Re: [RFC PATCH 1/4] libselinux: simplify policy path logic to avoid uninitialized read

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 18, 2022 at 11:22 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Tue, May 10, 2022 at 4:53 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > In case the function __policy_init() gets called with a NULL pointer,
> > the stack variable path remains uninitialized (except at its last
> > index).  If parsing the binary policy fails in sepol_policydb_read() the
> > error branch would access those uninitialized memory.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> For the series with v2 of patch 4:
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged with v4 of patch 4.
Thanks,
Jim

> > ---
> >  libselinux/src/audit2why.c | 34 +++++++++++++---------------------
> >  1 file changed, 13 insertions(+), 21 deletions(-)
> >
> > diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
> > index ca38e13c..44a9a341 100644
> > --- a/libselinux/src/audit2why.c
> > +++ b/libselinux/src/audit2why.c
> > @@ -192,25 +192,16 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args)
> >  static int __policy_init(const char *init_path)
> >  {
> >         FILE *fp;
> > -       char path[PATH_MAX];
> > +       const char *curpolicy;
> >         char errormsg[PATH_MAX+1024+20];
> >         struct sepol_policy_file *pf = NULL;
> >         int rc;
> >         unsigned int cnt;
> >
> > -       path[PATH_MAX-1] = '\0';
> >         if (init_path) {
> > -               strncpy(path, init_path, PATH_MAX-1);
> > -               fp = fopen(path, "re");
> > -               if (!fp) {
> > -                       snprintf(errormsg, sizeof(errormsg),
> > -                                "unable to open %s:  %m\n",
> > -                                path);
> > -                       PyErr_SetString( PyExc_ValueError, errormsg);
> > -                       return 1;
> > -               }
> > +               curpolicy = init_path;
> >         } else {
> > -               const char *curpolicy = selinux_current_policy_path();
> > +               curpolicy = selinux_current_policy_path();
> >                 if (!curpolicy) {
> >                         /* SELinux disabled, must use -p option. */
> >                         snprintf(errormsg, sizeof(errormsg),
> > @@ -218,14 +209,15 @@ static int __policy_init(const char *init_path)
> >                         PyErr_SetString( PyExc_ValueError, errormsg);
> >                         return 1;
> >                 }
> > -               fp = fopen(curpolicy, "re");
> > -               if (!fp) {
> > -                       snprintf(errormsg, sizeof(errormsg),
> > -                                "unable to open %s:  %m\n",
> > -                                curpolicy);
> > -                       PyErr_SetString( PyExc_ValueError, errormsg);
> > -                       return 1;
> > -               }
> > +       }
> > +
> > +       fp = fopen(curpolicy, "re");
> > +       if (!fp) {
> > +               snprintf(errormsg, sizeof(errormsg),
> > +                        "unable to open %s:  %m\n",
> > +                        curpolicy);
> > +               PyErr_SetString( PyExc_ValueError, errormsg);
> > +               return 1;
> >         }
> >
> >         avc = calloc(sizeof(struct avc_t), 1);
> > @@ -249,7 +241,7 @@ static int __policy_init(const char *init_path)
> >         sepol_policy_file_set_fp(pf, fp);
> >         if (sepol_policydb_read(avc->policydb, pf)) {
> >                 snprintf(errormsg, sizeof(errormsg),
> > -                        "invalid binary policy %s\n", path);
> > +                        "invalid binary policy %s\n", curpolicy);
> >                 PyErr_SetString( PyExc_ValueError, errormsg);
> >                 fclose(fp);
> >                 return 1;
> > --
> > 2.36.1
> >




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux