| Message ID | 20200824134416.331220-1-chpebeni@linux.microsoft.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2,1/1] libselinux: Remove trailing slash on selabel_file lookups. | expand |
On Mon, Aug 24, 2020 at 9:45 AM Chris PeBenito <chpebeni@linux.microsoft.com> wrote: > > Having a trailing slash on a file lookup, e.g. "/some/path/", can > cause a different result, for example, when file contexts are written to have > the directory have a different label than the contents. This is inconsistent > with normal Linux behaviors where trailing slashes are ignored. > > Many callers already strip the trailing slash before the lookup or users > revise the file contexts to work around this. This fixes it comprehensively. > > v2: fix length issues > > Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
On Mon, Aug 24, 2020 at 10:55 AM Stephen Smalley <stephen.smalley.work@gmail.com> wrote: > > On Mon, Aug 24, 2020 at 9:45 AM Chris PeBenito > <chpebeni@linux.microsoft.com> wrote: > > > > Having a trailing slash on a file lookup, e.g. "/some/path/", can > > cause a different result, for example, when file contexts are written to have > > the directory have a different label than the contents. This is inconsistent > > with normal Linux behaviors where trailing slashes are ignored. > > > > Many callers already strip the trailing slash before the lookup or users > > revise the file contexts to work around this. This fixes it comprehensively. > > > > v2: fix length issues > > > > Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com> > > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Applied.
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 412904d1..6eeeea68 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -854,6 +854,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, struct saved_data *data = (struct saved_data *)rec->data; struct spec *spec_arr = data->spec_arr; int i, rc, file_stem; + size_t len; mode_t mode = (mode_t)type; char *clean_key = NULL; const char *prev_slash, *next_slash; @@ -894,6 +895,27 @@ static const struct spec **lookup_all(struct selabel_handle *rec, key = clean_key; } + /* remove trailing slash */ + len = strlen(key); + if (len == 0) { + errno = EINVAL; + goto finish; + } + + if (key[len - 1] == '/') { + /* reuse clean_key from above if available */ + if (!clean_key) { + clean_key = (char *) malloc(len); + if (!clean_key) + goto finish; + + strncpy(clean_key, key, len - 1); + } + + clean_key[len - 1] = '\0'; + key = clean_key; + } + sub = selabel_sub_key(data, key); if (sub) key = sub;
Having a trailing slash on a file lookup, e.g. "/some/path/", can cause a different result, for example, when file contexts are written to have the directory have a different label than the contents. This is inconsistent with normal Linux behaviors where trailing slashes are ignored. Many callers already strip the trailing slash before the lookup or users revise the file contexts to work around this. This fixes it comprehensively. v2: fix length issues Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com> --- libselinux/src/label_file.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)