cp/mv/install: do not crash when getfscreatecon() is returning a NULL context

2014-01-13 16:26:44 +01:00 · 2014-01-13 16:26:44 +01:00 · 55f7ecdd4a
commit 55f7ecdd4a
parent 72a0b599c4
3 changed files with 118 additions and 3 deletions
--- a/coreutils-6.10-configuration.patch
+++ b/coreutils-6.10-configuration.patch
@ -136,8 +136,8 @@ diff -urNp coreutils-8.21-orig/tests/local.mk coreutils-8.21/tests/local.mk
   tests/touch/now-owned-by-other.sh
@@ -163,7 +164,6 @@ all_tests =					\
   tests/rm/cycle.sh				\
   tests/cp/link-heap.sh				\
   tests/cp/no-ctx.sh				\
   tests/misc/tty-eof.pl				\
 -  tests/tail-2/inotify-hash-abuse.sh		\
   tests/tail-2/inotify-hash-abuse2.sh		\
--- a/coreutils-8.22-cp-selinux.patch
+++ b/coreutils-8.22-cp-selinux.patch
@ -0,0 +1,109 @@
 From 2b3b5bfcd5f4161d17c0bc3d43f6edcfc4a2b294 Mon Sep 17 00:00:00 2001
 From: Nicolas Looss <nicolas.iooss@m4x.org>
 Date: Sat, 4 Jan 2014 03:03:51 +0000
 Subject: [PATCH] copy: fix a segfault in SELinux context copying code
 * src/selinux.c (restorecon_private): On ArchLinux the
 `fakeroot cp -a file1 file2` command segfaulted due
 to getfscreatecon() returning a NULL context.
 So map this to the sometimes ignored ENODATA error,
 rather than crashing.
 * tests/cp/no-ctx.sh: Add a new test case.
 * tests/local.mk: Reference the new test.
 ---
 src/selinux.c      |    5 ++++
 tests/cp/no-ctx.sh |   53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 tests/local.mk     |    1 +
 3 files changed, 59 insertions(+), 0 deletions(-)
 create mode 100755 tests/cp/no-ctx.sh
 diff --git a/src/selinux.c b/src/selinux.c
 index cd38a81..016db16 100644
 --- a/src/selinux.c
 +++ b/src/selinux.c
@@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local)
     {
       if (getfscreatecon (&tcon) < 0)
         return rc;
 +      if (!tcon)
 +        {
 +          errno = ENODATA;
 +          return rc;
 +        }
       rc = lsetfilecon (path, tcon);
       freecon (tcon);
       return rc;
 diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh
 new file mode 100755
 index 0000000..59d30de
 --- /dev/null
 +++ b/tests/cp/no-ctx.sh
@@ -0,0 +1,53 @@
 +#!/bin/sh
 +# Ensure we handle file systems returning no SELinux context,
 +# which triggered a segmentation fault in coreutils-8.22.
 +# This test is skipped on systems that lack LD_PRELOAD support; that's fine.
 +# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine.
 +
 +# Copyright (C) 2014 Free Software Foundation, Inc.
 +
 +# This program is free software: you can redistribute it and/or modify
 +# it under the terms of the GNU General Public License as published by
 +# the Free Software Foundation, either version 3 of the License, or
 +# (at your option) any later version.
 +
 +# This program is distributed in the hope that it will be useful,
 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +# GNU General Public License for more details.
 +
 +# You should have received a copy of the GNU General Public License
 +# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 +
 +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
 +print_ver_ cp
 +require_gcc_shared_
 +
 +# Replace each getfilecon and lgetfilecon call with a call to these stubs.
 +cat > k.c <<'EOF' || skip_
 +#include <selinux/selinux.h>
 +#include <errno.h>
 +
 +int getfilecon (const char *path, security_context_t *con)
 +{ errno=ENODATA; return -1; }
 +int lgetfilecon (const char *path, security_context_t *con)
 +{ errno=ENODATA; return -1; }
 +EOF
 +
 +# Then compile/link it:
 +$CC -shared -fPIC -O2 k.c -o k.so \
 +  || skip_ 'failed to build SELinux shared library'
 +
 +touch file_src
 +
 +# New file with SELinux context optionally included
 +LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1
 +
 +# Existing file with SELinux context optionally included
 +LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1
 +
 +# ENODATA should give an immediate error when required to preserve ctx
 +# This is debatable, and maybe we should not fail when no context available?
 +LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1
 +
 +Exit $fail
 diff --git a/tests/local.mk b/tests/local.mk
 index dc7341c..9d556f6 100644
 --- a/tests/local.mk
 +++ b/tests/local.mk
@@ -161,6 +161,7 @@ all_tests =					\
   tests/rm/ext3-perf.sh				\
   tests/rm/cycle.sh				\
   tests/cp/link-heap.sh				\
 +  tests/cp/no-ctx.sh				\
   tests/misc/tty-eof.pl				\
   tests/tail-2/inotify-hash-abuse.sh		\
   tests/tail-2/inotify-hash-abuse2.sh		\
 -- 
 1.7.7.6
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 8.22
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@ -13,6 +13,7 @@ Source105:  coreutils-colorls.sh
 Source106:  coreutils-colorls.csh
 # From upstream
 Patch1: coreutils-8.22-cp-selinux.patch
 # Our patches
 #general patch to workaround koji build system issues
@ -126,6 +127,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
 %setup -q
 # From upstream
 %patch1 -p1 -b .nullcontext
 # Our patches
 %patch100 -p1 -b .configure
@ -151,7 +153,7 @@ the old GNU fileutils, sh-utils, and textutils packages.
 %patch950 -p1 -b .selinux
 %patch951 -p1 -b .selinuxman
-chmod a+x tests/misc/sort-mb-tests.sh tests/df/direct.sh || :
+chmod a+x tests/misc/sort-mb-tests.sh tests/df/direct.sh tests/cp/no-ctx.sh || :
 #fix typos/mistakes in localized documentation(#439410, #440056)
 find ./po/ -name "*.p*" | xargs \
@ -372,6 +374,10 @@ fi
 %{_sbindir}/chroot
 %changelog
 * Mon Jan 13 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-11
 - cp/mv/install: do not crash when getfscreatecon() is
  returning a NULL context
 * Mon Jan 13 2014 Ondrej Vasik <ovasik@redhat.com> 8.22-10
 - unset the unnecessary envvars after colorls scripts(#1051703)
 - improve the limitation (check for both utf8 and utf-8)