From patchwork Sat Nov 5 20:55:32 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 9413815 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EC1C960573 for ; Sat, 5 Nov 2016 20:57:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D3CDA296CB for ; Sat, 5 Nov 2016 20:57:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C6B3C296C1; Sat, 5 Nov 2016 20:57:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C6BA0296AB for ; Sat, 5 Nov 2016 20:57:19 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,597,1473120000"; d="scan'208";a="528639" IronPort-PHdr: =?us-ascii?q?9a23=3A7HTXshPrrKEM6E5wn8Ml6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0KPn4rarrMEGX3/hxlliBBdydsKMezbuP+Pm8ASQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09?= =?us-ascii?q?fr2zQd+IyZXunLnuo9X6WEZhvHKFe7R8LRG7/036l/I9ps9cEJs30QbDuXBSeu?= =?us-ascii?q?5blitCLFOXmAvgtI/rpMYwuxlKv7od0+IIEeCjJ+VrBYBfWS8rN2Ez+d3DqQjI?= =?us-ascii?q?TQzJ4GAVFGoRjElmGQ/AuTf7VZD1uzCyl+16wzLSacv3RrcwUC/k7qBsUwTAjX?= =?us-ascii?q?sXcTkj/zeE2YRLkKtHrUf59FREyInObdTQbaJz?= X-IPAS-Result: =?us-ascii?q?A2HXBACCRh5Y/wHyM5BcHAEBBAEBCgEBGAEFAQsBgwMBAQE?= =?us-ascii?q?BAR+BVLsKJYgRUwEBAQEBAQEBAgECXyiCMwQDEwWCFwI3FCAOAwkCFykICAMBL?= =?us-ascii?q?RUfCwUYBIg3BAGzFjgCg2eHSIY+iG4RAYV8BYhMkVuBa45OihiGA0mQZ1VWDTK?= =?us-ascii?q?DEx+BXnGFF3iBNQEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 05 Nov 2016 20:57:17 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uA5KugWB002334; Sat, 5 Nov 2016 16:56:51 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uA5Kudad167439 for ; Sat, 5 Nov 2016 16:56:39 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uA5KucDv002332 for ; Sat, 5 Nov 2016 16:56:39 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BlAABBRx5YhyIeaIFcHAEBBAEBCgEBgy4BAQEBAYFztnqEMIgWUwECAQEBAQECEwEBAQoLCQkdh2KIWAQBoFmSOoQhh0iGPolohRQFiEyRW4Frjk6QG0mQZ4E4gnYBCwFCH4FecYdEAQEB X-IPAS-Result: A1BlAABBRx5YhyIeaIFcHAEBBAEBCgEBgy4BAQEBAYFztnqEMIgWUwECAQEBAQECEwEBAQoLCQkdh2KIWAQBoFmSOoQhh0iGPolohRQFiEyRW4Frjk6QG0mQZ4E4gnYBCwFCH4FecYdEAQEB X-IronPort-AV: E=Sophos;i="5.31,597,1473134400"; d="scan'208";a="5806700" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 05 Nov 2016 16:56:06 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AbhRbhh0VvcsGr+P2smDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?segVIvad9pjvdHbS+e9qxAeQG96KsbQV0qGP7/iocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXsq3G/pQQfBg/4fVIs?= =?us-ascii?q?YL+kQMiD1o/ui7j60qaQSj0AvCC6b7J2IUf+hiTqne5Sv7FfLL0swADCuHpCdr?= =?us-ascii?q?ce72ppIVWOg0S0vZ/or9YwuxhX7uks889GTLXSY7UzTbseCi8vdW8y+p7Frx7G?= =?us-ascii?q?GC2O7XwYW35esx1PGBONuBf7VZD1uzC8t+16wzKyOJHmC7cuVmLxvO9QVBb0hX?= =?us-ascii?q?JfZHYC+2bNh5kogQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HaAACCRh5YhyIeaIFcHAEBBAEBCgEBF?= =?us-ascii?q?wEBBAEBCgEBgwMBAQEBAYFztnqEMIgWUwEBAQEBAQEBAgECEAEBAQoLCQkdMII?= =?us-ascii?q?zGIRniFgEAaBckjqEIYdIhj6JaIUUBYhMkVuBa45OkBtJkGeBOIJ2AQsBQh+BX?= =?us-ascii?q?nGHRAEBAQ?= X-IPAS-Result: =?us-ascii?q?A0HaAACCRh5YhyIeaIFcHAEBBAEBCgEBFwEBBAEBCgEBgwM?= =?us-ascii?q?BAQEBAYFztnqEMIgWUwEBAQEBAQEBAgECEAEBAQoLCQkdMIIzGIRniFgEAaBck?= =?us-ascii?q?jqEIYdIhj6JaIUUBYhMkVuBa45OkBtJkGeBOIJ2AQsBQh+BXnGHRAEBAQ?= X-IronPort-AV: E=Sophos;i="5.31,597,1473120000"; d="scan'208";a="528634" Received: from mx1.polytechnique.org ([129.104.30.34]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2016 20:56:05 +0000 Received: from localhost.localdomain (32.206.133.77.rev.sfr.net [77.133.206.