From patchwork Wed Jan 15 13:13:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13940430 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4CB32416AF for ; Wed, 15 Jan 2025 13:13:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946821; cv=none; b=SLNR5CHCZInqHCp+krUzFf/cEdSaNJhQmLWrorp+ZqrXHfB9h7Skiznk20e296mjCioKE5YJfCNySELeAZP8ooaFyQqZQtnZfiZlfczcotyE2fExcK7PtOcwEaFLwToJSccMuiZJYcwbk4zHpD69/bUG/BDJA7q3DAJYivbbyWk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946821; c=relaxed/simple; bh=iyixNWBydYdvp330mftH/LYLHaZf5D2eBIxjhEE1ro0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=k38z0hMa5Dx9oqnkFU/BfgpiswitlGY/Lj4WBLAo9KhKkzMHSZ3R0VKV7UO6EnMP0CmwL/AwZgKLQs4iMpT/DDmgWl5FhHt1P5SWpIdUgxZ4v1C4CkZ0cjNIN91JjcArydqvFnK6bvdoUbik8EyWehBXnGTOqE4y8IKdeDxs4VI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=W5xrn09P; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="W5xrn09P" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736946816; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3lNHOagk1m7tA1z4To+jxHEgYaVZcYonCgFX5zlmE5Q=; b=W5xrn09P0nsvxhQCFvLTP+0a/1rBt+0Lm9d9AqC+cgW8H18MaLEDfIwKVqyGMl+zCeXkpv emXE5BWg6VSKtwiabr8xF8v2YXayH7jr4yGH6AsVUIJo+kMvIrMCrYQ+8E9kmFpcEvoiJ2 9GRA5aDM367fW+cbJSo2uKqcZdxjyA0yYCkCAqB4HRS8GVAoOXSK0C15pO/I2ELifEwz2m qtA1ik9LW59dR0KpwoMroBIy6ioVDOSVFDAB7jw9GIrX1Vq+YGZxAJBcHkBFcQO77T9KRC HIZAA/kLT7l/MYIUrJNzjETJHt9bHEOEbB6beetdigKWWoDg55QdKVmJXLWOvg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 1/5] libselinux: set errno in failure case Date: Wed, 15 Jan 2025 14:13:29 +0100 Message-ID: <20250115131329.132477-5-cgoettsche@seltendoof.de> In-Reply-To: <20250115131329.132477-1-cgoettsche@seltendoof.de> References: <20250115131329.132477-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche In case an entry read from a textual fcontext definition is too long set errno and the error string accordingly. Fixes: 92306daf ("libselinux: rework selabel_file(5) database") Reported-by: oss-fuzz (issue 389974971) Signed-off-by: Christian Göttsche --- libselinux/src/label_support.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c index 978ba828..57e191c8 100644 --- a/libselinux/src/label_support.c +++ b/libselinux/src/label_support.c @@ -45,8 +45,11 @@ static inline int read_spec_entry(char **entry, const char **ptr, size_t *len, c } if (*len) { - if (*len >= UINT16_MAX) + if (*len >= UINT16_MAX) { + errno = EINVAL; + *errbuf = "Spec entry too long"; return -1; + } *entry = strndup(tmp_buf, *len); if (!*entry) From patchwork Wed Jan 15 13:13:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13940428 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5757241695 for ; Wed, 15 Jan 2025 13:13:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946820; cv=none; b=XXzDwG+fUKZjL6g1T9iqIFzMGoXy40/O8+fm6vMiE3YWS0bGLF1p36YSncTodWjlU4Wluv0OHhNMNPq/Yma/zgIEZj//TAUZjQnTEHZCpBB4PP+sQM+s47GLSvaq9IWBdx/y2LvKoYSu+0IqVO8cjzpTJJSAxsPNUFDsaHCI4ek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946820; c=relaxed/simple; bh=48doFwpjJXZ5ReL9IxgUXtgg5QQEBKxewr6FwUOpxdQ=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=Y0uYCfhJx5H8vtOkJccbn6UqSgOBU7viyXllK0uXoHGkKLuVyorcXuJgJZBJQ3hEYt0lrR5I0GpObNk6vbrN3S8sfFg5GNOj4RL7ACYsKCtnoIoV+RyDTMFITDQrIHjoJLwpM7FthwTdoRukQm+lQ4QtSiZI/4yzSu3Dno2XwgY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=EwSTbuWW; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="EwSTbuWW" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736946815; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qyx8cDinf4yn9RtHdGDtH8Ho7N63LupWZsVSXMKYXH8=; b=EwSTbuWWWL2oapSkUmQuik+vHSR6/n/M4hz363rLEOigqLlbpz4Hd7dZpMPVe7voZqJMeN w2ecd+XxZLyckt9fDtyshSNBGsLqSIawupd2BLfzxMQCQW8FRVCU1Ih0mG8PnAgy+zAFtG Z7/uAKZ+qe2wdOsqdnle0ikYbxvqy+3CH0y++Wo8GL7aJLZJyDQ7nSjDtY5bcOVvyVK1fj 