policycoreutils/backport-setfiles-avoid-unsigned-integer-underflow.patch

From fc2e9318d0a1b2ec331f6af25e70358f130d003b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 19 Dec 2023 17:09:33 +0100
Subject: [PATCH] setfiles: avoid unsigned integer underflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While well-defined unsigned integer underflow might signal a logic
mistake or processing of unchecked user input.  Please Clang's undefined
behavior sanitizer:

    restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long'

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 policycoreutils/setfiles/restore.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 6131f46a..d045e948 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -77,8 +77,8 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
 		 long unsigned *skipped_errors)
 {
 	glob_t globbuf;
-	size_t i = 0;
-	int len, rc, errors;
+	size_t i, len;
+	int rc, errors;
 
 	memset(&globbuf, 0, sizeof(globbuf));
 
@@ -88,10 +88,10 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
 		return errors;
 
 	for (i = 0; i < globbuf.gl_pathc; i++) {
-		len = strlen(globbuf.gl_pathv[i]) - 2;
-		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+		len = strlen(globbuf.gl_pathv[i]);
+		if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0)
 			continue;
-		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+		if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0)
 			continue;
 		rc = selinux_restorecon_parallel(globbuf.gl_pathv[i],
 						 opts->restorecon_flags,
-- 
2.33.0
Backport patch from upstream to avoid unsigned integer underflow (cherry picked from commit 18bf17ad48041cbf7d0b8a0e48aded97d3c06252) 2024-03-20 14:05:13 +08:00			`From fc2e9318d0a1b2ec331f6af25e70358f130d003b Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>`
			`Date: Tue, 19 Dec 2023 17:09:33 +0100`
			`Subject: [PATCH] setfiles: avoid unsigned integer underflow`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`While well-defined unsigned integer underflow might signal a logic`
			`mistake or processing of unchecked user input. Please Clang's undefined`
			`behavior sanitizer:`

			`restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long'`

			`Signed-off-by: Christian Göttsche <cgzones@googlemail.com>`
			`Acked-by: James Carter <jwcart2@gmail.com>`
			`---`
			`policycoreutils/setfiles/restore.c \| 10 +++++-----`
			`1 file changed, 5 insertions(+), 5 deletions(-)`

			`diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c`
			`index 6131f46a..d045e948 100644`
			`--- a/policycoreutils/setfiles/restore.c`
			`+++ b/policycoreutils/setfiles/restore.c`
			`@@ -77,8 +77,8 @@ int process_glob(char name, struct restore_opts opts, size_t nthreads,`
			`long unsigned *skipped_errors)`
			`{`
			`glob_t globbuf;`
			`- size_t i = 0;`
			`- int len, rc, errors;`
			`+ size_t i, len;`
			`+ int rc, errors;`

			`memset(&globbuf, 0, sizeof(globbuf));`

			`@@ -88,10 +88,10 @@ int process_glob(char name, struct restore_opts opts, size_t nthreads,`
			`return errors;`

			`for (i = 0; i < globbuf.gl_pathc; i++) {`
			`- len = strlen(globbuf.gl_pathv[i]) - 2;`
			`- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)`
			`+ len = strlen(globbuf.gl_pathv[i]);`
			`+ if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0)`
			`continue;`
			`- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)`
			`+ if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0)`
			`continue;`
			`rc = selinux_restorecon_parallel(globbuf.gl_pathv[i],`
			`opts->restorecon_flags,`
			`--`
			`2.33.0`