From patchwork Fri Apr 8 13:10:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12806731 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5BBCBC4332F for ; Fri, 8 Apr 2022 13:12:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236222AbiDHNOO (ORCPT ); Fri, 8 Apr 2022 09:14:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236553AbiDHNNs (ORCPT ); Fri, 8 Apr 2022 09:13:48 -0400 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AE34DE9 for ; Fri, 8 Apr 2022 06:10:59 -0700 (PDT) Received: by mail-ej1-x62f.google.com with SMTP id l7so11842424ejn.2 for ; Fri, 08 Apr 2022 06:10:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=9F9dtmdOcSc2MlHmGjkjMt+e9PdjK30FhSjyMsFlJiM=; b=RrbWDNr+UvMgnnM8b4v8BYaxd4EqxqZylYOTzJqWgbvBspCwnyEuoFkuFGrjavBQXE getaXMg67iq7E3wils+JkRsg3BB+IqHGA59Gn8YNkp7xuSWKAmmuSVFnIxmgARSkVdHg hcwIMhgRh2tErXfVTn4+cTANErh0BHInZzAjD4Bik15KXgvE4Sp9GHxwCzhS+9FF/eRl Z2WioCLufShKpFKobvr71/JJN7ALbGdbQ+tZmtnWlrMGuyfIpEl6rZtNIiNwsKEF4FT2 BffqNRVnoOjYZuL3sDRIeMovOxZkFV9INX17zBEWa4K07w5bSVtRhuF6PZ3CDuVAn6LH UrKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=9F9dtmdOcSc2MlHmGjkjMt+e9PdjK30FhSjyMsFlJiM=; b=3VjyipvV9CX01rvgfnzXKN3549iBuP8OmN+fnQbKsfzlar2exoE7ztSWJjUaKpvfH/ UxMfaeoHwA+++b4gGxmehZjuZYljV5s6Y8cbUkBICmFVS9eg/OXAAXn5ZVZHl1Phppxr +b9RzcO41eISYXsgdAiyqE+lwc76jklZ12mFvdtgAvJlaSIiKeUFzsZIdRXYgGmLAf7H CGGmpKfHs59Ke+7UOtclQrsoZIBa32pJzi97nji7u8ULZT1SW6NbBxX01zVrDqMUcg8t 4vnUK+ghAM6eB8MhO0u+ykAbCtaBiOWOxHLl+/wVzf7t2vgB7+IomQ72w45JJtjUBwjY uDQw== X-Gm-Message-State: AOAM533ZL/RT7xrfH9Mv7RCUBHlfWZp+Vw9KPbQ7Q3sONZ3WQsv9hiOC 991C0YCm/o6Oad8Tzi3eoVS4fwRGGj8= X-Google-Smtp-Source: ABdhPJycq0/9FD7T3jcNLnFJ5TlOACeFqcKMjJ877i+h1bdvRs+v/hidAtbnMaDnLHf/9DusPPqxPw== X-Received: by 2002:a17:906:16cc:b0:6ce:e607:ff02 with SMTP id t12-20020a17090616cc00b006cee607ff02mr18061583ejd.418.1649423458228; Fri, 08 Apr 2022 06:10:58 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-032-209.77.3.pool.telefonica.de. [77.3.32.209]) by smtp.gmail.com with ESMTPSA id h26-20020a170906111a00b006e778bd4fc8sm6398601eja.38.2022.04.08.06.10.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Apr 2022 06:10:57 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 1/5] libsepol/cil: declare file local function pointer static Date: Fri, 8 Apr 2022 15:10:50 +0200 Message-Id: <20220408131054.7957-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org ../cil/src/cil_log.c:45:8: warning: no previous extern declaration for non-static variable 'cil_log_handler' [-Wmissing-variable-declarations] void (*cil_log_handler)(int lvl, const char *msg) = &cil_default_log_handler; ^ Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/cil/src/cil_log.