From patchwork Sun Sep 1 18:06:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125607 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 004B714DE for ; Sun, 1 Sep 2019 18:06:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DD90E22CF7 for ; Sun, 1 Sep 2019 18:06:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728982AbfIASGy (ORCPT ); Sun, 1 Sep 2019 14:06:54 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:39235 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728952AbfIASGy (ORCPT ); Sun, 1 Sep 2019 14:06:54 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 54449564880 for ; Sun, 1 Sep 2019 20:06:52 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 1/9] semodule-utils: fix comparison with argc Date: Sun, 1 Sep 2019 20:06:28 +0200 Message-Id: <20190901180636.31586-2-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:52 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=9508B564884 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In order for argv[3] to be used, argc needs to be at least 4, not 3. This bug was found using lgtm.com analyzer: https://lgtm.com/projects/g/fishilico/selinux-for-lgtm/snapshot/8c1b2658f80392ff8b3532c6bd5d0cefac8afb30/files/semodule-utils/semodule_package/semodule_unpackage.c?sort=name&dir=ASC&mode=heatmap#xb1ce80b43260d34c:1 Signed-off-by: Nicolas Iooss --- semodule-utils/semodule_package/semodule_unpackage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/semodule-utils/semodule_package/semodule_unpackage.c b/semodule-utils/semodule_package/semodule_unpackage.c index c9124c0f5ac1..b8c4fbcec434 100644 --- a/semodule-utils/semodule_package/semodule_unpackage.c +++ b/semodule-utils/semodule_package/semodule_unpackage.c @@ -55,7 +55,7 @@ int main(int argc, char **argv) ppfile = argv[1]; modfile = argv[2]; - if (argc >= 3) + if (argc >= 4) fcfile = argv[3]; if (file_to_policy_file(ppfile, &in, "r")) From patchwork Sun Sep 1 18:06:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125609 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4E3A917E0 for ; Sun, 1 Sep 2019 18:06:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2AAD12190F for ; Sun, 1 Sep 2019 18:06:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729064AbfIASGz (ORCPT ); Sun, 1 Sep 2019 14:06:55 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:42406 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729036AbfIASGz (ORCPT ); Sun, 1 Sep 2019 14:06:55 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 26CE7564880 for ; Sun, 1 Sep 2019 20:06:53 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 2/9] libsepol/cil: help static analyzers by aborting when an allocation fails Date: Sun, 1 Sep 2019 20:06:29 +0200 Message-Id: <20190901180636.31586-3-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:53 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=4D800564884 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When allocating memory with cil_* helpers, if malloc/calloc/realloc/... failed, (*cil_mem_error_handler)() is called. Implementations of this function are expected not to return to the caller, and the default one calls exit(1) to ensure this. In order for static analyzers to find out that cil_malloc/cil_realloc/... never returns a NULL pointer when failing to allocate some memory, introduce a call to abort(). This decreases the number of false positive warnings about null pointer dereferences reported by Infer static analyzer. Signed-off-by: Nicolas Iooss --- libsepol/cil/src/cil_mem.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libsepol/cil/src/cil_mem.c b/libsepol/cil/src/cil_mem.c index 12c59be21914..885431d8a8fd 100644 --- a/libsepol/cil/src/cil_mem.c +++ b/libsepol/cil/src/cil_mem.c @@ -55,6 +55,7 @@ void *cil_malloc(size_t size) return NULL; } (*cil_mem_error_handler)(); + abort(); } return mem; @@ -65,6 +66,7 @@ void *cil_calloc(size_t num_elements, size_t element_size) void *mem = calloc(num_elements, element_size); if (mem == NULL){ (*cil_mem_error_handler)(); + abort(); } return mem; @@ -78,6 +80,7 @@ void *cil_realloc(void *ptr, size_t size) return NULL; } (*cil_mem_error_handler)(); + abort(); } return mem; @@ -95,6 +98,7 @@ char *cil_strdup(const char *str) mem = strdup(str); if (mem == NULL) { (*cil_mem_error_handler)(); + abort(); } return mem; @@ -111,6 +115,7 @@ __attribute__ ((format (printf, 2, 3))) int cil_asprintf(char **strp, const char if (rc == -1) { (*cil_mem_error_handler)(); + abort(); } return rc; From patchwork Sun Sep 1 18:06:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125611 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7A2B117EF for ; Sun, 1 Sep 2019 18:06:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5712B2190F for ; Sun, 1 Sep 2019 18:06:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729036AbfIASG4 (ORCPT ); Sun, 1 Sep 2019 14:06:56 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:45210 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728952AbfIASGz (ORCPT ); Sun, 1 Sep 2019 14:06:55 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id BF6B9564884 for ; Sun, 1 Sep 2019 20:06:53 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 3/9] libsepol: do not dereference a failed allocated pointer Date: Sun, 1 Sep 2019 20:06:30 +0200 Message-Id: <20190901180636.31586-4-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:53 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000004, queueID=DF0C4564880 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When strs_stack_init(&stack) fails to allocate memory and stack is still NULL, it should not be dereferenced with strs_stack_pop(stack). This issue has been found using Infer static analyzer. Signed-off-by: Nicolas Iooss --- libsepol/src/kernel_to_cil.c | 8 +++++--- libsepol/src/kernel_to_conf.c | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index 320af37b2bc8..9fcc254707ba 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -108,10 +108,12 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr) return str; exit: - while ((new_val = strs_stack_pop(stack)) != NULL) { - free(new_val); + if (stack) { + while ((new_val = strs_stack_pop(stack)) != NULL) { + free(new_val); + } + strs_stack_destroy(&stack); } - strs_stack_destroy(&stack); return NULL; } diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 930bafabdd4b..2c8da49a11ab 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -106,10 +106,12 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr) return str; exit: - while ((new_val = strs_stack_pop(stack)) != NULL) { - free(new_val); + if (stack != NULL) { + while ((new_val = strs_stack_pop(stack)) != NULL) { + free(new_val); + } + strs_stack_destroy(&stack); } - strs_stack_destroy(&stack); return NULL; } From patchwork Sun Sep 1 18:06:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125613 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 292BC14DE for ; Sun, 1 Sep 2019 18:06:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0680B2190F for ; Sun, 1 Sep 2019 18:06:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729073AbfIASG4 (ORCPT ); Sun, 1 Sep 2019 14:06:56 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:47685 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729070AbfIASG4 (ORCPT ); Sun, 1 Sep 2019 14:06:56 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 5A3E6564880 for ; Sun, 1 Sep 2019 20:06:54 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 4/9] libsepol: do not dereference scope if it can be NULL Date: Sun, 1 Sep 2019 20:06:31 +0200 Message-Id: <20190901180636.31586-5-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:54 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000050, queueID=78AE0564884 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Doing this looks wrong: len = scope->decl_ids_len; if (scope == NULL) { /* ... */ Move the dereferencing of scope after the NULL check. This issue has been found using Infer static analyzer. Signed-off-by: Nicolas Iooss --- libsepol/src/avrule_block.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c index 5a873af4a864..a9832d0d118f 100644 --- a/libsepol/src/avrule_block.c +++ b/libsepol/src/avrule_block.c @@ -157,7 +157,7 @@ int is_id_enabled(char *id, policydb_t * p, int symbol_table) scope_datum_t *scope = (scope_datum_t *) hashtab_search(p->scope[symbol_table].table, id); avrule_decl_t *decl; - uint32_t len = scope->decl_ids_len; + uint32_t len; if (scope == NULL) { return 0; @@ -166,6 +166,7 @@ int is_id_enabled(char *id, policydb_t * p, int symbol_table) return 0; } + len = scope->decl_ids_len; if (len < 1) { return 0; } From patchwork Sun Sep 1 18:06:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125615 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6465C17EF for ; Sun, 1 Sep 2019 18:06:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 43BEA2190F for ; Sun, 1 Sep 2019 18:06:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729070AbfIASG4 (ORCPT ); Sun, 1 Sep 2019 14:06:56 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:46151 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729071AbfIASG4 (ORCPT ); Sun, 1 Sep 2019 14:06:56 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id E0C5C564884 for ; Sun, 1 Sep 2019 20:06:54 