sandbox to filesystem */
- fd = open(sandbox, O_DIRECTORY);
+ fd = open(sandbox, O_DIRECTORY | O_CLOEXEC);
if (fd == -1) {
ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno);
return -1;
@@ -1869,7 +1869,7 @@ static int semanage_get_lock(semanage_handle_t * sh,
int got_lock = 0;
if ((fd =
- open(lock_file, O_RDWR | O_CREAT | O_TRUNC,
+ open(lock_file, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC,
S_IRUSR | S_IWUSR)) == -1) {
ERR(sh, "Could not open direct %s at %s.", lock_name,
lock_file);
@@ -2013,7 +2013,7 @@ int semanage_direct_get_serial(semanage_handle_t * sh)
semanage_path(SEMANAGE_ACTIVE, SEMANAGE_COMMIT_NUM_FILE);
}
- if ((fd = open(commit_filename, O_RDONLY)) == -1) {
+ if ((fd = open(commit_filename, O_RDONLY | O_CLOEXEC)) == -1) {
if (errno == ENOENT) {
/* the commit number file does not exist yet,
* so assume that the number is 0 */
@@ -2093,7 +2093,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in,
semanage_path(SEMANAGE_ACTIVE, file)) == NULL) {
goto cleanup;
}
- if ((infile = fopen(kernel_filename, "r")) == NULL) {
+ if ((infile = fopen(kernel_filename, "re")) == NULL) {
ERR(sh, "Could not open kernel policy %s for reading.",
kernel_filename);
goto cleanup;
@@ -2136,7 +2136,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out,
semanage_path(SEMANAGE_TMP, file)) == NULL) {
goto cleanup;
}
- if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
+ if ((outfile = fopen(kernel_filename, "wbe")) == NULL) {
ERR(sh, "Could not open kernel policy %s for writing.",
kernel_filename);
goto cleanup;
diff --git a/src/utilities.c b/src/utilities.c
index 77b948fa..70b5b677 100644
--- a/src/utilities.c
+++ b/src/utilities.c
@@ -38,7 +38,7 @@ char *semanage_findval(const char *file, const char *var, const char *delim)
assert(file);
assert(var);
- if ((fd = fopen(file, "r")) == NULL)
+ if ((fd = fopen(file, "re")) == NULL)
return NULL;
while (getline(&buff, &buff_len, fd) > 0) {
--
2.33.0

17
libsemanage.spec
View File

@ -3,13 +3,25 @@
Name: libsemanage
Version: 3.5
Release: 1
Release: 2
License: LGPLv2+
Summary: SELinux binary policy manipulation library
URL: https://github.com/SELinuxProject/selinux/wiki
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsemanage-%{version}.tar.gz
Source1: semanage.conf
Patch6000: backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch
Patch6001: backport-libsemanage-open-lock_file-with-O_RDWR.patch
Patch6002: backport-libsemanage-check-memory-allocations.patch
Patch6003: backport-libsemanage-free-resources-on-failed-connect-attempt.patch
Patch6004: backport-libsemanage-fix-asprintf-error-branch.patch
Patch6005: backport-libsemanage-avoid-leak-on-realloc-failure.patch
Patch6006: backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch
Patch6007: backport-libsemanage-check-for-path-formatting-failures.patch
Patch6008: backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch
Patch6009: backport-libsemanage-check-closing-written-files.patch
Patch6010: backport-libsemanage-handle-cil_set_handle_unknown-failure.patch
Patch9000: fix-test-failure-with-secilc.patch
BuildRequires: gcc python3-devel bison flex bzip2-devel audit-libs-devel
@ -104,6 +116,9 @@ make test
%changelog
* Mon Mar 17 2025 hugel<gengqihu2@h-partners.com> - 3.5-2
- backport patches from upstream
* Mon Jul 17 2023 zhangguangzhi<zhangguangzhi3@huawei.com> - 3.5-1
- update version to 3.5