On Mon, Aug 9, 2021 at 6:54 AM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > The standard function `strerror(3)` is not thread safe. This does not > only affect the concurrent usage of libselinux itself but also with > other `strerror(3)` linked libraries. > Use the thread safe GNU extension format specifier `%m`[1]. > > libselinux already uses the GNU extension format specifier `%ms`. > > [1]: https://www.gnu.org/software/libc/manual/html_node/Other-Output-Conversions.html > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Acked-by: James Carter <jwcart2@xxxxxxxxx> > --- > libsepol/src/ibpkey_record.c | 7 +++---- > libsepol/src/kernel_to_cil.c | 11 +++++------ > libsepol/src/kernel_to_conf.c | 11 +++++------ > libsepol/src/module.c | 8 ++++++-- > libsepol/src/module_to_cil.c | 11 +++++------ > libsepol/src/node_record.c | 10 ++++------ > libsepol/src/services.c | 2 +- > 7 files changed, 29 insertions(+), 31 deletions(-) > > diff --git a/libsepol/src/ibpkey_record.c b/libsepol/src/ibpkey_record.c > index 6f7aa656..d95e95fe 100644 > --- a/libsepol/src/ibpkey_record.c > +++ b/libsepol/src/ibpkey_record.c > @@ -38,8 +38,8 @@ static int ibpkey_parse_subnet_prefix(sepol_handle_t *handle, > struct in6_addr in_addr; > > if (inet_pton(AF_INET6, subnet_prefix_str, &in_addr) <= 0) { > - ERR(handle, "could not parse IPv6 address for ibpkey subnet prefix %s: %s", > - subnet_prefix_str, strerror(errno)); > + ERR(handle, "could not parse IPv6 address for ibpkey subnet prefix %s: %m", > + subnet_prefix_str); > return STATUS_ERR; > } > > @@ -64,8 +64,7 @@ static int ibpkey_expand_subnet_prefix(sepol_handle_t *handle, > if (inet_ntop(AF_INET6, &addr, subnet_prefix_str, > INET6_ADDRSTRLEN) == NULL) { > ERR(handle, > - "could not expand IPv6 address to string: %s", > - strerror(errno)); > + "could not expand IPv6 address to string: %m"); > return STATUS_ERR; > } > > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c > index 336d53b0..81427e65 100644 > --- a/libsepol/src/kernel_to_cil.c > +++ b/libsepol/src/kernel_to_cil.c > @@ -2779,13 +2779,13 @@ static int write_selinux_node_rules_to_cil(FILE *out, struct policydb *pdb) > > for (node = pdb->ocontexts[4]; node != NULL; node = node->next) { > if (inet_ntop(AF_INET, &node->u.node.addr, addr, INET_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon address is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon address is invalid: %m"); > rc = -1; > goto exit; > } > > if (inet_ntop(AF_INET, &node->u.node.mask, mask, INET_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon mask is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon mask is invalid: %m"); > rc = -1; > goto exit; > } > @@ -2819,13 +2819,13 @@ static int write_selinux_node6_rules_to_cil(FILE *out, struct policydb *pdb) > > for (node = pdb->ocontexts[6]; node != NULL; node = node->next) { > if (inet_ntop(AF_INET6, &node->u.node6.addr, addr, INET6_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon address is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon address is invalid: %m"); > rc = -1; > goto exit; > } > > if (inet_ntop(AF_INET6, &node->u.node6.mask, mask, INET6_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon mask is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon mask is invalid: %m"); > rc = -1; > goto exit; > } > @@ -2867,8 +2867,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) > > if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, > subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { > - sepol_log_err("ibpkeycon subnet_prefix is invalid: %s", > - strerror(errno)); > + sepol_log_err("ibpkeycon subnet_prefix is invalid: %m"); > rc = -1; > goto exit; > } > diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c > index cb8e1380..179f0ad1 100644 > --- a/libsepol/src/kernel_to_conf.c > +++ b/libsepol/src/kernel_to_conf.c > @@ -2652,13 +2652,13 @@ static int write_selinux_node_rules_to_conf(FILE *out, struct policydb *pdb) > > for (node = pdb->ocontexts[4]; node != NULL; node = node->next) { > if (inet_ntop(AF_INET, &node->u.node.addr, addr, INET_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon address is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon address is invalid: %m"); > rc = -1; > goto exit; > } > > if (inet_ntop(AF_INET, &node->u.node.mask, mask, INET_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon mask is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon mask is invalid: %m"); > rc = -1; > goto exit; > } > @@ -2693,13 +2693,13 @@ static int write_selinux_node6_rules_to_conf(FILE *out, struct policydb *pdb) > > for (node6 = pdb->ocontexts[6]; node6 != NULL; node6 = node6->next) { > if (inet_ntop(AF_INET6, &node6->u.node6.addr, addr, INET6_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon address is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon address is invalid: %m"); > rc = -1; > goto exit; > } > > if (inet_ntop(AF_INET6, &node6->u.node6.mask, mask, INET6_ADDRSTRLEN) == NULL) { > - sepol_log_err("Nodecon mask is invalid: %s", strerror(errno)); > + sepol_log_err("Nodecon mask is invalid: %m"); > rc = -1; > goto exit; > } > @@ -2741,8 +2741,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) > > if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, > subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { > - sepol_log_err("ibpkeycon address is invalid: %s", > - strerror(errno)); > + sepol_log_err("ibpkeycon address is invalid: %m"); > rc = -1; > goto exit; > } > diff --git a/libsepol/src/module.c b/libsepol/src/module.c > index 9b53bc47..02a5de2c 100644 > --- a/libsepol/src/module.c > +++ b/libsepol/src/module.c > @@ -796,7 +796,9 @@ int sepol_module_package_info(struct sepol_policy_file *spf, int *type, > > len = le32_to_cpu(buf[0]); > if (str_read(name, file, len)) { > - ERR(file->handle, "%s", strerror(errno)); > + ERR(file->handle, > + "cannot read module name (at section %u): %m", > + i); > goto cleanup; > } > > @@ -809,7 +811,9 @@ int sepol_module_package_info(struct sepol_policy_file *spf, int *type, > } > len = le32_to_cpu(buf[0]); > if (str_read(version, file, len)) { > - ERR(file->handle, "%s", strerror(errno)); > + ERR(file->handle, > + "cannot read module version (at section %u): %m", > + i); > goto cleanup; > } > seen |= SEEN_MOD; > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c > index 21d8e5db..9c7e3d3a 100644 > --- a/libsepol/src/module_to_cil.c > +++ b/libsepol/src/module_to_cil.c > @@ -2668,8 +2668,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, > > if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, > subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { > - log_err("ibpkeycon subnet_prefix is invalid: %s", > - strerror(errno)); > + log_err("ibpkeycon subnet_prefix is invalid: %m"); > rc = -1; > goto exit; > } > @@ -2714,13 +2713,13 @@ static int ocontext_selinux_node_to_cil(struct policydb *pdb, struct ocontext *n > > for (node = nodes; node != NULL; node = node->next) { > if (inet_ntop(AF_INET, &node->u.node.addr, addr, INET_ADDRSTRLEN) == NULL) { > - log_err("Nodecon address is invalid: %s", strerror(errno)); > + log_err("Nodecon address is invalid: %m"); > rc = -1; > goto exit; > } > > if (inet_ntop(AF_INET, &node->u.node.mask, mask, INET_ADDRSTRLEN) == NULL) { > - log_err("Nodecon mask is invalid: %s", strerror(errno)); > + log_err("Nodecon mask is invalid: %m"); > rc = -1; > goto exit; > } > @@ -2746,13 +2745,13 @@ static int ocontext_selinux_node6_to_cil(struct policydb *pdb, struct ocontext * > > for (node = nodes; node != NULL; node = node->next) { > if (inet_ntop(AF_INET6, &node->u.node6.addr, addr, INET6_ADDRSTRLEN) == NULL) { > - log_err("Nodecon address is invalid: %s", strerror(errno)); > + log_err("Nodecon address is invalid: %m"); > rc = -1; > goto exit; > } > > if (inet_ntop(AF_INET6, &node->u.node6.mask, mask, INET6_ADDRSTRLEN) == NULL) { > - log_err("Nodecon mask is invalid: %s", strerror(errno)); > + log_err("Nodecon mask is invalid: %m"); > rc = -1; > goto exit; > } > diff --git a/libsepol/src/node_record.c b/libsepol/src/node_record.c > index 9ef429da..2e575bf1 100644 > --- a/libsepol/src/node_record.c > +++ b/libsepol/src/node_record.c > @@ -53,7 +53,7 @@ static int node_parse_addr(sepol_handle_t * handle, > > if (inet_pton(AF_INET, addr_str, &in_addr) <= 0) { > ERR(handle, "could not parse IPv4 address " > - "%s: %s", addr_str, strerror(errno)); > + "%s: %m", addr_str); > return STATUS_ERR; > } > > @@ -66,7 +66,7 @@ static int node_parse_addr(sepol_handle_t * handle, > > if (inet_pton(AF_INET6, addr_str, &in_addr) <= 0) { > ERR(handle, "could not parse IPv6 address " > - "%s: %s", addr_str, strerror(errno)); > + "%s: %m", addr_str); > return STATUS_ERR; > } > > @@ -147,8 +147,7 @@ static int node_expand_addr(sepol_handle_t * handle, > INET_ADDRSTRLEN) == NULL) { > > ERR(handle, > - "could not expand IPv4 address to string: %s", > - strerror(errno)); > + "could not expand IPv4 address to string: %m"); > return STATUS_ERR; > } > break; > @@ -163,8 +162,7 @@ static int node_expand_addr(sepol_handle_t * handle, > INET6_ADDRSTRLEN) == NULL) { > > ERR(handle, > - "could not expand IPv6 address to string: %s", > - strerror(errno)); > + "could not expand IPv6 address to string: %m"); > return STATUS_ERR; > } > break; > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > index 47a3dc14..673b3971 100644 > --- a/libsepol/src/services.c > +++ b/libsepol/src/services.c > @@ -145,7 +145,7 @@ int sepol_set_policydb_from_file(FILE * fp) > } > if (policydb_read(&mypolicydb, &pf, 0)) { > policydb_destroy(&mypolicydb); > - ERR(NULL, "can't read binary policy: %s", strerror(errno)); > + ERR(NULL, "can't read binary policy: %m"); > return -1; > } > policydb = &mypolicydb; > -- > 2.32.0 >
