From patchwork Tue Dec 19 16:09:23 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498453
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com
 [209.85.167.51])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5952C1D521
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="ZW8JmgQm"
Received: by mail-lf1-f51.google.com with SMTP id
 2adb3069b0e04-50e44c1b35fso1174708e87.3
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002211; x=1703607011;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=FXMJOKV6j1eEJfgN28NBo6G5tHjUrwwHFBXOWqGFtY4=;
        b=ZW8JmgQmqUUbt/9QJaCU+vQxok1K78aorXk35XjaA54QURQZTIdrD9zMKxaLjyjTgu
         ILeUxZDfn7jBEFaHiM9DOIU0S2Fn8w/Wh+jhYvXLPzZXPiE7xfguD9Xb0udFDEv6/J5G
         COQZi+8rlVjvTXek1pePh8MWBufZDYJNSCGMHPG7F/BIotVhxm3F7y4JpI6BBEPozrPd
         gx2b1w5yvw/pTXzhNMd+UJBEz7Kpl4JfP+cuVbzhZeJQZfnXoEOUkEEftf1BHAZHTobl
         T3UPCxAby+4YVbVTtpU4tgG3kpDGal+OLrr2Njl3EPt2L3fRECDwhCsrN6wtuPpNPIMp
         J9Fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002211; x=1703607011;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=FXMJOKV6j1eEJfgN28NBo6G5tHjUrwwHFBXOWqGFtY4=;
        b=iYG25Qv4L/CGKrjbYIwF8ZrhtGm0m54NMmyBTfeRACO7zSkG3cLatIdoWH3kqkdgVc
         cak9oH9paIULBKcNJcNkQNyn1yFT2OF7r5Lqua4Ma/QhvWj8zERhArXUyaXIHOCFMh4q
         ILSj7Qd5e8oa4fgRz/s8qey4hQeVpsag/vgDINM3yyv51nrwsd9lG+geTrlmJ1ydS2FN
         F7S70waUieO2q2t11MC12VP676Xo+fwMQdi6g6iQSuW4ka20wBfS2EF4du/NrXwC07VD
         k26PNJOcg8uWCVmry4KMmFXJ1aub9xDGDRHivc5CSQj/sOD2CpbEVvW68tY9N0/0nDbZ
         emJw==
X-Gm-Message-State: AOJu0YyIN4r83rWiH3kwaz60ir999cwB/7Ts9WhvcLNZZ2IUYxMrxb2j
	JjAu984IUjUtOGhKopXKLws4GZ7Yecc=
X-Google-Smtp-Source: 
 AGHT+IHCn9NXq9MkbFbOjhqafuPDAk7+Xk3fDQa+ze8eVnSK/UJpxRPEU11QIlVD/CycE0cJR6qJOg==
X-Received: by 2002:a05:6512:200a:b0:50e:3870:d978 with SMTP id
 a10-20020a056512200a00b0050e3870d978mr1629066lfb.122.1703002211180;
        Tue, 19 Dec 2023 08:10:11 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.10
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:10 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 01/11] libselinux/man: mention errno for regex compilation
 failure
Date: Tue, 19 Dec 2023 17:09:23 +0100
Message-ID: <20231219160943.334370-1-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Selabel lookups might fail with errno set to EINVAL in the unlikely case
a regular expression from the file context definition failed to compile.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 libselinux/man/man3/selabel_lookup.3            | 3 ++-
 libselinux/man/man3/selabel_lookup_best_match.3 | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/libselinux/man/man3/selabel_lookup.3 b/libselinux/man/man3/selabel_lookup.3
index 4e47c3ec..e20345e6 100644
--- a/libselinux/man/man3/selabel_lookup.3
+++ b/libselinux/man/man3/selabel_lookup.3
@@ -64,7 +64,8 @@ The
 .I key
 and/or
 .I type
-inputs are invalid, or the context being returned failed validation.
+inputs are invalid, or the context being returned failed validation, or a
+regular expression in the database failed to compile.
 .TP
 .B ENOMEM
 An attempt to allocate memory failed.
diff --git a/libselinux/man/man3/selabel_lookup_best_match.3 b/libselinux/man/man3/selabel_lookup_best_match.3
index ef2efb4a..985a8600 100644
--- a/libselinux/man/man3/selabel_lookup_best_match.3
+++ b/libselinux/man/man3/selabel_lookup_best_match.3
@@ -78,7 +78,8 @@ The
 .I key
 and/or
 .I type
-inputs are invalid, or the context being returned failed validation.
+inputs are invalid, or the context being returned failed validation, or a
+regular expression in the database failed to compile.
 .TP
 .B ENOMEM
 An attempt to allocate memory failed.

From patchwork Tue Dec 19 16:09:24 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498454
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ed1-f46.google.com (mail-ed1-f46.google.com
 [209.85.208.46])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EED1D1D125
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="GKZ/aG4B"
Received: by mail-ed1-f46.google.com with SMTP id
 4fb4d7f45d1cf-553338313a0so3422973a12.2
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002212; x=1703607012;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jayhy+5twOAsvydafjKvRy2sAVMLExMRwrz2kuGOIis=;
        b=GKZ/aG4BCzJuk0RSseusGu9NuJYqmtEsAoRVkLF6SRs+WDf6ML9s8nOoXC2cCXmRK9
         Jzh9x8zeCDmnLeJh/+4zzP3G2FSDdSFA04IEzc4deXIunaram5TzJjIiy5ztj+QNz9iF
         nW5puNaT/5mDP5xd99tzBFL5j8URX4hp9mLftMiuqxwOBO+SBjqC4oboEc+LB7iamlR+
         v5PItlC612VzXI2Yjh9yudnaw2n3Uo4FueUbpOZ1Xdos/kb4tArE04UyYvejmFjyiolH
         gDe3T67Q7aXbOauI1o5ynuG4LKlrjCZEu61ga5To66Dz1KTVXB9+iOCyZnXQjZHNjWmm
         G5Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002212; x=1703607012;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jayhy+5twOAsvydafjKvRy2sAVMLExMRwrz2kuGOIis=;
        b=w7oowb6bMQOkf5sa6J6vadVeH/nsMJIeQ5W4HnyWbYwT2sxWQR8NDu0kPZ16pHcBwa
         eyLIS4bh82OcQL1tjpsElC0p7pDw28I+GpHDXOCFpzqU5DzKpawL1TcIBxhb9RV0BqoM
         mbwC8TSnvR9aQMflJr2R2TT//LPS0LrP6rqpa3ENSMayKiDdV3eA1C//w3Gj+ZN8JCxc
         /G3kWSzORCvxpgr6CrYpIJ0J6YqB36EqvEgUv1nsiHGiZPwZ4CsaQqmSeKc0CSjHlqTf
         /CbriXzwU278ZYO0UT7Tn8gYLQ9qNltkoEhS6AtQHA1VHGeOk7XkXD8FczQOZj0cS2Np
         +q+w==
X-Gm-Message-State: AOJu0Yzi+Ey4ur4CXjzboSusA0nDJPNZA/aLVULrqZNWPtnjsd5TIzWp
	83Cp8Rj6C9RQWj3ZiaJRIyInvLk5F5A=
X-Google-Smtp-Source: 
 AGHT+IHzJ+1w/wWABDyDuFBG8USz8MIzPOBRDq7pnOoAKBpIPwDEYEIS6jg2QTm5Wu87UFR00n0a1w==
X-Received: by 2002:a17:906:c41:b0:a26:8622:a2f7 with SMTP id
 t1-20020a1709060c4100b00a268622a2f7mr400495ejf.141.1703002212089;
        Tue, 19 Dec 2023 08:10:12 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.11
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:11 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 02/11] libselinux/man: sync selinux_check_securetty_context(3)
Date: Tue, 19 Dec 2023 17:09:24 +0100
Message-ID: <20231219160943.334370-2-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Add the missing const qualifier.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/man/man3/selinux_check_securetty_context.3 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libselinux/man/man3/selinux_check_securetty_context.3 b/libselinux/man/man3/selinux_check_securetty_context.3
index 429023bb..7b64cc5e 100644
--- a/libselinux/man/man3/selinux_check_securetty_context.3
+++ b/libselinux/man/man3/selinux_check_securetty_context.3
@@ -5,12 +5,12 @@ selinux_check_securetty_context \- check whether a SELinux tty security context
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
-.BI "int selinux_check_securetty_context(char *" tty_context );
+.BI "int selinux_check_securetty_context(const char *" tty_context );
 .
 .SH "DESCRIPTION"
 .BR selinux_check_securetty_context ()
 returns 0 if tty_context is a securetty context,
-returns < 0 otherwise. 
+returns < 0 otherwise.
 .
 .SH "SEE ALSO"
 .BR selinux "(8)"