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_log.c b/libsepol/cil/src/cil_log.c index e45c58fc..f4c6e415 100644 --- a/libsepol/cil/src/cil_log.c +++ b/libsepol/cil/src/cil_log.c @@ -42,7 +42,7 @@ static void cil_default_log_handler(__attribute__((unused)) int lvl, const char fprintf(stderr, "%s", msg); } -void (*cil_log_handler)(int lvl, const char *msg) = &cil_default_log_handler; +static void (*cil_log_handler)(int lvl, const char *msg) = &cil_default_log_handler; void cil_set_log_handler(void (*handler)(int lvl, const char *msg)) { From patchwork Fri Apr 8 13:10:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12806732 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF4FAC43219 for ; Fri, 8 Apr 2022 13:12:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236223AbiDHNOP (ORCPT ); Fri, 8 Apr 2022 09:14:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59678 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236549AbiDHNNs (ORCPT ); Fri, 8 Apr 2022 09:13:48 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 554A324A for ; Fri, 8 Apr 2022 06:11:00 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id bq8so17218936ejb.10 for ; Fri, 08 Apr 2022 06:11:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=TKxq3hfRQRES7WZbXprId1u9wweLW/peSZkSvH29jPY=; b=fIwmjcv9oMei6HXfpE0Ym4PJTngKMoFJ/tIUL4KotVKcxYqJg7PqCXRBjOuJsmdUhE QEJqRA63Xr+73kRWDp/FKr2JNjuv3JT8jI1qtxC0dxseN7PwOxKHltLsh9Lqr+GoyGCN cJRTWbu9ZzZqFZF+3rX4S65DUio6l+ATEqkvWyt1ei0DTMD03xQ3/w+Wb7gDAcdROs4S TFMU0urq/CzhC5lu5fwnpdLx3PVPeTqK0opaqAukWTasxcg1XRJxrhj9zaYuxSQpUQYr GkRkzp7EOK6Xscm3ry+J2zD4YzhMcTZnOH8FX8GupF5+6pu9G5rWbMdxg5J+hxiv+qjT jJNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TKxq3hfRQRES7WZbXprId1u9wweLW/peSZkSvH29jPY=; b=g9qpH1kYugR9HBRTT4vOAK6aRX7hwmC1TYMx199ZN/+oOwEqYH6U4PHp+VkgPc6+RA +ozQB7JJMrSJE3f2yDJcn3rJjRpyLNjsTCp8dTPj+bynPLpPlZy7Q4PqmFljGVMvIMQJ turxMK8hjw9i+hCe2pdEalqnEAbWe+BnNO23CTvo0rYGgYP1XF0Yif3fBGxvQN+tHn/+ B4Qyf8jsZSWK2fHAGRQMoZzDCnmcrteNOBjEx/Ih1Pxq4HIz0I/mjF+DRgrFzd86tHvR Nd3tUSBXMoyZB6ZhxWlQc/PEEonZJz9CB7gWzM8upK7xLYpNfWanVWpTvBuQoc0sHTQW fQrw== X-Gm-Message-State: AOAM533WQsh/zNIwLdqRp3W6QGAF6ZnNATDsknUq7Nz8+T9BhxOkuxwZ qnnouRuQonh6job66xTRS8jIYTUt+x0= X-Google-Smtp-Source: ABdhPJxIC0Kcafj/2ajM2Pb7hidUaAIf7elqQfTAepc+9k0r1dJgW0KIANvQHGvg2rO3j2L+JsyKcw== X-Received: by 2002:a17:907:1b06:b0:6e7:f58a:9b91 with SMTP id mp6-20020a1709071b0600b006e7f58a9b91mr18877547ejc.291.1649423458829; Fri, 08 Apr 2022 06:10:58 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-032-209.77.3.pool.telefonica.de. [77.3.32.209]) by smtp.gmail.com with ESMTPSA id h26-20020a170906111a00b006e778bd4fc8sm6398601eja.38.2022.04.08.06.10.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Apr 2022 06:10:58 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 2/5] libsepol: check correct pointer for oom Date: Fri, 8 Apr 2022 15:10:51 +0200 Message-Id: <20220408131054.7957-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220408131054.7957-1-cgzones@googlemail.com> References: <20220408131054.7957-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the actual pointer which memory was assigned to, not its parent array pointer. services.c:810:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign] **r_buf = **new_buf; ^ ~~~~~~~~~ Signed-off-by: Christian Göttsche --- libsepol/src/services.