My first message was not so clear. The check in libselinux/src/lsetfilecon.c line 35 [1] doesn't work because selinux_trans_to_raw_context(context, &rcontext) returns 0 and sets rcontext to NULL. This is why I'm asking to change the return value to something else if you want "cp -a" working. This fix is not to introduce a new feature but to fix an existing one. Nicolas [1] http://userspace.selinuxproject.org/trac/browser/libselinux/src/lsetfilecon.c?rev=51d9a078c260b230f65863766e73e6db0b2c2d3a 2013/12/21 Frank C <frankc@xxxxxxxxxxxxxxxx>: > Why not make your own function prototype to return if NULL whatever your > heart desires? > > On Dec 21, 2013 6:07 AM, "Nicolas Iooss" <nicolas.iooss@xxxxxxx> wrote: >> >> Hi, >> >> After upgrading to coreutils 8.22, cp is crashing when building >> policycoreutils package (see gdb backtrace below). A segmentation >> fault occurred in libselinux/src/lsetfilecon.c line 12 [1], when >> calling "strlen(context)" with a NULL context. This code path has been >> possible because selinux_trans_to_raw_context(0, &rcontext) returns 0 >> even though rcontext is NULL, in libselinux/src/setrans_client.c lines >> 287-290 [2]. I think this function should return a non-null value like >> -1 on line 289. Could you please fix this bug? >> >> System information: >> I'm running SELinux on Archlinux using packages from >> https://github.com/fishilico/siosm-selinux/ and a policy patched from >> the Reference Policy. I'm using coreutils 8.22, libselinux 2.2, >> libsepol 2.2 and glibc 2.18. >> >> Thanks, >> >> Nicolas >> (IooNag on irc.freenode.net) >> >> [1] >> http://userspace.selinuxproject.org/trac/browser/libselinux/src/fsetfilecon.c?rev=51d9a078c260b230f65863766e73e6db0b2c2d3a >> [2] >> http://userspace.selinuxproject.org/trac/browser/libselinux/src/setrans_client.c?rev=aa62cd60f7192123b509c2518e7a2083e34a65a2#L284 >> >> GDB Coredump: >> >> # systemd-coredumpctl gdb >> TIME PID UID GID SIG EXE >> sam. 2013-12-21 14:23:00 CET 2872 1000 100 11 >> /usr/bin/cp >> GNU gdb (GDB) 7.6.2 >> Copyright (C) 2013 Free Software Foundation, Inc. >> License GPLv3+: GNU GPL version 3 or later >> <http://gnu.org/licenses/gpl.html> >> This is free software: you are free to change and redistribute it. >> There is NO WARRANTY, to the extent permitted by law. Type "show copying" >> and "show warranty" for details. >> This GDB was configured as "x86_64-unknown-linux-gnu". >> For bug reporting instructions, please see: >> <http://www.gnu.org/software/gdb/bugs/>... >> Reading symbols from /usr/bin/cp...done. >> [New LWP 2872] >> >> warning: Could not load shared library symbols for linux-vdso.so.1. >> Do you need "set solib-search-path" or "set sysroot"? >> [Thread debugging using libthread_db enabled] >> Using host libthread_db library "/usr/lib/libthread_db.so.1". >> >> warning: no loadable sections found in added symbol-file >> system-supplied DSO at 0x7fff82d84000 >> Core was generated by `cp -af setfiles.8 setfiles.8.man'. >> Program terminated with signal 11, Segmentation fault. >> #0 0x00007fb34934c9ba in strlen () from /usr/lib/libc.so.6 >> (gdb) bt >> #0 0x00007fb34934c9ba in strlen () from /usr/lib/libc.so.6 >> #1 0x00007fb349a9b1db in lsetfilecon_raw_internal >> (path=0x7fff82c3bea9 "setfiles.8.man", context=0x0) at >> lsetfilecon.c:12 >> #2 0x00007fb349a9b2b6 in lsetfilecon (path=0x7fff82c3bea9 >> "setfiles.8.man", context=0x0) at lsetfilecon.c:38 >> #3 0x0000000000409a55 in restorecon_private (path=0x7fff82c3bea9 >> "setfiles.8.man", local=local@entry=true) at src/selinux.c:195 >> #4 0x0000000000409f68 in restorecon (path=0x7fff82c3bea9 >> "setfiles.8.man", recurse=<optimized out>, local=<optimized out>) at >> src/selinux.c:301 >> #5 0x0000000000405c0b in set_file_security_ctx >> (dst_name=0x7fff82c3bea9 "setfiles.8.man", process_local=<optimized >> out>, recurse=<optimized out>, x=<optimized out>) at src/copy.c:835 >> #6 0x000000000040893b in copy_reg (src_sb=0x7fff82c39df0, >> new_dst=<synthetic pointer>, omitted_permissions=36, >> dst_mode=<optimized out>, x=0x7fff82c3a210, >> dst_name=0x7fff82c3bea9 "setfiles.8.man", src_name=0x7fff82c3be9e >> "setfiles.8") at src/copy.c:952 >> #7 copy_internal (src_name=src_name@entry=0x7fff82c3be9e >> "setfiles.8", dst_name=dst_name@entry=0x7fff82c3bea9 "setfiles.8.man", >> new_dst=<optimized out>, new_dst@entry=false, >> device=device@entry=0, ancestors=ancestors@entry=0x0, >> x=x@entry=0x7fff82c3a210, >> command_line_arg=command_line_arg@entry=true, >> >> first_dir_created_per_command_line_arg=first_dir_created_per_command_line_arg@entry=0x7fff82c3a0af, >> copy_into_self=copy_into_self@entry=0x7fff82c3a0f8, >> rename_succeeded=rename_succeeded@entry=0x0) at src/copy.c:2503 >> #8 0x00000000004094bc in copy (src_name=src_name@entry=0x7fff82c3be9e >> "setfiles.8", dst_name=dst_name@entry=0x7fff82c3bea9 "setfiles.8.man", >> nonexistent_dst=nonexistent_dst@entry=false, >> options=options@entry=0x7fff82c3a210, >> copy_into_self=copy_into_self@entry=0x7fff82c3a0f8, >> rename_succeeded=rename_succeeded@entry=0x0) at src/copy.c:2809 >> #9 0x0000000000404fb0 in do_copy (n_files=<optimized out>, >> file=0x7fff82c3a418, target_directory=<optimized out>, >> target_directory@entry=0x0, >> no_target_directory=no_target_directory@entry=false, >> x=x@entry=0x7fff82c3a210) at src/cp.c:765 >> #10 0x0000000000403ba9 in main (argc=4, argv=0x7fff82c3a408) at >> src/cp.c:1212 >> >> _______________________________________________ >> Selinux mailing list >> Selinux@xxxxxxxxxxxxx >> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. >> To get help, send an email containing "help" to >> Selinux-request@xxxxxxxxxxxxx. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