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 5/9] libsepol: reset *p to NULL if sepol_module_package_create fails Date: Sun, 1 Sep 2019 20:06:32 +0200 Message-Id: <20190901180636.31586-6-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:55 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=0D17E564880 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org semodule-utils/semodule_link/semodule_link.c contains: static sepol_module_package_t *load_module(char *filename) { /* ... */ if (sepol_module_package_create(&p)) { /* ... */ goto bad; /* ... */ bad: sepol_module_package_free(p); When sepol_module_package_create() fails while having successfully allocated p, it currently frees p without setting it back to NULL. This causes a use-after-free in load_module(). Prevent this use-after-free by setting sepol_module_package_create's argument back to NULL when an error happens. This issue has been found using Infer static analyzer. Signed-off-by: Nicolas Iooss --- libsepol/src/module.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libsepol/src/module.c b/libsepol/src/module.c index 219355f30d27..3b8a0a59ca68 100644 --- a/libsepol/src/module.c +++ b/libsepol/src/module.c @@ -124,8 +124,10 @@ int sepol_module_package_create(sepol_module_package_t ** p) return -1; rc = module_package_init(*p); - if (rc < 0) + if (rc < 0) { free(*p); + *p = NULL; + } return rc; } From patchwork Sun Sep 1 18:06:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125617 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 690C614DE for ; Sun, 1 Sep 2019 18:06:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4A46022CF7 for ; Sun, 1 Sep 2019 18:06:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729077AbfIASG5 (ORCPT ); Sun, 1 Sep 2019 14:06:57 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:59543 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728952AbfIASG5 (ORCPT ); Sun, 1 Sep 2019 14:06:57 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 7900C564880 for ; Sun, 1 Sep 2019 20:06:55 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 6/9] libsepol/cil: do not dereference perm_value_to_cil when it has not been allocated Date: Sun, 1 Sep 2019 20:06:33 +0200 Message-Id: <20190901180636.31586-7-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:55 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000072, queueID=9BAD2564884 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When one of the first allocations of cil_binary_create_allocated_pdb() fails, the exit label dereferences the items of array perm_value_to_cil even though it could be still NULL. This issue has been found using clang's static analyzer: https://327-118970575-gh.circle-artifacts.com/0/output-scan-build/2019-08-05-203459-6149-1/report-febf85.html#EndPath Signed-off-by: Nicolas Iooss --- libsepol/cil/src/cil_binary.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 77ffc36f20ff..c882d5b74226 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -5043,11 +5043,13 @@ exit: hashtab_destroy(avrulex_ioctl_table); free(type_value_to_cil); free(class_value_to_cil); - /* Range is because libsepol values start at 1. */ - for (i=1; i < db->num_classes+1; i++) { - free(perm_value_to_cil[i]); + if (perm_value_to_cil != NULL) { + /* Range is because libsepol values start at 1. */ + for (i=1; i < db->num_classes+1; i++) { + free(perm_value_to_cil[i]); + } + free(perm_value_to_cil); } - free(perm_value_to_cil); cil_list_destroy(&neverallows, CIL_FALSE); return rc; From patchwork Sun Sep 1 18:06:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125619 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9F6CE17EF for ; Sun, 1 Sep 2019 18:06:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 88B9822CF7 for ; Sun, 1 Sep 2019 18:06:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729078AbfIASG6 (ORCPT ); Sun, 1 Sep 2019 14:06:58 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:47685 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729071AbfIASG5 (ORCPT ); Sun, 1 Sep 2019 14:06:57 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 219E4564880 for ; Sun, 1 Sep 2019 20:06:56 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 7/9] python/chcat: remove unnecessary assignment Date: Sun, 1 Sep 2019 20:06:34 +0200 Message-Id: <20190901180636.31586-8-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:56 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000001, queueID=518F1564884 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org chcat_add() defines variable cmd twice before calling subprocess.check_call(cmd, ...). Remove the first definition. This bug was found