7KtPmbFlIVqMKumG3FlZy6TgDksdfLbuflYvM2de2CNrIho/ZaFPC4huvdE1T+7mDG9yTp WaqV0c7EbnSBClNITIOnod24IO7yzBlrQKUZKFvqESOnFN3sIVp+n8DeHTlIjg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 2/5] checkpolicy: check identifier before copying Date: Wed, 15 Jan 2025 14:13:25 +0100 Message-ID: <20250115131329.132477-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Avoid calling strdup(3) with a NULL pointer, which can happen with an invalid policy context, e.g.: class C sid S class C { P } ; user U roles j; sid S s:l:q:q:q Fixes: 6f2b689f ("checkpolicy: Fix MLS users in optional blocks") Reported-by: oss-fuzz (issue 390004173) Signed-off-by: Christian Göttsche --- checkpolicy/policy_define.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 2f811b67..96a481f7 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -4437,6 +4437,7 @@ static int parse_semantic_categories(char *id, level_datum_t * levdatum __attrib int define_user(void) { + const char *username; char *id; user_datum_t *usrdatum, *usr_global; level_datum_t *levdatum; @@ -4463,7 +4464,13 @@ int define_user(void) return 0; } - id = strdup(queue_head(id_queue)); + username = queue_head(id_queue); + if (!username) { + yyerror("no user name"); + return -1; + } + + id = strdup(username); if ((usrdatum = declare_user()) == NULL) { free(id); From patchwork Wed Jan 15 13:13:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13940432 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B57BA24169F for ; Wed, 15 Jan 2025 13:13:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946822; cv=none; b=SPY81PENmLBc73QjKcx7pC3dbCZ6JkSnpX4WM9PaR8ILeCE9SanR7QdnVgsNT6n4DoH9Bp/yXiO89rcig9I7p+rl3zp/1BzqG2LWx7p17uEk766UaxHJ9KdfzeobhXD79vEq5biLZbZiXMFdGeZKlaO+nw+FKDtOquLBE5jONaE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946822; c=relaxed/simple; bh=iLw2zhzYaMGCbfepMz1FoJd3lwW9GbQHi125y+fEiB4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ni4d+Zgq0KzTyRsDZZQMsz6tplRlsdGj1C4DDFTgOp3zE+m+pCkE1Ldt6snxsoL2Wb0tV55wv3EfeTUcIvcSEz/I/OftqV4eN3ul6wfnBWFiAL3cwTT8ijqiB6fU3CF0gfDdfeXKbNm14DV7A08KANxzNt68yNcT+ohsvqUj7ng= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=MqLwD4xs; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="MqLwD4xs" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736946815; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XithOf6M7STv6wMNF7emnD1al7QNo1xxyJumX8nUISY=; b=MqLwD4xsY3CE+GV6NeriWyNipVDDSsnClY7wqyrHJpwYzYZtMpP3Hf8zQSwigfGQ6lQl50 CHF4PlCfjALFlC6vhD04+vtvtV1rDatzlp+effOQRsUs+Fv4Q5Yef72OfTt3BT/w3jMuyp 1o0nxlVYcqR29+Ds0nN3j53MK51HhTq+IdQ1kr0odo+xiA3AodUx96NZiB36yss0GKpWTs RnGWfK4VyQsc3MYiFlZrGrv0CwjmPyb4FOrwDOAkj9C4K9bFYhIHk6fG4D0X129kRDJOFq BR5x5KB88uPz+kanDk/4skztW7N6AsfiNU2PTPeMGOU2SUbLJVSq/31+VdRh7g== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 3/5] checkpolicy: remove unneeded queue_head() Date: Wed, 15 Jan 2025 14:13:26 +0100 Message-ID: <20250115131329.132477-2-cgoettsche@seltendoof.de> In-Reply-To: <20250115131329.132477-1-cgoettsche@seltendoof.de> References: <20250115131329.132477-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Just check the value of the subsequent queue_remove() call. Signed-off-by: Christian Göttsche --- checkpolicy/policy_define.