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 29723729..b8fb2704 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -803,7 +803,7 @@ mls_ops: if (len < 0 || len >= reason_buf_len - reason_buf_used) { new_buf_len = reason_buf_len + REASON_BUF_SIZE; *new_buf = realloc(*r_buf, new_buf_len); - if (!new_buf) { + if (!*new_buf) { ERR(NULL, "failed to realloc reason buffer"); goto out1; } From patchwork Fri Apr 8 13:10:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12806733 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9F6BC433FE for ; Fri, 8 Apr 2022 13:12:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236237AbiDHNOR (ORCPT ); Fri, 8 Apr 2022 09:14:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236546AbiDHNNs (ORCPT ); Fri, 8 Apr 2022 09:13:48 -0400 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 046CB2B7 for ; Fri, 8 Apr 2022 06:11:01 -0700 (PDT) Received: by mail-ej1-x630.google.com with SMTP id qh7so17181254ejb.11 for ; Fri, 08 Apr 2022 06:11:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BvIE2zMxG4NDtw8oQ0Xw4pNzLYEnSCR1iuxy9zpRYU4=; b=q2HnMbUFz3a9rFp6A3CV99b96T1q+bPcWeyucKTY3YlEcokWD2A6ND4a6h8pSl1OW6 M3CKl2uRoMEwz+V508Sy28+rUw4JsGzEGiLZ54DSjGmIdZGVszwCrZ3h3VmX0q4434ex OSuokHrv7P7u+q5bObOesGHC4OIQrHkqaC+IEh+a6pSYf5y4hnUn0uyhJnk10r3Mesnm p5oKrAtAi7e9VUu7Nthh6QftyeU57iBtR4GUocJni4X0ss/JuwzbW0RWtJcA+zarDrWu xfXlaY7pzYfbl8anOhZ+7XNbewy39FQR0dRiS1ojKYbVq63lCGmGd4gpFF87guMnNPbL j9mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BvIE2zMxG4NDtw8oQ0Xw4pNzLYEnSCR1iuxy9zpRYU4=; b=VB7B2mT0jw2p5u3uZYulBPudHnbY845ILMUg13v739mCNn+nGrHnlC1rPZk2nCk24L +iAWwiFZTTpLQvIYraixp5x9H3uRDGH2KrzAsiopoEFqaLyW2U2jghnfrn04zwWUQ9zZ z4RbT+oIxYA1x3+khk5vnPSKdMIsCNjizPCXj8y2FcfO5t0+7kjOCfpgKAHDyVnhkil2 Z+1COkbvKmyvmuTKkFn7Fog535YA5+mYcAJIi4q7bbGqV5Rlp00JwKgoAH3vOl/6qd+i BDflK1U0BmkFkuNCjtS5XHpiX3qJAZbYT8oBT26iDYoUe6qyB+XMnt0OG7/UvAGSHJ2L /Psw== X-Gm-Message-State: AOAM530Is9ACXHT3C2OG9soHR1UFmZ1sjVCw7TRiwJcI7Y6rBXR9DOQl vake/cDZhe9rrpXqVczjyvxQpCBet30= X-Google-Smtp-Source: ABdhPJyifVO2oJgWSejAbEYm9pHQmzt8PWGn5h3p63h+ZtlbsS+GCs6Tbz10Q6lAhrBlPCwW27ssTA== X-Received: by 2002:a17:906:6a1d:b0:6e8:4127:6bc3 with SMTP id qw29-20020a1709066a1d00b006e841276bc3mr5928574ejc.633.1649423459514; Fri, 08 Apr 2022 06:10:59 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-032-209.77.3.pool.telefonica.de. [77.3.32.209]) by smtp.gmail.com with ESMTPSA id h26-20020a170906111a00b006e778bd4fc8sm6398601eja.38.2022.04.08.06.10.