On Fri, 8 Apr 2022 at 15:10, Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote:
>
> The `struct selabel_digest` member `hashbuf_size` is used to compute
> hashes via `Sha1Update()`, which takes uint32_t as length parameter
> type. Use that same type for `hashbuf_size` to avoid potential value
> truncations, as the overflow check in `digest_add_specfile()` on
> `hashbuf_size` is based on it.
>
> label_support.c: In function ‘digest_gen_hash’:
> label_support.c:125:53: warning: conversion from ‘size_t’ {aka ‘long unsigned int’} to ‘uint32_t’ {aka ‘unsigned int’} may change value [-Wconversion]
> 125 | Sha1Update(&context, digest->hashbuf, digest->hashbuf_size);
> | ~~~~~~^~~~~~~~~~~~~~
An alternative would be to split the `Sha1Update()` call[1] into
multiple, each for a maximum of UINT32_MAX bytes.
[1]: https://github.com/SELinuxProject/selinux/blob/73562de8fc70b21aeb6be86dfdfddb7502d236ea/libselinux/src/label_support.c#L125
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> libselinux/src/label_internal.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
> index 782c6aa8..82a762f7 100644
> --- a/libselinux/src/label_internal.h
> +++ b/libselinux/src/label_internal.h
> @@ -57,7 +57,7 @@ int selabel_service_init(struct selabel_handle *rec,
> struct selabel_digest {
> unsigned char *digest; /* SHA1 digest of specfiles */
> unsigned char *hashbuf; /* buffer to hold specfiles */
> - size_t hashbuf_size; /* buffer size */
> + uint32_t hashbuf_size; /* buffer size */
> size_t specfile_cnt; /* how many specfiles processed */
> char **specfile_list; /* and their names */
> };
> --
> 2.35.1
>
