| Message ID | 20220331144653.31178-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | libselinux/utils: check for valid contexts to improve error causes | expand |
On Fri, Apr 1, 2022 at 11:38 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Return more detailed error messages when the supplied contexts are > invalid. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > libselinux/utils/compute_av.c | 10 ++++++++++ > libselinux/utils/compute_create.c | 12 +++++++++++- > libselinux/utils/compute_member.c | 12 +++++++++++- > libselinux/utils/compute_relabel.c | 10 ++++++++++ > libselinux/utils/getdefaultcon.c | 5 +++++ > libselinux/utils/selinuxexeccon.c | 6 +++++- > libselinux/utils/validatetrans.c | 10 ++++++++++ > 7 files changed, 62 insertions(+), 3 deletions(-) > > diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c > index df4a77e8..ef08338f 100644 > --- a/libselinux/utils/compute_av.c > +++ b/libselinux/utils/compute_av.c > @@ -17,6 +17,16 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c > index 449ccd90..63029c19 100644 > --- a/libselinux/utils/compute_create.c > +++ b/libselinux/utils/compute_create.c > @@ -17,9 +17,19 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > - fprintf(stderr, "Invalid class '%s'\n", argv[3]); > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > exit(2); > } > > diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c > index c6dad19e..1ef47c25 100644 > --- a/libselinux/utils/compute_member.c > +++ b/libselinux/utils/compute_member.c > @@ -17,9 +17,19 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > - fprintf(stderr, "Invalid class '%s'\n", argv[3]); > + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > exit(2); > } > > diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c > index 85c760bc..f6a957da 100644 > --- a/libselinux/utils/compute_relabel.c > +++ b/libselinux/utils/compute_relabel.c > @@ -17,6 +17,16 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); > diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c > index 957c1cb2..590e98d9 100644 > --- a/libselinux/utils/getdefaultcon.c > +++ b/libselinux/utils/getdefaultcon.c > @@ -68,6 +68,11 @@ int main(int argc, char **argv) > } else > cur_context = argv[optind + 1]; > > + if (security_check_context(cur_context)) { > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context); > + return 3; > + } > + > if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) { > if (! level) level=dlevel; > if (role != NULL && role[0]) > diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c > index b50e7886..66754b6a 100644 > --- a/libselinux/utils/selinuxexeccon.c > +++ b/libselinux/utils/selinuxexeccon.c > @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d > exit(rc); > } > > -static char * get_selinux_proc_context(const char *command, char * execcon) { > +static char * get_selinux_proc_context(const char *command, const char * execcon) { > char * fcon = NULL, *newcon = NULL; > > int ret = getfilecon(command, &fcon); > @@ -43,6 +43,10 @@ int main(int argc, char **argv) > } > } else { > con = strdup(argv[2]); > + if (security_check_context(con)) { > + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con); > + return -1; > + } > } > > proccon = get_selinux_proc_context(argv[1], con); > diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c > index 1db33e66..9aa03e62 100644 > --- a/libselinux/utils/validatetrans.c > +++ b/libselinux/utils/validatetrans.c > @@ -17,6 +17,16 @@ int main(int argc, char **argv) > exit(1); > } > > + if (security_check_context(argv[1])) { > + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); > + exit(4); > + } > + > + if (security_check_context(argv[2])) { > + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); > + exit(5); > + } > + > tclass = string_to_security_class(argv[3]); > if (!tclass) { > fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); You should check that argv[4] is a valid context as well. Everything else looks good. Jim > -- > 2.35.1 >
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c index df4a77e8..ef08338f 100644 --- a/libselinux/utils/compute_av.c +++ b/libselinux/utils/compute_av.c @@ -17,6 +17,16 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c index 449ccd90..63029c19 100644 --- a/libselinux/utils/compute_create.c +++ b/libselinux/utils/compute_create.c @@ -17,9 +17,19 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { - fprintf(stderr, "Invalid class '%s'\n", argv[3]); + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); exit(2); } diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c index c6dad19e..1ef47c25 100644 --- a/libselinux/utils/compute_member.c +++ b/libselinux/utils/compute_member.c @@ -17,9 +17,19 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { - fprintf(stderr, "Invalid class '%s'\n", argv[3]); + fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); exit(2); } diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c index 85c760bc..f6a957da 100644 --- a/libselinux/utils/compute_relabel.c +++ b/libselinux/utils/compute_relabel.c @@ -17,6 +17,16 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]); diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c index 957c1cb2..590e98d9 100644 --- a/libselinux/utils/getdefaultcon.c +++ b/libselinux/utils/getdefaultcon.c @@ -68,6 +68,11 @@ int main(int argc, char **argv) } else cur_context = argv[optind + 1]; + if (security_check_context(cur_context)) { + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], cur_context); + return 3; + } + if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) { if (! level) level=dlevel; if (role != NULL && role[0]) diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c index b50e7886..66754b6a 100644 --- a/libselinux/utils/selinuxexeccon.c +++ b/libselinux/utils/selinuxexeccon.c @@ -16,7 +16,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d exit(rc); } -static char * get_selinux_proc_context(const char *command, char * execcon) { +static char * get_selinux_proc_context(const char *command, const char * execcon) { char * fcon = NULL, *newcon = NULL; int ret = getfilecon(command, &fcon); @@ -43,6 +43,10 @@ int main(int argc, char **argv) } } else { con = strdup(argv[2]); + if (security_check_context(con)) { + fprintf(stderr, "%s: invalid from context '%s'\n", argv[0], con); + return -1; + } } proccon = get_selinux_proc_context(argv[1], con); diff --git a/libselinux/utils/validatetrans.c b/libselinux/utils/validatetrans.c index 1db33e66..9aa03e62 100644 --- a/libselinux/utils/validatetrans.c +++ b/libselinux/utils/validatetrans.c @@ -17,6 +17,16 @@ int main(int argc, char **argv) exit(1); } + if (security_check_context(argv[1])) { + fprintf(stderr, "%s: invalid source context '%s'\n", argv[0], argv[1]); + exit(4); + } + + if (security_check_context(argv[2])) { + fprintf(stderr, "%s: invalid target context '%s'\n", argv[0], argv[2]); + exit(5); + } + tclass = string_to_security_class(argv[3]); if (!tclass) { fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
Return more detailed error messages when the supplied contexts are invalid. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/utils/compute_av.c | 10 ++++++++++ libselinux/utils/compute_create.c | 12 +++++++++++- libselinux/utils/compute_member.c | 12 +++++++++++- libselinux/utils/compute_relabel.c | 10 ++++++++++ libselinux/utils/getdefaultcon.c | 5 +++++ libselinux/utils/selinuxexeccon.c | 6 +++++- libselinux/utils/validatetrans.c | 10 ++++++++++ 7 files changed, 62 insertions(+), 3 deletions(-)