From patchwork Tue Dec 19 16:09:25 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498456
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com
 [209.85.218.41])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 038611D140
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="Nwmkxlad"
Received: by mail-ej1-f41.google.com with SMTP id
 a640c23a62f3a-a236456fee1so251563766b.1
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002213; x=1703607013;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=altqZyX0zTQ2UMVZ0cwNTY7l34ou2n2ZoZAQGilpw/Y=;
        b=Nwmkxlad/9axKXuGHYQLjS5UeWID9KGeKI/Vy20eR0fsyjQTAHA5yMRjF3ATpnEaar
         W1+Q/QfLs6jh0deNkpczX73LGfGQNTzXSyVM5bcbE7juKlnckHl1S5EARuFxYfLab9kL
         tq/oJNhyvNpsxFmXksUOmIdpw8W8u+RPiBTuxG68ZjON4a0Ykz9NzO0nGJF0V9sjnhx+
         JZcPLB9CB3mZRK50EAWeVhUI4sCAAdhVCHIDWLzwr9kk6rde6zgJsohgfVocd6vOV0zf
         4/vN6b9mi/CTi/Kry19pnv4DbFvUw3e0FIBEQRGO1BefFALuPxzkfFEQ3N5LNTgsuZd4
         xphw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002213; x=1703607013;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=altqZyX0zTQ2UMVZ0cwNTY7l34ou2n2ZoZAQGilpw/Y=;
        b=Yv4ml2jyKmnuGX0+gy9oaWaDQsFp8SGXBSBZCfx9DB7oe21ROhbKY6XY9kPvjEFY2z
         1KvWNXFNBsdQm+XFK0mEol32OUAfA33UFLXhvtrUqtlq88OVUlKdGxYntKrgG9K64woS
         6mOTLfDnQAztq1348hfYPbdMSRmL6gbiF2+lpiC3a0jn5Ok0NUCIhNrBwBZZ+PAk3m2y
         6hPtbTPOPkMdkSlANMVNIM/QD8c5A9tdNO1kWWn0VzKAZIOyp7Cq6KRt3g7j46NNMcx7
         hB4+/mxn9uiDmlHxRoEZntxQOfcfmv2AsbwLp9jMvjvZ/OJg+KBkq/k6g2ru5hMtjWXz
         krmg==
X-Gm-Message-State: AOJu0YwhltZP4Ps15I9LIUHtZCZpTvkFwI+5k7wLolQ0dFYxNPkWb89d
	MB+AgestyD7gFrdyuGHsVnRlYjnEgWw=
X-Google-Smtp-Source: 
 AGHT+IH6LSbo94AJ53G3JeJlA9kgg+fy5YsAB9WcjBlw163GKqGPozjT/L7+ei+VwmWeOi+GIPrROw==
X-Received: by 2002:a17:907:c313:b0:a23:6dfa:f7ae with SMTP id
 tl19-20020a170907c31300b00a236dfaf7aemr2034519ejc.104.1703002213172;
        Tue, 19 Dec 2023 08:10:13 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.12
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:12 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 03/11] libselinux/utils: free allocated resources
Date: Tue, 19 Dec 2023 17:09:25 +0100
Message-ID: <20231219160943.334370-3-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Remove noise while running with sanitizers or under valgrind.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/utils/getconlist.c     | 10 +++++++---
 libselinux/utils/getdefaultcon.c  | 20 +++++++++++++++++---
 libselinux/utils/selinuxexeccon.c |  1 +
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
index 92f6a793..1ff05209 100644
--- a/libselinux/utils/getconlist.c
+++ b/libselinux/utils/getconlist.c
@@ -19,8 +19,9 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
 
 int main(int argc, char **argv)
 {
-	char **list, *cur_context = NULL;
-	char *user = NULL, *level = NULL;
+	char **list;
+	const char *cur_context, *user;
+	char *cur_con = NULL, *level = NULL;
 	int ret, i, opt;
 
 	while ((opt = getopt(argc, argv, "l:")) > 0) {
@@ -54,11 +55,12 @@ int main(int argc, char **argv)
 
 	/* If a context wasn't passed, use the current context. */
 	if (((argc - optind) < 2)) {
-		if (getcon(&cur_context) < 0) {
+		if (getcon(&cur_con) < 0) {
 			fprintf(stderr, "Couldn't get current context:  %s\n", strerror(errno));
 			free(level);
 			return 2;
 		}
+		cur_context = cur_con;
 	} else {
 		cur_context = argv[optind + 1];
 		if (security_check_context(cur_context) != 0) {
@@ -82,10 +84,12 @@ int main(int argc, char **argv)
 	} else {
 		fprintf(stderr, "get_ordered_context_list%s failure: %d(%s)\n",
 			level ? "_with_level" : "", errno, strerror(errno));
+		free(cur_con);
 		free(level);
 		return 4;
 	}
 
+	free(cur_con);
 	free(level);
 
 	return 0;
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
index 50f1ea91..67c84f94 100644
--- a/libselinux/utils/getdefaultcon.c
+++ b/libselinux/utils/getdefaultcon.c
@@ -19,8 +19,9 @@ static __attribute__ ((__noreturn__)) void usage(const char *name, const char *d
 
 int main(int argc, char **argv)
 {
-	char * usercon = NULL, *cur_context = NULL;
-	char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+	const char *cur_context, *user;
+	char *usercon = NULL, *cur_con = NULL;
+	char *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
 	char *service = NULL;
 	int ret, opt;
 	int verbose = 0;
@@ -54,6 +55,9 @@ int main(int argc, char **argv)
 	if (!is_selinux_enabled()) {
 		fprintf(stderr,
 			"%s may be used only on a SELinux kernel.\n", argv[0]);
+		free(level);
+		free(role);
+		free(service);
 		return 1;
 	}
 
@@ -61,15 +65,23 @@ int main(int argc, char **argv)
 
 	/* If a context wasn't passed, use the current context. */
 	if ((argc - optind) < 2) {
-		if (getcon(&cur_context) < 0) {
+		if (getcon(&cur_con) < 0) {
 			fprintf(stderr, "%s:  couldn't get current context:  %s\n", argv[0], strerror(errno));
+			free(level);
+			free(role);
+			free(service);
 			return 2;
 		}
+		cur_context = cur_con;
 	} else
 		cur_context = argv[optind + 1];
 
 	if (security_check_context(cur_context)) {
 		fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], cur_context);
+		free(cur_con);
+		free(level);
+		free(role);
+		free(service);
 		return 3;
 	}
 
@@ -101,6 +113,8 @@ out:
 	if (level != dlevel) free(level);
 	free(dlevel);
 	free(usercon);
+	free(cur_con);
+	free(service);
 
 	return ret >= 0;
 }
diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
index 66754b6a..463bf5aa 100644
--- a/libselinux/utils/selinuxexeccon.c
+++ b/libselinux/utils/selinuxexeccon.c
@@ -45,6 +45,7 @@ int main(int argc, char **argv)
 		con = strdup(argv[2]);
 		if (security_check_context(con)) {
 			fprintf(stderr, "%s:  invalid from context '%s'\n", argv[0], con);
+			free(con);
 			return -1;
 		}
 	}

From patchwork Tue Dec 19 16:09:26 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498455
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com
 [209.85.218.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C69261D13D
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:15 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="T0CYrzPY"
Received: by mail-ej1-f47.google.com with SMTP id
 a640c23a62f3a-a233a60f8feso357666566b.0
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002214; x=1703607014;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=akgUxFrDS2OEoiOfORLhSX66qaJZlbiwFJ71FzN57x0=;
        b=T0CYrzPY2jVn66K6kvsW3mrbB6KWmAzH9IBka7+yjTkSCeAIGAdbKyQHgymMdNO1wO
         3zFMrAa+OLxnj/UzJrHFeAcoppyYGIYjicXPgcnjU0hFLS2+HuZ3y7Y7OtQBRfDI655w
         cuSUOZMj+9DUajYBKuNZBmI/yRoUAwec7mlX7KbBVaSbnsz49eYkldg1Snfx6C4KZucs
         7EMJJKtCVSeOKIaFhj8z9GB5KrPAKnFn1pUQZ5ww1Dtf+xz+C/2TUQ6pjKWWUIPLGGDN
         7c4jPVUti157ho7+ypeIDHO1KGYyV2O17gijvkdAfaWC4Ld9dUargyjq1msxIfHzMU2q
         3Gog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002214; x=1703607014;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=akgUxFrDS2OEoiOfORLhSX66qaJZlbiwFJ71FzN57x0=;
        b=DERW5gACO2eUL1q4vGbZQUSuUjjqaGMG43r0OOS2FIBcM0hUsniiOYD+u0VZCeNhRw
         8+HD1rfhzy7qt+dIsi078ISIjwRggnnG9o20loIpY2DTnY8qx71fUhxEu0FDKHH4DJ6f
         YzROJJKabNDWAhdvFarGDn3nser7tLGNfI3O5Qx69+jhN2jz/Pap1pFncCmQPOUyFIw7
         05stcrA/pokJsV/CXNROrK4RujbbTohNBnUimSq+fIv1QYXQnFtpHGSUDprd3LsIuacI
         NQtk88ExTkcunZFsdWSsMmKNZV4n96FVZPE9R6urrKsaw+Bfv7qTg4FHayBGqTSg6RZH
         foPw==
X-Gm-Message-State: AOJu0Yy7kHdcBvvV0kgPvZ/CcZKmNVl/mX8L7fXc7msWqO24E5F9Did+
	XpG3LwfCls/Kt5WeDkrQMTdoHLdv/R8=
X-Google-Smtp-Source: 
 AGHT+IGdxgMdv54MszGq0vn1OZikBRXL9Smkrw/FLGX2vhvrT0gPYZ3Cw4lKUIrChbkK3GRyzai3Rw==
X-Received: by 2002:a17:907:3e13:b0:a26:8683:bd3b with SMTP id
 hp19-20020a1709073e1300b00a268683bd3bmr377124ejc.125.1703002214021;
        Tue, 19 Dec 2023 08:10:14 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.13
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:13 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 04/11] libselinux/utils: improve compute_av output
Date: Tue, 19 Dec 2023 17:09:26 +0100
Message-ID: <20231219160943.334370-4-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Show the more interesting inverse of the auditdeny vector as dontaudit.

Show the inverse of the decided vector, although since Linux v2.6.30
f1c6381a6e33 ("SELinux: remove unused av.decided field") all permissions
are always decided.

    $ compute_av staff_u:staff_r:staff_t:s0 sysadm_u:sysadm_r:sysadm_t:s0 process
    allowed= null
    auditdeny= { fork transition sigchld sigkill sigstop signull ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setcurrent execmem execstack execheap setkeycreate setsockcreate getrlimit 0x80000000 }
    dontaudit= { signal }

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/utils/compute_av.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
index cca407d6..09f574a0 100644
--- a/libselinux/utils/compute_av.c
+++ b/libselinux/utils/compute_av.c
@@ -44,10 +44,14 @@ int main(int argc, char **argv)
 	print_access_vector(tclass, avd.allowed);
 	printf("\n");
 
-	if (avd.decided != ~0U) {
+	if (~avd.decided) {
 		printf("decided=");
 		print_access_vector(tclass, avd.decided);
 		printf("\n");
+
+		printf("undecided=");
+		print_access_vector(tclass, ~avd.decided);
+		printf("\n");
 	}
 
 	if (avd.auditallow) {
@@ -56,10 +60,14 @@ int main(int argc, char **argv)
 		printf("\n");
 	}
 
-	if (avd.auditdeny != ~0U) {
-		printf("auditdeny");
+	if (~avd.auditdeny) {
+		printf("auditdeny=");
 		print_access_vector(tclass, avd.auditdeny);
 		printf("\n");
+
+		printf("dontaudit=");
+		print_access_vector(tclass, ~avd.auditdeny);
+		printf("\n");
 	}
 
 	exit(EXIT_SUCCESS);

From patchwork Tue Dec 19 16:09:27 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498458
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com
 [209.85.218.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 83CAF1D521
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="dWEX0A4h"
Received: by mail-ej1-f42.google.com with SMTP id
 a640c23a62f3a-a2339262835so350744066b.3
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002215; x=1703607015;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BttxqXRGBCPrXk99eIkz9Fiyo5nhN/CXJX4ptKVVayQ=;
        b=dWEX0A4hGGObaDSHs+Vygx8Wba97XbLomXXPOuZKarCDQzj8RrtVKZg39BWrNq2UDZ
         fq00v0sT3vKY/lgm0DBe8HWz8PD0LXQnym0u7vkOUtAj2pyOsHw+FX/6SbLdgcq+Kno6
         gp9tn1N3SFs6YYkI+Oz+i97rWyi+Y1f7MqI6qpwwrMTZuNnP72mGMzQjp5a5x93WBlJZ
         mM3LPbKU304iVlmlPDWZzyA5jRrBZoEU++22aENZF3fHNIImxPCMT6MUFTSPpncKkQBZ
         QjwE68mLveO1qF3WX1ajxruJ2rbBVwuiL6AM2I1E3XaH7FR5slpZRyK8B7rywVFwidM4
         wTDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002215; x=1703607015;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=BttxqXRGBCPrXk99eIkz9Fiyo5nhN/CXJX4ptKVVayQ=;
        b=FMMWBK0WjNZmn7FUvdy2DI8YXlNDPZmHgNRH+Xjl9wZBpK928PZBfHhozzDTXhhrUk
         qVdVP9YDnwa3aSej0nN87xpOIdArNdMeqov9+YvgaTwe/yhdnVStfQmGBn9EUAGc2izE
         EMVcj4Hj9Iqi5iZKJ9ntbIdmwvw6MALEBlfFNdMY1UGSgwnmPFAc+QiYEC/AHqrjTOHP
         j/MGbOzVNLH7XIfnFbriD+wYpovnIA7KwwYXXD15kdPsutqJeT6swEfGMtltRbD79cez
         UW+g1YNTCuLh5NI9vF7VdpdkNBpucXGu8AEOHYSQEZ5YU820KhMgJzd6ivK6tj1h4Kcc
         i2wA==
X-Gm-Message-State: AOJu0YzuMT0SHVtd/j9UQSSjDxrG0TAqELVfhLGNm+p0puxCwUbOtB3m
	mSH4QOzX6me3Mc/yCjy3og1Wn8Coh0g=
X-Google-Smtp-Source: 
 AGHT+IHWjOXxMvTWPMUV8RcDVTe/dEldDKA+H3tFtLeyCDttlEFEuEHqPjYOe3SR/arRHCU7uq4W7g==
X-Received: by 2002:a17:906:2803:b0:9fc:3a70:4430 with SMTP id
 r3-20020a170906280300b009fc3a704430mr8256192ejc.70.1703002214670;
        Tue, 19 Dec 2023 08:10:14 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.14
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:14 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 05/11] libselinux: align SELABEL_OPT_DIGEST usage with man
 page
Date: Tue, 19 Dec 2023 17:09:27 +0100
Message-ID: <20231219160943.334370-5-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

According to selabel_opn(3) a non-null value for this option enables the
generation of an SHA1 digest of the spec files loaded as described in
selabel_digest(3).

