python/semanage: check variable type of port before trying to split
diff mbox series

Message ID CAHduLLQV07RPLcV-3ffaebEosQS_DRAk_7ZconHbdkx8oAHejQ@mail.gmail.com
State Accepted
Headers show
Series
  • python/semanage: check variable type of port before trying to split
Related show

Commit Message

Joshua Schmidlkofer Dec. 7, 2019, 12:17 a.m. UTC
While using Ansible's Selinux module to manage ports, I discovered
that numerical ports caused an unhandled exception in 'seobject.py'.
This appears to be a bug, and I am proposing a fix which checks the
type of the argument before operating on it.  This maintains the
original functionality in the case of a string, and acts in the same
fashion if you supply an integer.

I did not find any open bug report against the SELinux project. The
downstream bug report is here:
https://github.com/ansible/ansible/issues/60968


Signed-off-by: Joshua Schmidlkofer <joshua@joshuainnovates.us>
---
 python/semanage/seobject.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

--
2.23.0

Comments

Stephen Smalley Dec. 10, 2019, 8:38 p.m. UTC | #1
On 12/6/19 7:17 PM, Joshua Schmidlkofer wrote:
> While using Ansible's Selinux module to manage ports, I discovered
> that numerical ports caused an unhandled exception in 'seobject.py'.
> This appears to be a bug, and I am proposing a fix which checks the
> type of the argument before operating on it.  This maintains the
> original functionality in the case of a string, and acts in the same
> fashion if you supply an integer.
> 
> I did not find any open bug report against the SELinux project. The
> downstream bug report is here:
> https://github.com/ansible/ansible/issues/60968
> 
> 
> Signed-off-by: Joshua Schmidlkofer <joshua@joshuainnovates.us>

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>   python/semanage/seobject.py | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index dc413ca5..0e9ce290 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -1070,7 +1070,11 @@ class portRecords(semanageRecords):
>           if port == "":
>               raise ValueError(_("Port is required"))
> 
> -        ports = port.split("-")
> +        if isinstance(port, str):
> +            ports = port.split('-', 1)
> +        else:
> +            ports = (port,)
> +
>           if len(ports) == 1:
>               high = low = int(ports[0])
>           else:
> --
> 2.23.0
>
Stephen Smalley Dec. 11, 2019, 3:54 p.m. UTC | #2
On 12/10/19 3:38 PM, Stephen Smalley wrote:
> On 12/6/19 7:17 PM, Joshua Schmidlkofer wrote:
>> While using Ansible's Selinux module to manage ports, I discovered
>> that numerical ports caused an unhandled exception in 'seobject.py'.
>> This appears to be a bug, and I am proposing a fix which checks the
>> type of the argument before operating on it.  This maintains the
>> original functionality in the case of a string, and acts in the same
>> fashion if you supply an integer.
>>
>> I did not find any open bug report against the SELinux project. The
>> downstream bug report is here:
>> https://github.com/ansible/ansible/issues/60968
>>
>>
>> Signed-off-by: Joshua Schmidlkofer <joshua@joshuainnovates.us>
> 
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

Thanks, applied.

> 
>> ---
>>   python/semanage/seobject.py | 6 +++++-
>>   1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
>> index dc413ca5..0e9ce290 100644
>> --- a/python/semanage/seobject.py
>> +++ b/python/semanage/seobject.py
>> @@ -1070,7 +1070,11 @@ class portRecords(semanageRecords):
>>           if port == "":
>>               raise ValueError(_("Port is required"))
>>
>> -        ports = port.split("-")
>> +        if isinstance(port, str):
>> +            ports = port.split('-', 1)
>> +        else:
>> +            ports = (port,)
>> +
>>           if len(ports) == 1:
>>               high = low = int(ports[0])
>>           else:
>> -- 
>> 2.23.0
>>
>

Patch
diff mbox series

diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index dc413ca5..0e9ce290 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -1070,7 +1070,11 @@  class portRecords(semanageRecords):
         if port == "":
             raise ValueError(_("Port is required"))

-        ports = port.split("-")
+        if isinstance(port, str):
+            ports = port.split('-', 1)
+        else:
+            ports = (port,)
+
         if len(ports) == 1:
             high = low = int(ports[0])
         else: