[26/47] libsemanage: more strict value parsing

Message ID	20241111141706.38039-26-cgoettsche@seltendoof.de (mailing list archive)
State	New
Delegated to:	Petr Lautrbach
Headers	show Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E03271A0739 for <selinux@vger.kernel.org>; Mon, 11 Nov 2024 14:17:22 +0000 (UTC) From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgoettsche@seltendoof.de> To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> Subject: [PATCH 26/47] libsemanage: more strict value parsing Date: Mon, 11 Nov 2024 15:16:45 +0100 Message-ID: <20241111141706.38039-26-cgoettsche@seltendoof.de> In-Reply-To: <20241111141706.38039-1-cgoettsche@seltendoof.de> References: <20241111141706.38039-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	[01/47] libsemanage: white space cleanup \| expand [01/47] libsemanage: white space cleanup [02/47] libsemanage: fix typo [03/47] libsemanage: drop unused macro [04/47] libsemanage: drop dead assignments [05/47] libsemanage: drop dead variable [06/47] libsemanage: drop unnecessary declarations [07/47] libsemanage: drop unnecessary return statements [08/47] libsemanage: drop duplicate include [09/47] libsemanage: drop const from function declaration [10/47] libsemanage: set O_CLOEXEC flag for file descriptors [11/47] libsemanage: check memory allocations [12/47] libsemanage: use unlink on non directory [13/47] libsemanage: free resources on failed connect attempt [14/47] libsemanage: declare file local function tables static [15/47] libsemanage: avoid const dropping casts [16/47] libsemanage: cast to unsigned char for character checking functions [17/47] libsemanage: drop casts to same type [18/47] libsemanage: fix asprintf error branch [19/47] libsemanage: avoid leak on realloc failure [20/47] libsemanage: use strtok_r for thread safety [21/47] libsemanage: handle cil_set_handle_unknown() failure [22/47] libsemanage: free ibdev names in semanage_ibendport_validate_local() [23/47] libsemanage: simplify malloc plus strcpy via strndup [24/47] libsemanage: check for path formatting failures [25/47] libsemanage: introduce write_full wrapper [26/47] libsemanage: more strict value parsing [27/47] libsemanage: constify function pointer structures [28/47] libsemanage: simplify loop exit [29/47] libsemanage: constify read only parameters and variables [30/47] libsemanage: avoid misc function pointer casts [31/47] libsemanage: adjust sizes to avoid implicit truncations [32/47] libsemanage: use asprintf(3) to simplify code [33/47] libsemanage: use size_t for hash input sizes [34/47] libsemanage: drop macros used once [35/47] libsemanage: handle shell allocation failure [36/47] libsemanage: drop dead code [37/47] libsemanage: preserve errno during internal logging [38/47] libsemanage: avoid strerror(3) [39/47] libsemanage: avoid writing directly to stderr [40/47] libsemanage: drop duplicate newlines and error descriptions in error messages [41/47] libsemanage: check closing written files [42/47] libsemanage: simplify file deletion [43/47] libsemanage: optimize policy by default [44/47] libsemanage/man: add documentation for command overrides [45/47] libsemanage: skip sort of empty arrays [46/47] libsemanage: respect shell paths with /usr prefix [47/47] libsemanage/tests: misc cleanup

Message ID

20241111141706.38039-26-cgoettsche@seltendoof.de (mailing list archive)

State

New

Delegated to:

Petr Lautrbach

Headers

From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgoettsche@seltendoof.de>
To: selinux@vger.kernel.org
Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
Subject: [PATCH 26/47] libsemanage: more strict value parsing
Date: Mon, 11 Nov 2024 15:16:45 +0100
Message-ID: <20241111141706.38039-26-cgoettsche@seltendoof.de>
In-Reply-To: <20241111141706.38039-1-cgoettsche@seltendoof.de>
References: <20241111141706.38039-1-cgoettsche@seltendoof.de>
Reply-To: cgzones@googlemail.com
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

[01/47] libsemanage: white space cleanup | expand

Commit Message

Christian Göttsche Nov. 11, 2024, 2:16 p.m. UTC

From: Christian Göttsche <cgzones@googlemail.com>

Be more strict when parsing values from semanage.conf, especially
numeric ones.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/conf-parse.y | 44 ++++++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 12 deletions(-)

diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index 9c806fdd..83aa3402 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -26,6 +26,7 @@ 
 #include <selinux/selinux.h>
 #include <semanage/handle.h>
 
+#include <errno.h>
 #include <unistd.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -139,13 +140,15 @@  ignore_module_cache:	IGNORE_MODULE_CACHE '=' ARG  {
         ;
 
 version:        VERSION '=' ARG  {
-                        current_conf->policyvers = atoi($3);
+                        char *endptr;
+                        long value;
+                        errno = 0;
+                        value = strtol($3, &endptr, 10);
+                        if (*endptr != '\0' || errno != 0 || value < sepol_policy_kern_vers_min() || value > sepol_policy_kern_vers_max())
+                                yyerror("policy-version must be a valid policy version");
+                        else
+                                current_conf->policyvers = value;
                         free($3);
-                        if (current_conf->policyvers < sepol_policy_kern_vers_min() ||
-                            current_conf->policyvers > sepol_policy_kern_vers_max()) {
-                                parse_errors++;
-                                YYABORT;
-                        }
                 }
         ;
 
@@ -162,13 +165,27 @@  target_platform: TARGET_PLATFORM '=' ARG  {
         ;
 
 expand_check:   EXPAND_CHECK '=' ARG  {
-                        current_conf->expand_check = atoi($3);
+                        char *endptr;
+                        long value;
+                        errno = 0;
+                        value = strtol($3, &endptr, 10);
+                        if (*endptr != '\0' || errno != 0 || (value != 0 && value != 1))
+                                yyerror("expand-check can only be '1' or '0'");
+                        else
+                                current_conf->expand_check = value;
                         free($3);
                 }
         ;
 
 file_mode:   FILE_MODE '=' ARG  {
-                        current_conf->file_mode = strtoul($3, NULL, 8);
+                        char *endptr;
+                        long value;
+                        errno = 0;
+                        value = strtol($3, &endptr, 8);
+                        if (*endptr != '\0' || errno != 0 || value < 0 || value > 0777)
+                                yyerror("file-mode must be a valid permission mode");
+                        else
+                                current_conf->file_mode = value;
                         free($3);
                 }
         ;
@@ -239,12 +256,15 @@  handle_unknown: HANDLE_UNKNOWN '=' ARG {
  }
 
 bzip_blocksize:  BZIP_BLOCKSIZE '=' ARG {
-	int blocksize = atoi($3);
-	free($3);
-	if (blocksize > 9)
+	char *endptr;
+	long value;
+	errno = 0;
+	value = strtol($3, &endptr, 10);
+	if (*endptr != '\0' || errno != 0 || value < 0 || value > 9)
 		yyerror("bzip-blocksize can only be in the range 0-9");
 	else
-		current_conf->bzip_blocksize = blocksize;
+		current_conf->bzip_blocksize = value;
+	free($3);
 }
 
 bzip_small:  BZIP_SMALL '=' ARG {

[26/47] libsemanage: more strict value parsing

Commit Message

Patch