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/label.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index 1ea9bdcd..4a7c6e6d 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -62,7 +62,7 @@ static inline struct selabel_digest *selabel_is_digest_set
 
 	while (n--) {
 		if (opts[n].type == SELABEL_OPT_DIGEST &&
-					    opts[n].value == (char *)1) {
+					    !!opts[n].value) {
 			digest = calloc(1, sizeof(*digest));
 			if (!digest)
 				goto err;

From patchwork Tue Dec 19 16:09:28 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498457
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ej1-f44.google.com (mail-ej1-f44.google.com
 [209.85.218.44])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 463EB1D133
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="ll2J8TZi"
Received: by mail-ej1-f44.google.com with SMTP id
 a640c23a62f3a-a235e394758so274121866b.1
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002215; x=1703607015;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=SlPBJRCJAiUl6SzcrSl5tuliJRJLnt898mkFfNL7oSQ=;
        b=ll2J8TZiAV58USCix789cQZ4S+IANGn0OQiLUHHOMjaffdGAw02e5pIScos8Eci/Su
         rxET3OexxOksGLsZquudw3K+4jBzRBQP8lsiQo8wUJOSIvWhdFym6eeER9D1E1GJtGBx
         qfqCo4N062QcowcY+Is32PSxBhoJD/hiEJ6Tm42x5Z6IKFJSIfk7dji/wzjuChAZeoX0
         ZhUB09qapIgjWP3MAnOq/3f8Ly52Lp/4UEXSOuhSTo4ZQqowrUAWoVWKMz3vclB7zYXh
         Jh55L9EWQXBeWvMT9dS6OPFOypyh1akDJp6S/4hpmVL0NVqOZ1Vy9O2Otdjb4QHv/TpA
         yR/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002215; x=1703607015;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=SlPBJRCJAiUl6SzcrSl5tuliJRJLnt898mkFfNL7oSQ=;
        b=VhUYCbOO47uK0nODYnUMqJKzyI7XD2lfAg/nXeXlX3nsJgygez2xM6zcjb+sXocelt
         UGKCyFYqGz1vxtZ2U03L7jwafDdgioxG9/Ye5k7XfCsoqyXcqb2mU5tpOAg/r4wzfPlN
         h4BFzwnrZW+rnL7PPaZrlS4b7VN4WsSagFdzmBNttlPWHZDwMP7u0qFz9nVcXrZTtxhm
         MdfnHcs2BoHtbd2ALPOwU9c2UL9WxLMIwINvPMs1jkmxVM2FpxmDJxmCtTlsRk9x4/0v
         f90mxw3ksjyG28HA+uVdlbzF4qhmdmQZOp5F3AfSo1juuuCe5qb6O1XYCD9yZ1s4aqOg
         ezZA==
X-Gm-Message-State: AOJu0YzCx8Znps3oNL7B3PH/M9TTw1CGV0+kOPxUxV4+uacuWnrOf6fE
	+PE+z14doOz0w4tS6/wK3Gk3/0Fq2eQ=
X-Google-Smtp-Source: 
 AGHT+IHlkqFu6v8JmLi5mzK881Xnu7Dq4XjUME+ykQtecw+0+0xIImBNLS8DUdcKsGKQitef76tWfw==
X-Received: by 2002:a17:906:a85a:b0:a23:5974:3cb2 with SMTP id
 dx26-20020a170906a85a00b00a2359743cb2mr1961427ejb.116.1703002215555;
        Tue, 19 Dec 2023 08:10:15 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.14
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:15 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 06/11] libselinux: fail selabel_open(3) on invalid option
Date: Tue, 19 Dec 2023 17:09:28 +0100
Message-ID: <20231219160943.334370-6-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Return an error on invalid selabel_open(3) options, e.g. an option for
a different backend was used.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/label_backends_android.c | 7 +++++++
 libselinux/src/label_db.c               | 8 ++++++++
 libselinux/src/label_file.c             | 7 +++++++
 libselinux/src/label_media.c            | 7 +++++++
 libselinux/src/label_x.c                | 7 +++++++
 5 files changed, 36 insertions(+)

diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index cd3875fc..7ddacdbe 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -157,6 +157,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}
 
 	if (!path)
diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
index 3f803037..2daf1770 100644
--- a/libselinux/src/label_db.c
+++ b/libselinux/src/label_db.c
@@ -268,6 +268,14 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
 		case SELABEL_OPT_PATH:
 			path = opts[nopts].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			free(catalog);
+			errno = EINVAL;
+			return NULL;
 		}
 	}
 
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 4778f8f8..315298b3 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -812,6 +812,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_BASEONLY:
 			baseonly = !!opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}
 
 #if !defined(BUILD_HOST) && !defined(ANDROID)
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
index b3443b47..4c987988 100644
--- a/libselinux/src/label_media.c
+++ b/libselinux/src/label_media.c
@@ -85,6 +85,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}
 
 	/* Open the specification file. */
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
index e15190ca..f332dcb6 100644
--- a/libselinux/src/label_x.c
+++ b/libselinux/src/label_x.c
@@ -112,6 +112,13 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
 			break;
+		case SELABEL_OPT_UNUSED:
+		case SELABEL_OPT_VALIDATE:
+		case SELABEL_OPT_DIGEST:
+			break;
+		default:
+			errno = EINVAL;
+			return -1;
 		}
 
 	/* Open the specification file. */

From patchwork Tue Dec 19 16:09:29 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498459
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com
 [209.85.218.46])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 31CA71D140
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="KBWhAT+5"
Received: by mail-ej1-f46.google.com with SMTP id
 a640c23a62f3a-a234139b725so365829466b.3
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002216; x=1703607016;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Q3mQhCro7rIA//WgoTKoBpkiGulU0bbdLMCuyCwVh/8=;
        b=KBWhAT+5d9yGvqNftUCP7N2R4N1W655wDCIuDttq92QS+S+pWSwkDkNUuD1w1pC9eP
         Rv0FtyYxNG8FhpcdoHB95yR8z65v3Z0PLXe+rorOlexXaikKhqN1mNUsSx+1GsURXDNk
         wFvT0FEbqYeCdyFEZJ6DBGZRHuOh7A/k9SQE7rwqhYXjLfVuAhavza+cW4wqPJa4YwXz
         5c26CTeTJI8fyu6rGsNluU/TEOb7zULyStCQIfujKq/eMSiEcx274OPLF6XFzxX+Zl7S
         J8fCCE784mUNzzPDknumhahQ4g0Q4oOM71DkOvmtnh9m4lLpy7As5DSBtoaAazKsq/Jb
         uroQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002216; x=1703607016;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Q3mQhCro7rIA//WgoTKoBpkiGulU0bbdLMCuyCwVh/8=;
        b=QlxAOWU7gP54EAqFpCQwl43Bj/DGROz+EU4uyIjLQEMQvxF92K1fspBVsGsRC1lgKk
         /jByO9qsx+R2qwekauyBN2oUpqHNaD3qwBt7CI90NE0+094AAcpnNTPuSUzd7kPX4fjr
         fD9YWEdAGAwMTLBCqLrYSgfxov3tbQdudI3j5abG9lQ75DQQKiZ5PMqlWUu4p2k1Pe3j
         lksC7tkMPui1GhDo7WVaV9IvAF/oUrPVeffMvgzvkQ5rxcKvuo3qzniy82GfomZSE5U+
         BhXfijD4awKQWqNV8lzwOvQgM4g4tR1Hr0PzrxZk8nO7jwujDIcAfr/esKjBN+QAXD5g
         U0Lg==
X-Gm-Message-State: AOJu0YyTvlsLGprdTithDMXnVM9UdTqabQpAEUrrbEdLcoN+2/cbs/xA
	xnEx4Qe1ISCixQpSSJqvs4X/W0TfLpk=
X-Google-Smtp-Source: 
 AGHT+IEHwSS8ZDrDxwxZ5Z5YCg1pgNsfKVkfZi4mHvlhtf+SoVSYAIzPnNFup+4nILrlqN1cPp8phw==
X-Received: by 2002:a17:906:fa17:b0:a23:456b:bd79 with SMTP id
 lo23-20020a170906fa1700b00a23456bbd79mr1135937ejb.199.1703002216307;
        Tue, 19 Dec 2023 08:10:16 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.15
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:15 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 07/11] libselinux: use logging wrapper in getseuser(3) and
 get_default_context(3) family
Date: Tue, 19 Dec 2023 17:09:29 +0100
Message-ID: <20231219160943.334370-7-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Instead of writing error messages directly to stderr use the wrapper
selinux_log(), which by default writes to stderr.  This allows
applications to redirect or silence messages via
selinux_set_callback(3).

