libsepol/backport-libsepol-ensure-transitivity-in-compare-functions.patch

From b52e27aeaa563ac998345a6a670493172411b166 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 31 Jan 2024 13:56:10 +0100
Subject: [PATCH] libsepol: ensure transitivity in compare functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ensure comparison functions used by qsort(3) fulfill transitivity, since
otherwise the resulting array might not be sorted correctly or worse[1]
in case of integer overflows.

[1]: https://www.qualys.com/2024/01/30/qsort.txt

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 libsepol/src/kernel_to_common.c | 2 +-
 libsepol/src/module_to_cil.c    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
index 2422eed08..44f0be23a 100644
--- a/libsepol/src/kernel_to_common.c
+++ b/libsepol/src/kernel_to_common.c
@@ -503,7 +503,7 @@ static int ibendport_data_cmp(const void *a, const void *b)
 	if (rc)
 		return rc;
 
-	return (*aa)->u.ibendport.port - (*bb)->u.ibendport.port;
+	return spaceship_cmp((*aa)->u.ibendport.port, (*bb)->u.ibendport.port);
 }
 
 static int pirq_data_cmp(const void *a, const void *b)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 0fce7cc7e..6699a46be 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -1681,7 +1681,7 @@ static int class_perm_cmp(const void *a, const void *b)
 	const struct class_perm_datum *aa = a;
 	const struct class_perm_datum *bb = b;
 
-	return aa->val - bb->val;
+	return spaceship_cmp(aa->val, bb->val);
 }
 
 static int common_to_cil(char *key, void *data, void *UNUSED(arg))