| Message ID | 20210314201651.474432-2-nicolas.iooss@m4x.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/6] libsepol/cil: fix out-of-bound read of a file context pattern ending with "\" | expand |
On Sun, Mar 14, 2021 at 4:22 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > > cil_post_fc_fill_data() is not used outside of cil_post.c, and is not > exported in libsepol.so. Make it static, in order to ease the analysis > of static analyzers. > > While at it, make its path argument "const char*" and the fields of > "struct fc_data" "unsigned int" or "size_t", in order to make the types > better match the values. > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/cil/src/cil_post.c | 11 +++++++++-- > libsepol/cil/src/cil_post.h | 7 ------- > 2 files changed, 9 insertions(+), 9 deletions(-) > > diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c > index 5f9cf4efd242..783929e50df8 100644 > --- a/libsepol/cil/src/cil_post.c > +++ b/libsepol/cil/src/cil_post.c > @@ -27,6 +27,7 @@ > * either expressed or implied, of Tresys Technology, LLC. > */ > > +#include <stddef.h> > #include <stdlib.h> > #include <stdio.h> > #include <string.h> > @@ -50,6 +51,12 @@ > #define GEN_REQUIRE_ATTR "cil_gen_require" /* Also in libsepol/src/module_to_cil.c */ > #define TYPEATTR_INFIX "_typeattr_" /* Also in libsepol/src/module_to_cil.c */ > > +struct fc_data { > + unsigned int meta; > + size_t stem_len; > + size_t str_len; > +}; > + > static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db); > static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db); > > @@ -156,9 +163,9 @@ static int cil_verify_is_list(struct cil_list *list, enum cil_flavor flavor) > return CIL_TRUE; > } > > -void cil_post_fc_fill_data(struct fc_data *fc, char *path) > +static void cil_post_fc_fill_data(struct fc_data *fc, const char *path) > { > - int c = 0; > + size_t c = 0; > fc->meta = 0; > fc->stem_len = 0; > fc->str_len = 0; > diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h > index 3d5415486b77..b1d2206f9ef6 100644 > --- a/libsepol/cil/src/cil_post.h > +++ b/libsepol/cil/src/cil_post.h > @@ -30,13 +30,6 @@ > #ifndef CIL_POST_H_ > #define CIL_POST_H_ > > -struct fc_data { > - int meta; > - int stem_len; > - int str_len; > -}; > - > -void cil_post_fc_fill_data(struct fc_data *fc, char *path); > int cil_post_filecon_compare(const void *a, const void *b); > int cil_post_ibpkeycon_compare(const void *a, const void *b); > int cil_post_portcon_compare(const void *a, const void *b); > -- > 2.30.2 >
On Mon, Mar 15, 2021 at 10:03 PM James Carter <jwcart2@gmail.com> wrote: > > On Sun, Mar 14, 2021 at 4:22 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > > > > cil_post_fc_fill_data() is not used outside of cil_post.c, and is not > > exported in libsepol.so. Make it static, in order to ease the analysis > > of static analyzers. > > > > While at it, make its path argument "const char*" and the fields of > > "struct fc_data" "unsigned int" or "size_t", in order to make the types > > better match the values. > > > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> > > Acked-by: James Carter <jwcart2@gmail.com> I merged patches 2 to 6 of this series. Patch 1 still has discussions. Thanks, Nicolas > > --- > > libsepol/cil/src/cil_post.c | 11 +++++++++-- > > libsepol/cil/src/cil_post.h | 7 ------- > > 2 files changed, 9 insertions(+), 9 deletions(-) > > > > diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c > > index 5f9cf4efd242..783929e50df8 100644 > > --- a/libsepol/cil/src/cil_post.c > > +++ b/libsepol/cil/src/cil_post.c > > @@ -27,6 +27,7 @@ > > * either expressed or implied, of Tresys