diff mbox series

[1/5] libselinux: set errno in failure case

Message ID 20250115131329.132477-5-cgoettsche@seltendoof.de (mailing list archive)
State New
Headers show
Series [1/5] libselinux: set errno in failure case | expand

Commit Message

Christian Göttsche Jan. 15, 2025, 1:13 p.m. UTC 
From: Christian Göttsche <cgzones@googlemail.com>

In case an entry read from a textual fcontext definition is too long set
errno and the error string accordingly.

Fixes: 92306daf ("libselinux: rework selabel_file(5) database")
Reported-by: oss-fuzz (issue 389974971)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/label_support.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
index 978ba828..57e191c8 100644
--- a/libselinux/src/label_support.c
+++ b/libselinux/src/label_support.c
@@ -45,8 +45,11 @@  static inline int read_spec_entry(char **entry, const char **ptr, size_t *len, c
 	}
 
 	if (*len) {
-		if (*len >= UINT16_MAX)
+		if (*len >= UINT16_MAX) {
+			errno = EINVAL;
+			*errbuf = "Spec entry too long";
 			return -1;
+		}
 
 		*entry = strndup(tmp_buf, *len);
 		if (!*entry)