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 41C3B56478A for ; Sat, 5 Nov 2016 21:56:04 +0100 (CET) From: Nicolas Iooss To: selinux@tycho.nsa.gov Subject: [PATCH 1/1] libselinux: remove rpm_execcon from SWIG wrappers Date: Sat, 5 Nov 2016 21:55:32 +0100 Message-Id: <20161105205532.3214-1-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.10.2 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Nov 5 21:56:04 2016 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP The Python wrapper of rpm_execcon() has several flaws: * An invalid call like selinux.rpm_execcon() triggers a segmentation fault. * The size of the buffer which is allocated to copy argv and envp is too small to hold all the values. * This allocated memory is leaked if one argument of rpm_execon() is not a sequence of bytes. The Ruby wrapper has no such flaws but can not be used as it is because it misses some glue code to convert argv and envp arguments to char *const [] values (even though the destructor is present!). As it is not possible to remove rpm_execcon() without changing libselinux soname (it would be an ABI break) like b67fefd991dd ("libselinux: set DISABLE_RPM default to y.") tried to do, disable this interface locally in the SWIG wrappers. Signed-off-by: Nicolas Iooss --- libselinux/src/selinuxswig_python.i | 42 +++++-------------------------------- libselinux/src/selinuxswig_ruby.i | 14 +++++-------- 2 files changed, 10 insertions(+), 46 deletions(-) diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i index 43df29153d7c..a239f30b4d2c 100644 --- a/libselinux/src/selinuxswig_python.i +++ b/libselinux/src/selinuxswig_python.i @@ -1,6 +1,11 @@ /* Author: James Athey */ +/* Never build rpm_execcon interface */ +#ifndef DISABLE_RPM +#define DISABLE_RPM +#endif + %module selinux %{ #include "selinux/selinux.h" @@ -153,42 +158,5 @@ def install(src, dest): } } -%typemap(in) char * const [] { - int i, size; - PyObject * s; - - if (!PySequence_Check($input)) { - PyErr_SetString(PyExc_ValueError, "Expected a sequence"); - return NULL; - } - - size = PySequence_Size($input); - - $1 = (char**) malloc(size + 1); - - for(i = 0; i < size; i++) { - if (!PyString_Check(PySequence_GetItem($input, i))) { - PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); - return NULL; - } - } - - for(i = 0; i < size; i++) { - s = PySequence_GetItem($input, i); - $1[i] = (char*) malloc(PyString_Size(s) + 1); - strcpy($1[i], PyString_AsString(s)); - } - $1[size] = NULL; -} - -%typemap(freearg,match="in") char * const [] { - int i = 0; - while($1[i]) { - free($1[i]); - i++; - } - free($1); -} - %include "selinuxswig_python_exception.i" %include "selinuxswig.i" diff --git a/libselinux/src/selinuxswig_ruby.i b/libselinux/src/selinuxswig_ruby.i index 12d63c4b1b29..51dacf877148 100644 --- a/libselinux/src/selinuxswig_ruby.i +++ b/libselinux/src/selinuxswig_ruby.i @@ -2,6 +2,11 @@ Based on selinuxswig_python.i by James Athey */ +/* Never build rpm_execcon interface */ +#ifndef DISABLE_RPM +#define DISABLE_RPM +#endif + %module selinux %{ #include "selinux/selinux.h" @@ -40,13 +45,4 @@ } } -%typemap(freearg,match="in") char * const [] { - int i = 0; - while($1[i]) { - free($1[i]); - i++; - } - free($1); -} - %include "selinuxswig.i"