On Mon, Dec 11, 2023 at 3:41 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Mon, Dec 11, 2023 at 12:07 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > > > On Mon, Dec 11, 2023 at 9:54 AM Christian Göttsche > > <cgzones@xxxxxxxxxxxxxx> wrote: > > > > > > Use a growing dynamically allocated buffer to format permission names of > > > an access vector instead of a fixed static buffer to support very long > > > permission names. > > > > > > This changes the behavior of the since libsepol 3.4 exported function > > > sepol_av_perm_to_string(): previously it returned a pointer to a static > > > buffer which must not be free'd by the caller, now an allocated string > > > which should be free'd by the caller (to avoid memory leaks). > > > > > > Reported-by: oss-fuzz (issue 64832, 64933) > > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > > > I like this patch and would like to merge it, but it does change an > > exported function (by removing const on the return type). > > As far as I know, the only thing that uses the function externally is > > sepol_compute_av in libsepol/utils and the function has only been > > exported since 2022, so I doubt there would be any harm in making the > > change. But I am still hesitant to make the change. > > > > What is the best way to handle this? > > Hmm...there is a reason why this and other libsepol functions were not > exported in the first place, not sure why that changed. > > There is no real good way. Options are: > 1. Change it without touching .so version and hope nothing breaks. > Don't see any usage in Debian code search but one never knows. > 2. Change it and bump the LIBVERSION to reflect an incompatible > change. Seems like that should be batched with other longstanding > desired incompatible changes if done that way. > 3. Use per-symbol versioning to auto-magically redirect the caller to > the old or new implementation based on the version against which they > were compiled. Seems like that has caused us grief in the past. > 4. Don't change it. I am going for option 4 and sent a patch. The good news was that the exported function just wrapped the internal one. Jim