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Apr 2022 06:10:59 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 3/5] libsepol: drop unnecessary const discarding casts Date: Fri, 8 Apr 2022 15:10:52 +0200 Message-Id: <20220408131054.7957-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220408131054.7957-1-cgzones@googlemail.com> References: <20220408131054.7957-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org `hashtab_search()` takes a const_hashtab_key_t, alias `const char*` as second key parameter type. Do not unnecessarily cast variables of type `const char*` to hashtab_key_t, alias `char*`. policydb.c: In function ‘policydb_string_to_security_class’: policydb.c:4164:39: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] 4164 | (hashtab_key_t) class_name); | ^ policydb.c: In function ‘policydb_string_to_av_perm’: policydb.c:4184:25: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] 4184 | (hashtab_key_t)perm_name); | ^ policydb.c:4193:25: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] 4193 | (hashtab_key_t)perm_name); | ^ Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 5c7e35e8..0c71f09f 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -4160,7 +4160,7 @@ static sepol_security_class_t policydb_string_to_security_class( class_datum_t *tclass_datum; tclass_datum = hashtab_search(policydb->p_classes.table, - (hashtab_key_t) class_name); + class_name); if (!tclass_datum) return 0; return tclass_datum->s.value; @@ -4180,7 +4180,7 @@ static sepol_access_vector_t policydb_string_to_av_perm( perm_datum = (perm_datum_t *) hashtab_search(tclass_datum->permissions.table, - (hashtab_key_t)perm_name); + perm_name); if (perm_datum != NULL) return UINT32_C(1) << (perm_datum->s.value - 1); @@ -4189,7 +4189,7 @@ static sepol_access_vector_t policydb_string_to_av_perm( perm_datum = (perm_datum_t *) hashtab_search(tclass_datum->comdatum->permissions.table, - (hashtab_key_t)perm_name); + perm_name); if (perm_datum != NULL) return UINT32_C(1) << (perm_datum->s.value - 1); From patchwork Fri Apr 8 13:10:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12806734 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 502C6C433EF for ; Fri, 8 Apr 2022 13:12:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236139AbiDHNOS (ORCPT ); Fri, 8 Apr 2022 09:14:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236547AbiDHNNs (ORCPT ); Fri, 8 Apr 2022 09:13:48 -0400 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B5B3303 for ; Fri, 8 Apr 2022 06:11:01 -0700 (PDT) Received: by mail-ej1-x630.google.com with SMTP id r13so17285628ejd.5 for ; Fri, 08 Apr 2022 06:11:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=NPLpZl5DvVIoDrnwUgSvG/88FIuXOJmswdKKRUd+6jU=; b=YAx1n4auSSolBBtedpuzBNYvtnupLTgo2TDGcJrE+69dgV1fsfMfB73+HTR6cSmCL0 TOg8Ii0BcUAejsGfW4v7DXZX04r21zA+G/D1QDZgogrjDCNqo/sG/DZCq1mywkBXcu/1 QgV6SAvLQmlqSTLTIteFNOPt9PCNt1E0hMiM+03mDiIjOdfdai3f8VGuO8tCQp8t/Kdo x9QyAr34AFyjrXY3Q+u0lEKFp/Dy3nE9n82AinYSVECmPF29TJZk9H2rGhzNh4lhJWD1 bflNHwRmiTr5bpEadSAJ5QcroS5v9Y1R43hyBSOOzLCfysoZG5N6AIxYhQkjBSCb5Syq DHvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NPLpZl5DvVIoDrnwUgSvG/88FIuXOJmswdKKRUd+6jU=; b=3U6x4SwYVfMJXt+TCSpskF9nMnt7tEfWD4rQdkSXCW0DUggdgijlZWg9PQLTUfEIvv v5MpJRMcT0sXRvMVcD7ORjYs6GINsbdomV+vr7d8NfJ8/Z7abfx4gh7c/tRf/3i1mh26 gopU+Zc59i2iFAPdmCKEEmf61mQVkNlWNXimWiwK6z+pO8EQHRknhNjY/3E9GIbcefp3 