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/get_context_list.c | 10 ++++++----
 libselinux/src/seusers.c          |  6 ++++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
index 9dafa519..7e23be05 100644
--- a/libselinux/src/get_context_list.c
+++ b/libselinux/src/get_context_list.c
@@ -7,7 +7,9 @@
 #include <string.h>
 #include <ctype.h>
 #include <pwd.h>
+
 #include "selinux_internal.h"
+#include "callbacks.h"
 #include "context_internal.h"
 #include "get_context_list_internal.h"
 
@@ -224,7 +226,7 @@ static int get_context_user(FILE * fp,
 
 		/* Check whether a new context is valid */
 		if (SIZE_MAX - user_len < strlen(start) + 2) {
-			fprintf(stderr, "%s: one of partial contexts is too big\n", __FUNCTION__);
+			selinux_log(SELINUX_ERROR, "%s: one of partial contexts is too big\n", __FUNCTION__);
 			errno = EINVAL;
 			rc = -1;
 			goto out;
@@ -245,7 +247,7 @@ static int get_context_user(FILE * fp,
 				rc = -1;
 				goto out;
 			}
-			fprintf(stderr,
+			selinux_log(SELINUX_ERROR,
 				"%s: can't create a context from %s, skipping\n",
 				__FUNCTION__, usercon_str);
 			free(usercon_str);
@@ -439,7 +441,7 @@ int get_ordered_context_list(const char *user,
 
 		fclose(fp);
 		if (rc < 0 && errno != ENOENT) {
-			fprintf(stderr,
+			selinux_log(SELINUX_ERROR,
 				"%s:  error in processing configuration file %s\n",
 				__FUNCTION__, fname);
 			/* Fall through, try global config */
@@ -452,7 +454,7 @@ int get_ordered_context_list(const char *user,
 		rc = get_context_user(fp, fromcon, user, &reachable, &nreachable);
 		fclose(fp);
 		if (rc < 0 && errno != ENOENT) {
-			fprintf(stderr,
+			selinux_log(SELINUX_ERROR,
 				"%s:  error in processing configuration file %s\n",
 				__FUNCTION__, selinux_default_context_path());
 			/* Fall through */
diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
index 6da8c318..e5cfd510 100644
--- a/libselinux/src/seusers.c
+++ b/libselinux/src/seusers.c
@@ -8,7 +8,9 @@
 #include <errno.h>
 #include <selinux/selinux.h>
 #include <selinux/context.h>
+
 #include "selinux_internal.h"
+#include "callbacks.h"
 
 /* Process line from seusers.conf and split into its fields.
    Returns 0 on success, -1 on comments, and -2 on error. */
@@ -197,8 +199,8 @@ int getseuserbyname(const char *name, char **r_seuser, char **r_level)
 		if (rc == -1)
 			continue;	/* comment, skip */
 		if (rc == -2) {
-			fprintf(stderr, "%s:  error on line %lu, skipping...\n",
-				selinux_usersconf_path(), lineno);
+			selinux_log(SELINUX_ERROR, "%s:  error on line %lu, skipping...\n",
+						   selinux_usersconf_path(), lineno);
 			continue;
 		}
 

From patchwork Tue Dec 19 16:09:30 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498460
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com
 [209.85.218.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3021C1D53F
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="KPMW/XAT"
Received: by mail-ej1-f45.google.com with SMTP id
 a640c23a62f3a-a268836254aso29889266b.1
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002217; x=1703607017;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=LPxl73yp8gvv4Ub9Kt55vpgHWcFNiSXPFtyzcpZrOWE=;
        b=KPMW/XATfXdTqocwjqsVbpwqQRx16DEHxEkrQN36yPkVC9dEhuUWa29boYBwXNOPAd
         /iyIrhys19E6NXbELWkG8uksqZjOc2aBB5qrMF06UApMLW9ijEzc3G0EJ2a59xyJnLGk
         dTYIfFTElRlxuLtOBQ0kre1vUW8psHEQyq1Me6tt++GSOYzDQQ23aaPxelsa/UqhTuca
         9Uy8SfK6DiTOvSnU8SmWK7WM6yL9hCqmQOpLN//XJdQQq5aUc/FgndOKvZi2x3W3dPuv
         FG/u2zPw6n1gRfNKOVrSb5s1k5Fo7V3HEKjdyhtrEd40tbYDf0JhUpCKt6Vg6WowK4bv
         1eKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002217; x=1703607017;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=LPxl73yp8gvv4Ub9Kt55vpgHWcFNiSXPFtyzcpZrOWE=;
        b=Dlha//brM1rwx0lOKml+uYsGv4RDPN3jWPcjdq5GSsg4zJUVj7s15r2363WDcgRpFj
         c/ZLL8Hh63ahVa3R4xmhybocPlelFq17E8WiM9Dl2/ZrPHI0JQFj8G8UXZw+7hWtvxaV
         bbp8oaONQ1Bas6zgD0yviARZ0a9HvJPnoAi24u3/5EUpoF99YSYKt7D/FEzGSSo65A8m
         tfEydXQi6W7VZGS6fFE1abZwuKyTfLOksEjLUXKXVk4Z5+CTd/cbM7IwvrNDwWTNkCtv
         iQ2srbZkmI017JugJrHu6s1cD/pNsPqz5b9wUy+V9xZzFxh1F6VP5CP56GBiU5A/o/XE
         y+2w==
X-Gm-Message-State: AOJu0YwSJmgUYoOcb+rtaw56iUZXxcXJTfujYBTSr1QvGcwCqM1krEsW
	FGQjRmVii198rJRMOAZy21nX6hL7blE=
X-Google-Smtp-Source: 
 AGHT+IGl2oGGKgaoQ/l1e/U1l/TgKaGjugLcyrpZqNbDL++5s8T0oFwyWld6ZcUwcTZ82d5nWMXIRA==
X-Received: by 2002:a17:906:b30d:b0:a23:5758:bc3e with SMTP id
 n13-20020a170906b30d00b00a235758bc3emr1570040ejz.96.1703002217293;
        Tue, 19 Dec 2023 08:10:17 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.16
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:16 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 08/11] libselinux: support huge passwd/group entries
Date: Tue, 19 Dec 2023 17:09:30 +0100
Message-ID: <20231219160943.334370-8-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

getpwnam_r(3) and getgrnam_r(3) might return ERANGE in case the supplied
buffer was too short for the passwd/group entry.  Retry with a bigger
buffer.

