@@ -7,7 +7,6 @@
#ifndef DISABLE_BOOL
-#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
@@ -147,7 +146,7 @@ out:
static int bool_open(const char *name, int flag) {
char *fname = NULL;
char *alt_name = NULL;
- int len;
+ size_t len;
int fd = -1;
int ret;
char *ptr;
@@ -164,9 +163,8 @@ static int bool_open(const char *name, int flag) {
return -1;
ret = snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
- if (ret < 0)
+ if (ret < 0 || (size_t)ret >= len)
goto out;
- assert(ret < len);
fd = open(fname, flag);
if (fd >= 0 || errno != ENOENT)
@@ -184,9 +182,8 @@ static int bool_open(const char *name, int flag) {
fname = ptr;
ret = snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, alt_name);
- if (ret < 0)
+ if (ret < 0 || (size_t)ret >= len)
goto out;
- assert(ret < len);
fd = open(fname, flag);
out:
@@ -23,8 +23,12 @@ int security_get_initial_context_raw(const char * name, char ** con)
return -1;
}
- snprintf(path, sizeof path, "%s%s%s",
- selinux_mnt, SELINUX_INITCON_DIR, name);
+ ret = snprintf(path, sizeof path, "%s%s%s", selinux_mnt, SELINUX_INITCON_DIR, name);
+ if (ret < 0 || (size_t)ret >= sizeof path) {
+ errno = EOVERFLOW;
+ return -1;
+ }
+
fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd < 0)
return -1;
@@ -82,7 +82,10 @@ static struct discover_class_node * discover_class(const char *s)
goto err2;
/* load up class index */
- snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s);
+ ret = snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s);
+ if (ret < 0 || (size_t)ret >= sizeof path)
+ goto err3;
+
fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd < 0)
goto err3;
@@ -97,7 +100,10 @@ static struct discover_class_node * discover_class(const char *s)
goto err3;
/* load up permission indices */
- snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s);
+ ret = snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s);
+ if (ret < 0 || (size_t)ret >= sizeof path)
+ goto err3;
+
dir = opendir(path);
if (dir == NULL)
goto err3;
@@ -107,7 +113,10 @@ static struct discover_class_node * discover_class(const char *s)
unsigned int value;
struct stat m;
- snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
+ ret = snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
+ if (ret < 0 || (size_t)ret >= sizeof path)
+ goto err4;
+
fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd < 0)
goto err4;
Bail out if computed paths based on user input are being truncated, to avoid wrong files to be opened. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- v2: - drop now obsolete assert(3) statements - use size_t as type for length variables --- libselinux/src/booleans.c | 9 +++------ libselinux/src/get_initial_context.c | 8 ++++++-- libselinux/src/stringrep.c | 15 ++++++++++++--- 3 files changed, 21 insertions(+), 11 deletions(-)