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 96a481f7..275ef5fe 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -4686,14 +4686,13 @@ static int parse_security_context(context_struct_t * c) if (mlspol) { /* extract the low sensitivity */ - id = (char *)queue_head(id_queue); + id = (char *)queue_remove(id_queue); if (!id) { yyerror("no sensitivity name for sid context" " definition?"); return -1; } - id = (char *)queue_remove(id_queue); for (l = 0; l < 2; l++) { levdatum = (level_datum_t *) hashtab_search(policydbp->p_levels.table, From patchwork Wed Jan 15 13:13:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13940429 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B56E822FDE9 for ; Wed, 15 Jan 2025 13:13:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946821; cv=none; b=CKLdWZH3l7jlwICpacRda87H0kY7RnubnUSyJb3eldIpMHg2YJrjaQphEm5UEjWgsLGS0MO8/G8EQ0rUW/My5WFPkKDiOGsi0w3oHOSrkcmxLwwz3TY8s1vMkiUDcX+mSZJ6wSb+h8TJKsSX2MIsXqoB2rAqF6589bI2vziEW94= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946821; c=relaxed/simple; bh=msUnJofL5TIYQWzWqHulrkf9ajd4L74ldEN9U2j7CfQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UDn2xTPlMsr9XAITai0RE2HGW748LSgyq6/2xFOARlLKcy9/FPBRDW9pNyPeUhvscJQ6Mz/2cbd3Y3jTtWKhzYuK2SLf7+bY3SSeDIm1g1XZ/ErEOjRBVvXVySaA75QbtOVdVg4y/ZdjnKWyVerZcKtG3fD+IqBlKiBoktxM7f0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=B2z4Mo22; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="B2z4Mo22" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736946815; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OiyOVG3+LJozwyZY6mYExEqeEsI9QvK6gcZnqAPKZNs=; b=B2z4Mo22bh+ym9xfEqakLTIx1lqpd8PSz9DG/Y/K9A5FhN43bdt8O90CTXhhh3ZrIfZeNY LOQTuc5iOLTWiu94p4xkS9exzVaafIKxRczGZ4fbI3Kv7B5PsHTVlq14rcBGSzb98qQqR1 d140bWhG8IUOn8sszO5x1zFHtgzlhMAatIgnrj6aZJXmIsxx+bcVWjs/goQxgLZ2smTQpx lYtFA+NReOWmyepNE+XbNhTgo+t6KreUitJUL5ghYbpdGb/fpHxz4YXvTdic+0c1fOdlBx VGvDrLQmcWkd1ZOQAa/PR06A/7n4o/PwdRVdF5O6PCfWJadyVS2bZMsnlxrefw== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 4/5] checkpolicy: do not consume unmatched identifiers Date: Wed, 15 Jan 2025 14:13:27 +0100 Message-ID: <20250115131329.132477-3-cgoettsche@seltendoof.de> In-Reply-To: <20250115131329.132477-1-cgoettsche@seltendoof.de> References: <20250115131329.132477-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Avoid consuming identifiers during pass 1 in functions that do not parse them during pass 2. This currently works due to the subsequent parse_security_context(NULL) call. Signed-off-by: Christian Göttsche --- checkpolicy/policy_define.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 275ef5fe..a056be67 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -4850,7 +4850,6 @@ int define_fs_context(unsigned int major, unsigned int minor) int define_pirq_context(unsigned int pirq) { ocontext_t *newc, *c, *l, *head; - char *id; if (policydbp->target_platform != SEPOL_TARGET_XEN) { yyerror("pirqcon not supported for target"); @@ -4858,8 +4857,6 @@ int define_pirq_context(unsigned int pirq) } if (pass == 1) { - id = (char *) queue_remove(id_queue); - free(id); parse_security_context(NULL); return 0; } @@ -4904,7 +4901,6 @@ bad: int define_iomem_context(uint64_t low, uint64_t high) { ocontext_t *newc, *c, *l, *head; - char *id; if (policydbp->target_platform != SEPOL_TARGET_XEN) { yyerror("iomemcon not supported for target"); @@ -4912,8 +4908,6 @@ int define_iomem_context(uint64_t low, uint64_t high) } if (pass == 1) { - id = (char *)queue_remove(id_queue); - free(id); parse_security_context(NULL); return 0; } @@ -4968,7 +4962,6 @@ bad: int define_ioport_context(unsigned long low, unsigned long high) { ocontext_t *newc, *c, *l, *head; - char *id; if (policydbp->target_platform != SEPOL_TARGET_XEN) { yyerror("ioportcon not supported for target"); @@ -4976,8 +4969,6 @@ int define_ioport_context(unsigned long low, unsigned long high) } if (pass == 1) { - id = (char *)queue_remove(id_queue); - free(id); parse_security_context(NULL); return 0; } @@ -5032,7 +5023,6 @@ bad: int define_pcidevice_context(unsigned long device) { ocontext_t *newc, *c, *l, *head; - char *id; if (policydbp->target_platform != SEPOL_TARGET_XEN) { yyerror("pcidevicecon not supported for target"); @@ -5040,8 +5030,6 @@ int define_pcidevice_context(unsigned