Hello,
While testing a few things on the SWIG wrappers (like compiling them
with clang and a bunch of warnings), I got the following warning:
selinuxswig_wrap.c:12253:11: error: variable 'arg4' is uninitialized
when used here [-Werror,-Wuninitialized]
while(arg4[i]) {
^~~~
After digging a little bit, I find out that the following command (which
does an invalid call to rpm_execon wrapper) triggers a segmentation
fault on my system:
python -c 'import selinux;selinux.rpm_execcon()'
This bug can be fixed by adding some magic to selinuxswig_python.i (for
example "%typemap(arginit) char * const [] { $1 = NULL; }" and a few
more things). After this I found two other issues in this wrapper:
* The size of the buffer which is allocated to copy argv and envp is
too small: the code uses "malloc(size + 1)" instead of "calloc(size + 1,
sizeof(char *))" [1]. This makes some valid call to
selinux.rpm_execcon() overflow a memory block allocated on the heap.
* The memory allocated with this malloc is leaked if one argument of
rpm_execon is not a sequence of bytes [2]. Replacing the "return NULL;"
with "SWIG_fail;" can fix this issue.
Instead of writing patches to fix all these bugs, I am wondering whether
anyone is still using this interface, which has been deprecated since
2012 [3] and which can be removed at compile-time by using
"DISABLE_RPM=y". Is this interface going to be removed soon? Or is it
worth spending time to fix it?
Cheers,
Nicolas
[1]
https://github.com/SELinuxProject/selinux/blob/libselinux-2.6/libselinux/src/selinuxswig_python.i#L171
[2]
https://github.com/SELinuxProject/selinux/blob/libselinux-2.6/libselinux/src/selinuxswig_python.i#L177
[3]
https://github.com/SELinuxProject/selinux/commit/a2737333c795cae2aa4e31deed95a8e155d64d4a
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