Also use a fallback buffer size in case the libc returns -1 for
sysconf(3) of _SC_GETPW_R_SIZE_MAX or _SC_GETGR_R_SIZE_MAX, like musl.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/seusers.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
index e5cfd510..16d69347 100644
--- a/libselinux/src/seusers.c
+++ b/libselinux/src/seusers.c
@@ -6,6 +6,8 @@
 #include <stdio_ext.h>
 #include <ctype.h>
 #include <errno.h>
+#include <limits.h>
+
 #include <selinux/selinux.h>
 #include <selinux/context.h>
 
@@ -99,15 +101,30 @@ static gid_t get_default_gid(const char *name) {
 	struct passwd pwstorage, *pwent = NULL;
 	gid_t gid = -1;
 	/* Allocate space for the getpwnam_r buffer */
+	char *rbuf = NULL;
 	long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-	if (rbuflen <= 0) return -1;
-	char *rbuf = malloc(rbuflen);
-	if (rbuf == NULL) return -1;
+	if (rbuflen <= 0)
+		rbuflen = 1024;
+
+	for (;;) {
+		int rc;
+
+		rbuf = malloc(rbuflen);
+		if (rbuf == NULL)
+			break;
 
-	int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
-	if (retval == 0 && pwent) {
-		gid = pwent->pw_gid;
+		rc = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+		if (rc == ERANGE && rbuflen < LONG_MAX / 2) {
+			free(rbuf);
+			rbuflen *= 2;
+			continue;
+		}
+		if (rc == 0 && pwent)
+			gid = pwent->pw_gid;
+
+		break;
 	}
+
 	free(rbuf);
 	return gid;
 }
@@ -120,7 +137,7 @@ static int check_group(const char *group, const char *name, const gid_t gid) {
 
 	long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
 	if (rbuflen <= 0)
-		return 0;
+		rbuflen = 1024;
 	char *rbuf;
 
 	while(1) {
@@ -129,7 +146,7 @@ static int check_group(const char *group, const char *name, const gid_t gid) {
 			return 0;
 		int retval = getgrnam_r(group, &gbuf, rbuf, 
 				rbuflen, &grent);
-		if ( retval == ERANGE )
+		if (retval == ERANGE && rbuflen < LONG_MAX / 2)
 		{
 			free(rbuf);
 			rbuflen = rbuflen * 2;

From patchwork Tue Dec 19 16:09:31 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498461
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com
 [209.85.128.51])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 395281D140
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="lkgtont5"
Received: by mail-wm1-f51.google.com with SMTP id
 5b1f17b1804b1-40c3ca9472dso54441245e9.2
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002218; x=1703607018;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Ju/EHCOgf62rYkQ9q4QUVPKPjhub7kQBsmANpqcaJb4=;
        b=lkgtont5XxqI1J021zcR4I2D5wm9lxHlNnAyifY50UBzZaHWEvR5Gg6LdgC0Ksnhb6
         NcUcB1PbqG3rXEbRtwuheiqrQ/uS0NxprAU88sORnHo8zaosF8CkUg5yiim0ql6MjWXl
         5kRg5zzBWzyYvzS++5xZO2TzRoqXjJoF93akZhaY9u90KMHDWnrVywmf/geJvUJif8g8
         IElv/yelpL6tOY/dwSIrud0HY5whdyCDPJlZXoBzd6Sb+RsgoPbbBfKnVGPrKvb2+F7S
         yQdSpHwQboSQvSblx59Tfcq3OUrnkphziTcOiPEQetrK4/ZDoD9xmDqnJp3EQT2hmDjj
         U8qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002218; x=1703607018;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Ju/EHCOgf62rYkQ9q4QUVPKPjhub7kQBsmANpqcaJb4=;
        b=G4twudRgEhIU83ttUHReOS7emcge43pVBziAo8RcH3urCJtELr0EjKXs+7u1wE/6xG
         W9YdyJo5v5V2SLQANDPwVGR4dgU0uLsUOdmwjsbKcNa53qNgZ2Gd+oG4u6lWkULL3cpN
         nDhS9VET4KYJ1k/8HhPL74Pb8E8G4TWVb5EcLprYalwLb2/S8CMy34tapb1ZbND5jXRj
         JWQdMmJIkUQys8JNML2SEBIt9G9tDs8MSpZVKWESwHMeJY9JZ7CWJL3SlCVA6VJmyYLi
         NXRvrrWwsxTc73jmbGzmUc4Ig8/4klbP0FrFOFJ9soFcrwTAItbeISVY9ha9iddE5HiT
         CtWw==
X-Gm-Message-State: AOJu0YwpmhsUW48Hsthvb25bA+6pWA96E7z4ObDz1aKHDy1k9FYi0u8o
	RW9cR/+QSnAJrAbu0EoNLkTvqVIwWno=
X-Google-Smtp-Source: 
 AGHT+IGX39+if41AsFuPa3p0OUAvBPkYqPrBmbnlfdjBuQdi+8tfxjv8S7EA6okFkKZS/acommfIpA==
X-Received: by 2002:a05:600c:378d:b0:40b:3f72:de79 with SMTP id
 o13-20020a05600c378d00b0040b3f72de79mr6806041wmr.5.1703002218235;
        Tue, 19 Dec 2023 08:10:18 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.17
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:17 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 09/11] libsemanage: support huge passwd entries
Date: Tue, 19 Dec 2023 17:09:31 +0100
Message-ID: <20231219160943.334370-9-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

getpwnam_r(3) might return ERANGE in case the supplied buffer was too
short for the passwd entry.  Retry with a bigger buffer.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsemanage/src/genhomedircon.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index 66585987..ecb34fc7 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -985,9 +985,6 @@ static int add_user(genhomedircon_settings_t * s,
 		rbuflen = 1024;
 	else if (rbuflen <= 0)
 		goto cleanup;
-	rbuf = malloc(rbuflen);
-	if (rbuf == NULL)
-		goto cleanup;
 
 	if (user) {
 		prefix = semanage_user_get_prefix(user);
@@ -1005,7 +1002,17 @@ static int add_user(genhomedircon_settings_t * s,
 		homedir_role = prefix;
 	}
 
+retry:
+	rbuf = malloc(rbuflen);
+	if (rbuf == NULL)
+		goto cleanup;
+
 	retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+	if (retval == ERANGE && rbuflen < LONG_MAX / 2) {
+		free(rbuf);
+		rbuflen *= 2;
+		goto retry;
+	}
 	if (retval != 0 || pwent == NULL) {
 		if (retval != 0 && retval != ENOENT) {
 			goto cleanup;