long device) } if (pass == 1) { - id = (char *) queue_remove(id_queue); - free(id); parse_security_context(NULL); return 0; } @@ -5845,7 +5833,6 @@ int define_ipv6_cidr_node_context(void) } if (pass == 1) { - free(queue_remove(id_queue)); free(queue_remove(id_queue)); parse_security_context(NULL); return 0; From patchwork Wed Jan 15 13:13:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13940431 X-Patchwork-Delegate: plautrba@redhat.com Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C4C492416AE for ; Wed, 15 Jan 2025 13:13:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946821; cv=none; b=s7DR96LDzl/kkr0dPoK/Hyw9MVhFikgqX9V2cMKe04i2BfzbPAg4w+StYmR/s+cw3v4pUKGzt1nvoQMidYIawEvodSSI2t7PICRXFGtKIvYhLDFE6j2nokZgrDG3oqUliGBFrm5i1S0Th6Nq1M8UZV0AZ4Gkch4iokSuLKVVq+o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736946821; c=relaxed/simple; bh=pvvewE+O0uECaS/SVbwNUfvWHoraA494b6CI4/GAAIA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=V3cDdQTWH4WfF2lzNsI0FcHSs3Px+N/KynzdxtYI7GbbfjJZybmX5yiiHfdcOp42GRplLZJu5cblY1TasT5On6qBVwnSrAJvZ2wEboPBsyn1TBr1w3t+Uo+3WevIKB/JUt4YA4EUqsAKSwd0//uncEi851bipFYJRi2zoLCh5dU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=LGQg2/x7; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="LGQg2/x7" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1736946816; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cwvtGdi2JhJ706oIthhyGO1SJmCQ877EDc3IT2Voiuk=; b=LGQg2/x73ZxYbo/GfaPR3QnYxepwimdp3Jzx46+WKZ3PPPgedM8z2gUJy8iNti476G47X6 EGAUZfDYi/Uzt+CymzQcipGguktL7NFXSwArj3/JeueSCA+sOUml7olEVGhsySYgqPxZpV IL6F8xVJcGfd48K1tHmitLLYwXtOhsvO/oM81tk6Hb2ulO/ts2x0jVFGhBM42NEDDHBEaE RcCiSS6rlHthSvnH+7bXbIl9rL9BSV3tgX2TI8dOWdSU4Cc0GpRxuIVTqbeU52tiUC2b3g 7dRrlV7bVq8FBvqDo6lkDPTmCIqauQmOMMrW8xmCBM6SkriF6aIc5P6zykWEeA== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH 5/5] checkpolicy: clear queue between parser passes Date: Wed, 15 Jan 2025 14:13:28 +0100 Message-ID: <20250115131329.132477-4-cgoettsche@seltendoof.de> In-Reply-To: <20250115131329.132477-1-cgoettsche@seltendoof.de> References: <20250115131329.132477-1-cgoettsche@seltendoof.de> Reply-To: cgzones@googlemail.com Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Clear the identifier queue after pass 1 to void unhandled identifiers from pass 1 leaking into pass 2 and leading to confusing error messages. For example for the following policy the error changes from 'no user name' to 'unknown role j': class C sid S class C { P } ; user U roles j; sid S s:l:q:q:q While on it call set_source_file() from init_parser(). Signed-off-by: Christian Göttsche --- checkpolicy/fuzz/checkpolicy-fuzzer.c | 10 +++------- checkpolicy/parse_util.c | 9 +++------ checkpolicy/policy_define.c | 7 +++++-- checkpolicy/queue.c | 18 ++++++++++++++++++ checkpolicy/queue.h | 1 + 5 files changed, 30 insertions(+), 15 deletions(-) diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c index 331201c0..c99ef412 100644 --- a/checkpolicy/fuzz/checkpolicy-fuzzer.c +++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c @@ -25,11 +25,10 @@ extern unsigned int policydb_errors; extern int yynerrs; extern FILE *yyin; -extern void init_parser(int); +extern void init_parser(int pass, const char *input_name); extern int yyparse(void); extern void yyrestart(FILE *); extern int yylex_destroy(void); -extern void set_source_file(const char *name); jmp_buf fuzzing_pre_parse_stack_state; @@ -87,8 +86,6 @@ static int read_source_policy(policydb_t *p, const uint8_t *data, size_t size) rewind(yyin); - set_source_file("fuzz-input"); - id_queue = queue_create(); if (id_queue == NULL) { fclose(yyin); @@ -99,7 +96,7 @@ static int read_source_policy(policydb_t *p, const uint8_t *data, size_t size) policydbp = p; mlspol = p->mls; - init_parser(1); + init_parser(1, "fuzz-input-1"); if (setjmp(fuzzing_pre_parse_stack_state) != 0) { queue_destroy(id_queue); @@ -119,8 +116,7 @@ static int read_source_policy(policydb_t *p, const uint8_t *data, size_t size) } rewind(yyin); - init_parser(2); - set_source_file("fuzz-input"); + init_parser(2, "fuzz-input-2"); yyrestart(yyin); rc = yyparse(); diff --git a/checkpolicy/parse_util.c b/checkpolicy/parse_util.c index eda814e1..389c9ff3 100644 --- a/checkpolicy/parse_util.c +++ b/checkpolicy/parse_util.c @@ -23,7 +23,7 @@ /* these are defined in policy_parse.y and are needed for read_source_policy */ extern FILE *yyin; -extern void init_parser(int); +extern void init_parser(int pass, const char *input_name); extern int yyparse(void); extern void yyrestart(FILE *); extern int yylex_destroy(void); @@ -31,7 +31,6 @@ extern queue_t id_queue; extern unsigned int policydb_errors; extern policydb_t *policydbp; extern int mlspol; -extern void set_source_file(const char *name); int read_source_policy(policydb_t * p, const char *file, const char *progname) { @@ -42,7 +41,6 @@ int read_source_policy(policydb_t * p, const char *file, const char *progname) fprintf(stderr, "%s: unable to open %s: %s\n", progname, file, strerror(errno)); return -1; } - set_source_file(file); id_queue = queue_create(); if (id_queue == NULL) { @@ -58,7 +56,7 @@ int read_source_policy(policydb_t * p, const char *file, const char *progname) goto cleanup; } - init_parser(1); + init_parser(1, file); if (yyparse() || policydb_errors) { fprintf(stderr, "%s: error(s) encountered while parsing configuration\n", @@ -66,8 +64,7 @@ int read_source_policy(policydb_t * p, const char *file, const char *progname) goto cleanup; } rewind(yyin); - init_parser(2); - set_source_file(file); + init_parser(2, file); yyrestart(yyin); if (yyparse() || policydb_errors) { fprintf(stderr, diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index a056be67..f19e9f6d 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -58,7 +58,7 @@ #include "module_compiler.h" #include "policy_define.h" -extern void init_parser(int pass_number); +extern void init_parser(int pass_number, const char *input_name); __attribute__ ((format(printf, 1, 2))) extern void yyerror2(const char *fmt, ...); @@ -71,17 +71,20 @@ extern unsigned long policydb_lineno; extern unsigned long source_lineno; extern unsigned int policydb_errors; extern char source_file[PATH_MAX]; +extern void set_source_file(const char *name); extern int yywarn(const char *msg); extern int yyerror(const char *msg); /* initialize all of the state variables for the scanner/parser */ -void init_parser(int pass_number) +void init_parser(int pass_number, const char *input_name) { policydb_lineno = 1; source_lineno = 1; policydb_errors = 0; pass = pass_number; + set_source_file(input_name); + queue_clear(id_queue); } void yyerror2(const char *fmt, ...) diff --git a/checkpolicy/queue.c b/checkpolicy/queue.c index 9f4c651a..5eee2871 100644 --- a/checkpolicy/queue.c +++ b/checkpolicy/queue.c @@ -104,6 +104,24 @@ queue_element_t queue_head(queue_t q) return q->head->element; } +void queue_clear(queue_t q) +{ + queue_node_ptr_t p, temp; + + if (!q) + return; + + p = q->head; + while (p != NULL) { + free(p->element); + temp = p; + p = p->next; + free(temp); + } + + q->head = q->tail = NULL; +} + void queue_destroy(queue_t q) { queue_node_ptr_t p, temp; diff --git a/checkpolicy/queue.h b/checkpolicy/queue.h index 45116dee..3ce2e5bd 100644 --- a/checkpolicy/queue.h +++ b/checkpolicy/queue.h @@ -33,6 +33,7 @@ int queue_insert(queue_t, queue_element_t); int queue_push(queue_t, queue_element_t); queue_element_t queue_remove(queue_t); queue_element_t queue_head(queue_t); +void queue_clear(queue_t); void queue_destroy(queue_t); /*