From 50f3cfd27b59f1a5efdf728827974ad02472c0b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 11 Nov 2024 15:16:43 +0100 Subject: [PATCH] libsemanage: check for path formatting failures MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian Göttsche Acked-by: James Carter Conflict:NA Reference:https://github.com/SELinuxProject/selinux/commit/50f3cfd27b59f1a5efdf728827974ad02472c0b2 --- src/semanage_store.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/semanage_store.c b/src/semanage_store.c index 23b91ae2..2cd992eb 100644 --- a/src/semanage_store.c +++ b/src/semanage_store.c @@ -798,7 +798,7 @@ static int semanage_copy_dir(const char *src, const char *dst) * well. Returns 0 on success, -1 on error. */ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) { - int i, len = 0, retval = -1; + int i, len = 0, rc, retval = -1; struct stat sb; struct dirent **names = NULL; char path[PATH_MAX], path2[PATH_MAX]; @@ -822,13 +822,21 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) } for (i = 0; i < len; i++) { - snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name); + rc = snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name); + if (rc < 0 || (size_t)rc >= sizeof(path)) { + errno = EOVERFLOW; + goto cleanup; + } /* stat() to see if this entry is a file or not since * d_type isn't set properly on XFS */ if (stat(path, &sb)) { goto cleanup; } - snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name); + rc = snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name); + if (rc < 0 || (size_t)rc >= sizeof(path2)) { + errno = EOVERFLOW; + goto cleanup; + } if (S_ISDIR(sb.st_mode)) { mask = umask(0077); if (mkdir(path2, 0700) == -1 || @@ -862,7 +870,7 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) int semanage_remove_directory(const char *path) { struct dirent **namelist = NULL; - int num_entries, i; + int num_entries, i, rc; if ((num_entries = scandir(path, &namelist, semanage_filename_select, NULL)) == -1) { return -1; @@ -870,7 +878,11 @@ int semanage_remove_directory(const char *path) for (i = 0; i < num_entries; i++) { char s[PATH_MAX]; struct stat buf; - snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name); + rc = snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name); + if (rc < 0 || (size_t)rc >= sizeof(s)) { + errno = EOVERFLOW; + return -2; + } if (stat(s, &buf) == -1) { return -2; } -- 2.33.0