From patchwork Tue Dec 19 16:09:32 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498462
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com
 [209.85.167.45])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 052921D548
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="eCSEADX2"
Received: by mail-lf1-f45.google.com with SMTP id
 2adb3069b0e04-50e23a4df33so4889326e87.2
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002219; x=1703607019;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=5/m8IMvq/snFxkoQogejsaFXSTRjzN8V96JGaHPR9tc=;
        b=eCSEADX2NzPAbYZ7AvROAi9xL5Bi8f/A9dCUQX2EMBeFfdGeQE0DDvAPTVNetqBR85
         /mnnbe9B4a49s2bYdOz6UEN7uFG+xRKc9Lb3S2BemY4vwS/rnptP6bAwJTV13LP5ZQ34
         Fwx0fi+HX71t98wNWLiDGlEQAnutLjlI/PczRApkC58P5AzRFqWYkJTV21vlrqsq0t5p
         b/2QtRD15O3tHoaLiHXQ6XLoTAed9ry5EVNZw3dPjK+XV9yOzSecmF7hFf5ywFbgIWr2
         lJpShIUmTD67+E7n7wPPYhbO+JOLQX/wDa1IYGH4a4YKLC3HjANU3329kl6nBksVYb3H
         1NKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002219; x=1703607019;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=5/m8IMvq/snFxkoQogejsaFXSTRjzN8V96JGaHPR9tc=;
        b=V+Q3oSam6Kpxwsg86UE1otfI/pOKvc9DuSwoBGB6ZVTYv9f1aFtGDerDuxBJkur/1G
         SjIBYh//tQfxmKqy2scmKkHX88bygQ5GH0gp6NBvBJFmDbTXMmO9a8GxGy98JKC/Ux0p
         xlmd2tBX6CnDxDQdS8vqK9xAljXu/B9cB83vPblallGAE0RKW/Lcrry2letLeRD900yY
         aWmHuAClwJPSfxw2+rucx8sIlOMmwHkG2YBMNEqUEdWWpZ0txOJM631/x4HA51Jw3mIy
         RBj80nFVsEpKSVVfwcbo8GFAGGDbmzWlw5LjbV8b/jvAFHkyQYlQ2WDpSZRa6l5h7+2r
         WnsA==
X-Gm-Message-State: AOJu0Yx8Rd+5GKGIySp1Kyqai1NtOHpFYujpGSpQLWOV3Id+IozN6zhK
	0N39oHwhBST9T5yLXsNb5H27oSJSw8I=
X-Google-Smtp-Source: 
 AGHT+IGrBJ7mGx/gun45lGAN6KJCQqPEhIMvNyhPLdD1fQW72n6aewqTuAYoHS32XpFu6gywYtKN3g==
X-Received: by 2002:a05:6512:2312:b0:50b:f6d2:8569 with SMTP id
 o18-20020a056512231200b0050bf6d28569mr10583728lfu.129.1703002218804;
        Tue, 19 Dec 2023 08:10:18 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.18
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:18 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 10/11] libselinux: enable usage with pedantic UB sanitizers
Date: Tue, 19 Dec 2023 17:09:32 +0100
Message-ID: <20231219160943.334370-10-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

Clang's undefined behavior sanitizer supports checking for unsigned
integer overflow and underflow, and implicit conversions.  While those
operations are well-defined by the C language they can signal logic
mistakes or processing of unchecked user input.

Annotate functions deliberately making use of integer overflow and adopt
the remaining code sites.

Example reports:

    stringrep.c:348:7: runtime error: left shift of 2147483648 by 1 places cannot be represented in type 'access_vector_t' (aka 'unsigned int')
    seusers.c:98:14: runtime error: implicit conversion from type 'int' of value -1 (32-bit, signed) to type 'gid_t' (aka 'unsigned int') changed the value to 4294967295 (32-bit, unsigned)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/avc.c                    |  4 +++-
 libselinux/src/avc_sidtab.c             |  1 +
 libselinux/src/label.c                  |  7 +++++--
 libselinux/src/label_backends_android.c |  4 +++-
 libselinux/src/label_db.c               |  3 ++-
 libselinux/src/label_file.c             |  6 ++++--
 libselinux/src/label_media.c            |  4 +++-
 libselinux/src/label_x.c                |  4 +++-
 libselinux/src/selinux_internal.h       | 11 +++++++++++
 libselinux/src/seusers.c                |  2 +-
 libselinux/src/sha1.c                   |  3 +++
 libselinux/src/stringrep.c              |  4 +++-
 12 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
index 5e1c036e..ce87ac16 100644
--- a/libselinux/src/avc.c
+++ b/libselinux/src/avc.c
@@ -229,13 +229,15 @@ int avc_open(struct selinux_opt *opts, unsigned nopts)
 {
 	avc_setenforce = 0;
 
-	while (nopts--)
+	while (nopts) {
+		nopts--;
 		switch(opts[nopts].type) {
 		case AVC_OPT_SETENFORCE:
 			avc_setenforce = 1;
 			avc_enforcing = !!opts[nopts].value;
 			break;
 		}
+	}
 
 	return avc_init_internal("avc", NULL, NULL, NULL, NULL);
 }
diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
index e396a938..3303537b 100644
--- a/libselinux/src/avc_sidtab.c
+++ b/libselinux/src/avc_sidtab.c
@@ -13,6 +13,7 @@
 #include "avc_sidtab.h"
 #include "avc_internal.h"
 
+ignore_unsigned_overflow_
 static inline unsigned sidtab_hash(const char * key)
 {
 	unsigned int hash = 5381;
diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index 4a7c6e6d..d2e703ef 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -60,7 +60,8 @@ static inline struct selabel_digest *selabel_is_digest_set
 {
 	struct selabel_digest *digest = NULL;
 
-	while (n--) {
+	while (n) {
+		n--;
 		if (opts[n].type == SELABEL_OPT_DIGEST &&
 					    !!opts[n].value) {
 			digest = calloc(1, sizeof(*digest));
@@ -112,9 +113,11 @@ static void selabel_digest_fini(struct selabel_digest *ptr)
 static inline int selabel_is_validate_set(const struct selinux_opt *opts,
 					  unsigned n)
 {
-	while (n--)
+	while (n) {
+		n--;
 		if (opts[n].type == SELABEL_OPT_VALIDATE)
 			return !!opts[n].value;
+	}
 
 	return 0;
 }
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c
index 7ddacdbe..33a17236 100644
--- a/libselinux/src/label_backends_android.c
+++ b/libselinux/src/label_backends_android.c
@@ -152,7 +152,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 	struct stat sb;
 
 	/* Process arguments */
-	while (n--)
+	while (n) {
+		n--;
 		switch (opts[n].type) {
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
@@ -165,6 +166,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 			errno = EINVAL;
 			return -1;
 		}
+	}
 
 	if (!path)
 		return -1;
diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
index 2daf1770..2ff10b2f 100644
--- a/libselinux/src/label_db.c
+++ b/libselinux/src/label_db.c
@@ -263,7 +263,8 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
 	 *   the default one. If RDBMS is not SE-PostgreSQL, it may need to
 	 *   specify an explicit specfile for database objects.
 	 */
-	while (nopts--) {
+	while (nopts) {
+		nopts--;
 		switch (opts[nopts].type) {
 		case SELABEL_OPT_PATH:
 			path = opts[nopts].value;
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 315298b3..3b2bda97 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -68,7 +68,7 @@ static int find_stem_from_file(struct saved_data *data, const char *key)
 /*
  * hash calculation and key comparison of hash table
  */
-
+ignore_unsigned_overflow_
 static unsigned int symhash(hashtab_t h, const_hashtab_key_t key)
 {
 	const struct chkdups_key *k = (const struct chkdups_key *)key;
@@ -801,7 +801,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 	int status = -1, baseonly = 0;
 
 	/* Process arguments */
-	while (n--)
+	while (n) {
+		n--;
 		switch(opts[n].type) {
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
@@ -820,6 +821,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 			errno = EINVAL;
 			return -1;
 		}
+	}
 
 #if !defined(BUILD_HOST) && !defined(ANDROID)
 	char subs_file[PATH_MAX + 1];
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
index 4c987988..fad5ea6d 100644
--- a/libselinux/src/label_media.c
+++ b/libselinux/src/label_media.c
@@ -80,7 +80,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 	struct stat sb;
 
 	/* Process arguments */
-	while (n--)
+	while (n) {
+		n--;
 		switch(opts[n].type) {
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
@@ -93,6 +94,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 			errno = EINVAL;
 			return -1;
 		}
+}
 
 	/* Open the specification file. */
 	if (!path)
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
index f332dcb6..bf569ca5 100644
--- a/libselinux/src/label_x.c
+++ b/libselinux/src/label_x.c
@@ -107,7 +107,8 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 	struct stat sb;
 
