Message ID | 20240115133607.10783-1-cgzones@googlemail.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 82195e77e317 |
Delegated to: | Petr Lautrbach |
Headers | show |
Series | libselinux: use reentrant strtok_r(3) | expand |
On Mon, Jan 15, 2024 at 8:45 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Use the reentrant version strtok_r(3) instead of strtok(3) to avoid > potential data races with concurrent threads. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libselinux/src/selinux_restorecon.c | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c > index 38f10f1c..acb729c8 100644 > --- a/libselinux/src/selinux_restorecon.c > +++ b/libselinux/src/selinux_restorecon.c > @@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void) > int index = 0, found = 0; > uint64_t nfile = 0; > char *mount_info[4]; > - char *buf = NULL, *item; > + char *buf = NULL, *item, *saveptr; > > /* Check to see if the kernel supports seclabel */ > if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) > @@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void) > while (getline(&buf, &len, fp) != -1) { > found = 0; > index = 0; > - item = strtok(buf, " "); > + saveptr = NULL; > + item = strtok_r(buf, " ", &saveptr); > while (item != NULL) { > mount_info[index] = item; > index++; > if (index == 4) > break; > - item = strtok(NULL, " "); > + item = strtok_r(NULL, " ", &saveptr); > } > if (index < 4) { > selinux_log(SELINUX_ERROR, > @@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void) > /* Remove pre-existing entry */ > remove_exclude(mount_info[1]); > > - item = strtok(mount_info[3], ","); > + saveptr = NULL; > + item = strtok_r(mount_info[3], ",", &saveptr); > while (item != NULL) { > if (strcmp(item, "seclabel") == 0) { > found = 1; > nfile += file_system_count(mount_info[1]); > break; > } > - item = strtok(NULL, ","); > + item = strtok_r(NULL, ",", &saveptr); > } > > /* Exclude mount points without the seclabel option */ > -- > 2.43.0 > >
On Tue, Jan 16, 2024 at 12:35 PM James Carter <jwcart2@gmail.com> wrote: > > On Mon, Jan 15, 2024 at 8:45 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Use the reentrant version strtok_r(3) instead of strtok(3) to avoid > > potential data races with concurrent threads. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libselinux/src/selinux_restorecon.c | 12 +++++++----- > > 1 file changed, 7 insertions(+), 5 deletions(-) > > > > diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c > > index 38f10f1c..acb729c8 100644 > > --- a/libselinux/src/selinux_restorecon.c > > +++ b/libselinux/src/selinux_restorecon.c > > @@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void) > > int index = 0, found = 0; > > uint64_t nfile = 0; > > char *mount_info[4]; > > - char *buf = NULL, *item; > > + char *buf = NULL, *item, *saveptr; > > > > /* Check to see if the kernel supports seclabel */ > > if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) > > @@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void) > > while (getline(&buf, &len, fp) != -1) { > > found = 0; > > index = 0; > > - item = strtok(buf, " "); > > + saveptr = NULL; > > + item = strtok_r(buf, " ", &saveptr); > > while (item != NULL) { > > mount_info[index] = item; > > index++; > > if (index == 4) > > break; > > - item = strtok(NULL, " "); > > + item = strtok_r(NULL, " ", &saveptr); > > } > > if (index < 4) { > > selinux_log(SELINUX_ERROR, > > @@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void) > > /* Remove pre-existing entry */ > > remove_exclude(mount_info[1]); > > > > - item = strtok(mount_info[3], ","); > > + saveptr = NULL; > > + item = strtok_r(mount_info[3], ",", &saveptr); > > while (item != NULL) { > > if (strcmp(item, "seclabel") == 0) { > > found = 1; > > nfile += file_system_count(mount_info[1]); > > break; > > } > > - item = strtok(NULL, ","); > > + item = strtok_r(NULL, ",", &saveptr); > > } > > > > /* Exclude mount points without the seclabel option */ > > -- > > 2.43.0 > > > >
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index 38f10f1c..acb729c8 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void) int index = 0, found = 0; uint64_t nfile = 0; char *mount_info[4]; - char *buf = NULL, *item; + char *buf = NULL, *item, *saveptr; /* Check to see if the kernel supports seclabel */ if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0) @@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void) while (getline(&buf, &len, fp) != -1) { found = 0; index = 0; - item = strtok(buf, " "); + saveptr = NULL; + item = strtok_r(buf, " ", &saveptr); while (item != NULL) { mount_info[index] = item; index++; if (index == 4) break; - item = strtok(NULL, " "); + item = strtok_r(NULL, " ", &saveptr); } if (index < 4) { selinux_log(SELINUX_ERROR, @@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void) /* Remove pre-existing entry */ remove_exclude(mount_info[1]); - item = strtok(mount_info[3], ","); + saveptr = NULL; + item = strtok_r(mount_info[3], ",", &saveptr); while (item != NULL) { if (strcmp(item, "seclabel") == 0) { found = 1; nfile += file_system_count(mount_info[1]); break; } - item = strtok(NULL, ","); + item = strtok_r(NULL, ",", &saveptr); } /* Exclude mount points without the seclabel option */
Use the reentrant version strtok_r(3) instead of strtok(3) to avoid potential data races with concurrent threads. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/src/selinux_restorecon.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)