Technology, LLC. > > */ > > > > +#include <stddef.h> > > #include <stdlib.h> > > #include <stdio.h> > > #include <string.h> > > @@ -50,6 +51,12 @@ > > #define GEN_REQUIRE_ATTR "cil_gen_require" /* Also in libsepol/src/module_to_cil.c */ > > #define TYPEATTR_INFIX "_typeattr_" /* Also in libsepol/src/module_to_cil.c */ > > > > +struct fc_data { > > + unsigned int meta; > > + size_t stem_len; > > + size_t str_len; > > +}; > > + > > static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db); > > static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db); > > > > @@ -156,9 +163,9 @@ static int cil_verify_is_list(struct cil_list *list, enum cil_flavor flavor) > > return CIL_TRUE; > > } > > > > -void cil_post_fc_fill_data(struct fc_data *fc, char *path) > > +static void cil_post_fc_fill_data(struct fc_data *fc, const char *path) > > { > > - int c = 0; > > + size_t c = 0; > > fc->meta = 0; > > fc->stem_len = 0; > > fc->str_len = 0; > > diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h > > index 3d5415486b77..b1d2206f9ef6 100644 > > --- a/libsepol/cil/src/cil_post.h > > +++ b/libsepol/cil/src/cil_post.h > > @@ -30,13 +30,6 @@ > > #ifndef CIL_POST_H_ > > #define CIL_POST_H_ > > > > -struct fc_data { > > - int meta; > > - int stem_len; > > - int str_len; > > -}; > > - > > -void cil_post_fc_fill_data(struct fc_data *fc, char *path); > > int cil_post_filecon_compare(const void *a, const void *b); > > int cil_post_ibpkeycon_compare(const void *a, const void *b); > > int cil_post_portcon_compare(const void *a, const void *b); > > -- > > 2.30.2 > >
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index 5f9cf4efd242..783929e50df8 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -27,6 +27,7 @@ * either expressed or implied, of Tresys Technology, LLC. */ +#include <stddef.h> #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -50,6 +51,12 @@ #define GEN_REQUIRE_ATTR "cil_gen_require" /* Also in libsepol/src/module_to_cil.c */ #define TYPEATTR_INFIX "_typeattr_" /* Also in libsepol/src/module_to_cil.c */ +struct fc_data { + unsigned int meta; + size_t stem_len; + size_t str_len; +}; + static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db); static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db); @@ -156,9 +163,9 @@ static int cil_verify_is_list(struct cil_list *list, enum cil_flavor flavor) return CIL_TRUE; } -void cil_post_fc_fill_data(struct fc_data *fc, char *path) +static void cil_post_fc_fill_data(struct fc_data *fc, const char *path) { - int c = 0; + size_t c = 0; fc->meta = 0; fc->stem_len = 0; fc->str_len = 0; diff --git a/libsepol/cil/src/cil_post.h b/libsepol/cil/src/cil_post.h index 3d5415486b77..b1d2206f9ef6 100644 --- a/libsepol/cil/src/cil_post.h +++ b/libsepol/cil/src/cil_post.h @@ -30,13 +30,6 @@ #ifndef CIL_POST_H_ #define CIL_POST_H_ -struct fc_data { - int meta; - int stem_len; - int str_len; -}; - -void cil_post_fc_fill_data(struct fc_data *fc, char *path); int cil_post_filecon_compare(const void *a, const void *b); int cil_post_ibpkeycon_compare(const void *a, const void *b); int cil_post_portcon_compare(const void *a, const void *b);
cil_post_fc_fill_data() is not used outside of cil_post.c, and is not exported in libsepol.so. Make it static, in order to ease the analysis of static analyzers. While at it, make its path argument "const char*" and the fields of "struct fc_data" "unsigned int" or "size_t", in order to make the types better match the values. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> --- libsepol/cil/src/cil_post.c | 11 +++++++++-- libsepol/cil/src/cil_post.h | 7 ------- 2 files changed, 9 insertions(+), 9 deletions(-)