 	/* Process arguments */
-	while (n--)
+	while (n) {
+		n--;
 		switch(opts[n].type) {
 		case SELABEL_OPT_PATH:
 			path = opts[n].value;
@@ -120,6 +121,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 			errno = EINVAL;
 			return -1;
 		}
+	}
 
 	/* Open the specification file. */
 	if (!path)
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index af69ff04..b134808e 100644
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@@ -102,4 +102,15 @@ size_t strlcpy(char *dest, const char *src, size_t size);
 void *reallocarray(void *ptr, size_t nmemb, size_t size);
 #endif
 
+/* Use to ignore intentional unsigned under- and overflows while running under UBSAN. */
+#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
+#if (__clang_major__ >= 12)
+#define ignore_unsigned_overflow_        __attribute__((no_sanitize("unsigned-integer-overflow", "unsigned-shift-base")))
+#else
+#define ignore_unsigned_overflow_        __attribute__((no_sanitize("unsigned-integer-overflow")))
+#endif
+#else
+#define ignore_unsigned_overflow_
+#endif
+
 #endif /* SELINUX_INTERNAL_H_ */
diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
index 16d69347..5a521f81 100644
--- a/libselinux/src/seusers.c
+++ b/libselinux/src/seusers.c
@@ -99,7 +99,7 @@ int require_seusers  = 0;
 
 static gid_t get_default_gid(const char *name) {
 	struct passwd pwstorage, *pwent = NULL;
-	gid_t gid = -1;
+	gid_t gid = (gid_t)-1;
 	/* Allocate space for the getpwnam_r buffer */
 	char *rbuf = NULL;
 	long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c
index 9d51e04a..452b0cc2 100644
--- a/libselinux/src/sha1.c
+++ b/libselinux/src/sha1.c
@@ -26,6 +26,8 @@
 #include "sha1.h"
 #include <memory.h>
 
+#include "selinux_internal.h"
+
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 //  TYPES
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -62,6 +64,7 @@ typedef union
 //
 //  Hash a single 512-bit block. This is the core of the algorithm
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+ignore_unsigned_overflow_
 static
 void
     TransformFunction
diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
index d2237d1c..1b460224 100644
--- a/libselinux/src/stringrep.c
+++ b/libselinux/src/stringrep.c
@@ -337,13 +337,15 @@ void print_access_vector(security_class_t tclass, access_vector_t av)
 
 	printf(" {");
 
-	while (av) {
+	for (;;) {
 		if (av & bit) {
 			permstr = security_av_perm_to_string(tclass, bit);
 			if (!permstr)
 				break;
 			printf(" %s", permstr);
 			av &= ~bit;
+			if (!av)
+				break;
 		}
 		bit <<= 1;
 	}

From patchwork Tue Dec 19 16:09:33 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 13498463
X-Patchwork-Delegate: plautrba@redhat.com
Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com
 [209.85.218.48])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C037C1D149
	for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 16:10:21 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=googlemail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com
 header.b="JfT661s5"
Received: by mail-ej1-f48.google.com with SMTP id
 a640c23a62f3a-a2331e7058aso403048066b.2
        for <selinux@vger.kernel.org>; Tue, 19 Dec 2023 08:10:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20230601; t=1703002220; x=1703607020;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=eLHxr4+k/B+HgYe4zAioi/ys6kENMAzYaMpw+VYSu0U=;
        b=JfT661s5Ojz7cyLfwxju2roT/JLvIhqczA9optBH2QQxN9ANUWXXtlMjZB8EQnP1ng
         /cAX2biV/RbHkmvdFPsBNYCvQgePWo/MSBxd96+8Ju9boCcOWD6+tcCJoo/86s+6ss+n
         6Lq8BmUayg1k2QDFZeyAayDKDjQvVajj2QN9VJTvC8AqSWX+dYQ5RNNPtE2p+Y8/dX/F
         uLTxtl4o80Dcf6Zdy/7HDo7s/LA738uooGzAzniOWkaEXLu2JrLdC1YoafcaDv75bhv2
         8eM8j+xU/O2adV2JZ4v4cnys1NwBe4jy7agFxjZPKmMqfb94TG2K/4ZRGSy0Cw7uSqKq
         Nr6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1703002220; x=1703607020;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=eLHxr4+k/B+HgYe4zAioi/ys6kENMAzYaMpw+VYSu0U=;
        b=OFL7iqbiSr9KzFmDeghMWFJM5Dm4/IWYdWg5NmuT0GV977bCzARLLQ3RFfdJyEmFCl
         Jvl7KgE/pSDqFFLvt7n9ofqu1JVMzlqsELl7e1FxDYw4vEhyWvUB1P9mrWcI5sMIPLKY
         DcvyimBWKY3KqRwSpqXJX6LwQ3Agn4+cCHdjDuRSzGfXw9dOOQfYg7BA0awyB+U47hoD
         Bm420w8PX+B2DiVEbvPKt8gR9xk66nRcBOJuPz3eJo3tpY709LEQkJk9cKH+ywZy94FY
         LhANavz76edmx+4KRkvwhTOs0R+asrwQH57g26j4gl5V/6/MN/VIdVew0BKs70LBZxoK
         ehJw==
X-Gm-Message-State: AOJu0Yy07PjQFK8l90/QV1PYUEw4j88bxc294rmgw+xFJvnE5woSZXqk
	MhgZpR2YbQ8yHBVxtzzMDIIFw7aKbzc=
X-Google-Smtp-Source: 
 AGHT+IGfnJ+R+jaDJG+sHnSQ0YNKZlo9Lnd9VpWx0jjejJR1NTp6KO8Cg2vhlRyEU9jaWBLXvNM/VA==
X-Received: by 2002:a17:906:e8e:b0:a23:5599:2a20 with SMTP id
 p14-20020a1709060e8e00b00a2355992a20mr858840ejf.85.1703002219906;
        Tue, 19 Dec 2023 08:10:19 -0800 (PST)
Received: from debian_development.DebianHome
 (dynamic-077-010-185-155.77.10.pool.telefonica.de. [77.10.185.155])
        by smtp.gmail.com with ESMTPSA id
 v19-20020a170906489300b00a236378a43fsm1936621ejq.62.2023.12.19.08.10.18
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Dec 2023 08:10:19 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 11/11] setfiles: avoid unsigned integer underflow
Date: Tue, 19 Dec 2023 17:09:33 +0100
Message-ID: <20231219160943.334370-11-cgzones@googlemail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231219160943.334370-1-cgzones@googlemail.com>
References: <20231219160943.334370-1-cgzones@googlemail.com>
Precedence: bulk
X-Mailing-List: selinux@vger.kernel.org
List-Id: <selinux.vger.kernel.org>
List-Subscribe: <mailto:selinux+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux+unsubscribe@vger.kernel.org>
MIME-Version: 1.0

While well-defined unsigned integer underflow might signal a logic
mistake or processing of unchecked user input.  Please Clang's undefined
behavior sanitizer:

    restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long'

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 policycoreutils/setfiles/restore.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 6131f46a..d045e948 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -77,8 +77,8 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
 		 long unsigned *skipped_errors)
 {
 	glob_t globbuf;
-	size_t i = 0;
-	int len, rc, errors;
+	size_t i, len;
+	int rc, errors;
 
 	memset(&globbuf, 0, sizeof(globbuf));
 
@@ -88,10 +88,10 @@ int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
 		return errors;
 
 	for (i = 0; i < globbuf.gl_pathc; i++) {
-		len = strlen(globbuf.gl_pathv[i]) - 2;
-		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+		len = strlen(globbuf.gl_pathv[i]);
+		if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0)
 			continue;
-		if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+		if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0)
 			continue;
 		rc = selinux_restorecon_parallel(globbuf.gl_pathv[i],
 						 opts->restorecon_flags,