f50/6nuO4FAmdmZJ0gTmXy6f0glODsAmK2GLR4egRdOqkY5aUZOGewWag0ZXis/D5066 aOJOd3YDT4eCos5ILHCvVfL2JgcVZaLUgr/DaRXZ2xWNrWvNSNImhy07yw7+Z/wULDom hGug== X-Gm-Message-State: AOAM5338eKkJl5E9dUU9QLUribY8m+xcLCVRmhGMxMyqs26b95TOme6/ gbivN4PdoE0PbyHA4qmJVzqfjdAMuf4= X-Google-Smtp-Source: ABdhPJzwIB10qKOXlv2O4I9bXhvBFs4071RlEcnBOwFoIyUxcB7jIWy9JI/gUc/wvUUlwhgUsohJDg== X-Received: by 2002:a17:906:a2c2:b0:6e7:efc2:17f2 with SMTP id by2-20020a170906a2c200b006e7efc217f2mr17374746ejb.542.1649423460147; Fri, 08 Apr 2022 06:11:00 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-032-209.77.3.pool.telefonica.de. [77.3.32.209]) by smtp.gmail.com with ESMTPSA id h26-20020a170906111a00b006e778bd4fc8sm6398601eja.38.2022.04.08.06.10.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Apr 2022 06:10:59 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 4/5] libselinux: limit has buffer size Date: Fri, 8 Apr 2022 15:10:53 +0200 Message-Id: <20220408131054.7957-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220408131054.7957-1-cgzones@googlemail.com> References: <20220408131054.7957-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The `struct selabel_digest` member `hashbuf_size` is used to compute hashes via `Sha1Update()`, which takes uint32_t as length parameter type. Use that same type for `hashbuf_size` to avoid potential value truncations, as the overflow check in `digest_add_specfile()` on `hashbuf_size` is based on it. label_support.c: In function ‘digest_gen_hash’: label_support.c:125:53: warning: conversion from ‘size_t’ {aka ‘long unsigned int’} to ‘uint32_t’ {aka ‘unsigned int’} may change value [-Wconversion] 125 | Sha1Update(&context, digest->hashbuf, digest->hashbuf_size); | ~~~~~~^~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche --- libselinux/src/label_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h index 782c6aa8..82a762f7 100644 --- a/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h @@ -57,7 +57,7 @@ int selabel_service_init(struct selabel_handle *rec, struct selabel_digest { unsigned char *digest; /* SHA1 digest of specfiles */ unsigned char *hashbuf; /* buffer to hold specfiles */ - size_t hashbuf_size; /* buffer size */ + uint32_t hashbuf_size; /* buffer size */ size_t specfile_cnt; /* how many specfiles processed */ char **specfile_list; /* and their names */ }; From patchwork Fri Apr 8 13:10:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12806730 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CAEFDC433F5 for ; Fri, 8 Apr 2022 13:12:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236144AbiDHNON (ORCPT ); Fri, 8 Apr 2022 09:14:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59632 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236551AbiDHNNs (ORCPT ); Fri, 8 Apr 2022 09:13:48 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4204F30F for ; Fri, 8 Apr 2022 06:11:02 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id a6so17373458ejk.0 for ; Fri, 08 Apr 2022 06:11:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=yQjtNIe5mWRLuBSAzMFxAQ0wrSsTKQiHsI3BK5xHtFM=; b=Lr5jAmWClHImazZrETjxF1jI+cjEDcuhA9doN0BxcVZQoZHnlDQw7JFNRM+nUGt69B GPxZb7Vs8DFeMNzp0u8GHDlZExJCu9pL4NLF9MWxFPH8cabl71Pl7vjIvTe8DJb91VsZ UZWaYV6+P/J4EmLgPUSvtQwgDhfY57p6qI4Vd2pW2Aiku7rNsHbxGIB2QyaHIoI3Ebhz yTXE4vKDM/J/ayROOckc9jrrjsDmObJQ7UA9mra9zpj7NKiOJbCyl0/imPZQB3ne5z7s NNPI1Yeb1xCEvyws+Cu2VMFSqDhCGdi3kGB8gs28VDvBZfb3caiqdRf9p/TjWTBjQVSL 4b0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yQjtNIe5mWRLuBSAzMFxAQ0wrSsTKQiHsI3BK5xHtFM=; b=z+Nj9viO1ls1xxtIBf8XVuG6kGLOJBQySrGEDEEEJVBMzj8F7h0KMIDXbu/97N5FLH TJtDmjkwJFUVhrvgwlHEG9al2J7DuqJBY41jKUC3YP6lggcRCjf4qskYQMINgwoAbYLM /+bNg/7BnD5mPs1BkDDq/vGfYCxHfCioUWXttEkL7XrLV6zncqTnHF2Qs2qHSOgxe+Qd 3mMHyfFBCv4RqylxLxGJwLuGLeSCtEyAaqj31JHjQLe9TtZC727UKMZnK9tZxy/gzYFv QZmh6tdaTFpf5lRTZ3TSoACE2ncttq3KJWS8gRvMcKc8uPh9EiJhGWunA0m7zRULRLgK VNzw== X-Gm-Message-State: AOAM531d+TQLe2T/ISS/CQZn6B485ITFJABLFFMO/rN7swFEbQnWfFcD f3rcE1Q54AZjjaAFFKQnipJsUvOKO9c= X-Google-Smtp-Source: ABdhPJzJ0ShpVAZY2wghaMVjT09NuyuK5dVBZM/FJ8ou2ea4CNfXN1dw35A+8EOvRxsYh/Gyu/r6UQ== X-Received: by 2002:a17:907:9482:b0:6da:a24e:e767 with SMTP id dm2-20020a170907948200b006daa24ee767mr18480624ejc.479.1649423460770; Fri, 08 Apr 2022 06:11:00 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-003-032-209.77.3.pool.telefonica.de. [77.3.32.209]) by smtp.gmail.com with ESMTPSA id h26-20020a170906111a00b006e778bd4fc8sm6398601eja.38.2022.04.08.06.11.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Apr 2022 06:11:00 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 5/5] libsemanage: avoid double fclose Date: Fri, 8 Apr 2022 15:10:54 +0200 Message-Id: <20220408131054.7957-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220408131054.7957-1-cgzones@googlemail.com> References: <20220408131054.7957-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The cleanup goto block in `semanage_direct_set_enabled()` closes the file stream pointer fp if not NULL. Set the stream to NULL after a manual fclose(3), even on failure. direct_api.c: In function ‘semanage_direct_set_enabled’: direct_api.c:2130:25: error: pointer ‘fp’ may be used after ‘fclose’ [-Werror=use-after-free] 2130 | if (fp != NULL) fclose(fp); | ^~~~~~~~~~ direct_api.c:2092:29: note: call to ‘fclose’ here 2092 | if (fclose(fp) != 0) { | ^~~~~~~~~~ Signed-off-by: Christian Göttsche --- libsemanage/src/direct_api.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index d5716ce5..7206483a 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -2089,7 +2089,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, goto cleanup; } - if (fclose(fp) != 0) { + ret = fclose(fp); + fp = NULL; + if (ret != 0) { ERR(sh, "Unable to close disabled file for module %s", modkey->name); @@ -2097,8 +2099,6 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, goto cleanup; } - fp = NULL; - break; case 1: /* enable the module */ if (unlink(fn) < 0) {