using lgtm.com analyzer: https://lgtm.com/projects/g/SELinuxProject/selinux/snapshot/eac5e661ca7300800000496fe13985286af70c6d/files/python/chcat/chcat?sort=name&dir=ASC&mode=heatmap#L118 Signed-off-by: Nicolas Iooss --- python/chcat/chcat | 1 - 1 file changed, 1 deletion(-) diff --git a/python/chcat/chcat b/python/chcat/chcat index ba398684376d..fdd2e46ee3f9 100755 --- a/python/chcat/chcat +++ b/python/chcat/chcat @@ -115,7 +115,6 @@ def chcat_add(orig, newcat, objects, login_ind): errors = 0 sensitivity = newcat[0] cat = newcat[1] - cmd = 'chcon -l %s' % sensitivity for f in objects: (rc, c) = selinux.getfilecon(f) con = c.split(":")[3:] From patchwork Sun Sep 1 18:06:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125621 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2C96817E0 for ; Sun, 1 Sep 2019 18:06:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1613422CF7 for ; Sun, 1 Sep 2019 18:06:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729071AbfIASG6 (ORCPT ); Sun, 1 Sep 2019 14:06:58 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:46151 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729074AbfIASG6 (ORCPT ); Sun, 1 Sep 2019 14:06:58 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id C865B564884 for ; Sun, 1 Sep 2019 20:06:56 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 8/9] python/sepolicy: remove unnecessary pass statement Date: Sun, 1 Sep 2019 20:06:35 +0200 Message-Id: <20190901180636.31586-9-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:57 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=F3AD9564880 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org This issue has been found using lgtm.com analyzer: https://lgtm.com/projects/g/SELinuxProject/selinux/snapshot/eac5e661ca7300800000496fe13985286af70c6d/files/python/sepolicy/sepolicy/__init__.py?sort=name&dir=ASC&mode=heatmap#x9f8225117f52fb01:1 Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy/__init__.py | 1 - 1 file changed, 1 deletion(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index 6aed31bddf1e..e4540977d042 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -539,7 +539,6 @@ def find_file(reg): path += "/" except IndexError: print("try failed got an IndexError") - pass try: pat = re.compile(r"%s$" % reg) From patchwork Sun Sep 1 18:06:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11125623 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BC1A817EF for ; Sun, 1 Sep 2019 18:06:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9B5BE22CF7 for ; Sun, 1 Sep 2019 18:06:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729087AbfIASG7 (ORCPT ); Sun, 1 Sep 2019 14:06:59 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:59543 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728952AbfIASG6 (ORCPT ); Sun, 1 Sep 2019 14:06:58 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 6A6D0564880 for ; Sun, 1 Sep 2019 20:06:57 +0200 (CEST) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 9/9] libsepol/tests: do not dereference a NULL pointer Date: Sun, 1 Sep 2019 20:06:36 +0200 Message-Id: <20190901180636.31586-10-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190901180636.31586-1-nicolas.iooss@m4x.org> References: <20190901180636.31586-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 1 20:06:57 2019 +0200 (CEST)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000080, queueID=940B1564884 X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In test_attr_types, the pointer decl is allowed to be NULL in the beginning, but is dereferenced to produce a helpful message right before a CU_ASSERT_FATAL. Make this derefence not happen if the pointer is NULL. This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss --- libsepol/tests/test-common.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/libsepol/tests/test-common.c b/libsepol/tests/test-common.c index e6619ed1d152..1d902880fe2e 100644 --- a/libsepol/tests/test-common.c +++ b/libsepol/tests/test-common.c @@ -228,13 +228,16 @@ void test_attr_types(policydb_t * p, const char *id, avrule_decl_t * decl, const unsigned int i; type_datum_t *attr; - if (decl) + if (decl) { attr = hashtab_search(decl->p_types.table, id); - else + if (attr == NULL) + printf("could not find attr %s in decl %d\n", id, decl->decl_id); + } else { attr = hashtab_search(p->p_types.table, id); + if (attr == NULL) + printf("could not find attr %s in policy\n", id); + } - if (attr == NULL) - printf("could not find attr %s in decl %d\n", id, decl->decl_id); CU_ASSERT_FATAL(attr != NULL); CU_ASSERT(attr->flavor == TYPE_ATTRIB); CU_ASSERT(attr->primary == 1);