libselinux/0004-libselinux-Remove-trailing-slash-on-selabel_file-loo.patch

65 lines
1.9 KiB
Diff
Raw Normal View History

From 9e4480b921bb50f59b064e842362b26b87e36bbd Mon Sep 17 00:00:00 2001
From: Chris PeBenito <chpebeni@linux.microsoft.com>
Date: Mon, 24 Aug 2020 09:44:16 -0400
Subject: [PATCH] libselinux: Remove trailing slash on selabel_file lookups.
Having a trailing slash on a file lookup, e.g. "/some/path/", can
cause a different result, for example, when file contexts are written to have
the directory have a different label than the contents. This is inconsistent
with normal Linux behaviors where trailing slashes are ignored.
Many callers already strip the trailing slash before the lookup or users
revise the file contexts to work around this. This fixes it comprehensively.
v2: fix length issues
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libselinux/src/label_file.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 412904d14c06..6eeeea68aea4 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -854,6 +854,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
struct saved_data *data = (struct saved_data *)rec->data;
struct spec *spec_arr = data->spec_arr;
int i, rc, file_stem;
+ size_t len;
mode_t mode = (mode_t)type;
char *clean_key = NULL;
const char *prev_slash, *next_slash;
@@ -894,6 +895,27 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
key = clean_key;
}
+ /* remove trailing slash */
+ len = strlen(key);
+ if (len == 0) {
+ errno = EINVAL;
+ goto finish;
+ }
+
+ if (key[len - 1] == '/') {
+ /* reuse clean_key from above if available */
+ if (!clean_key) {
+ clean_key = (char *) malloc(len);
+ if (!clean_key)
+ goto finish;
+
+ strncpy(clean_key, key, len - 1);
+ }
+
+ clean_key[len - 1] = '\0';
+ key = clean_key;
+ }
+
sub = selabel_sub_key(data, key);
if (sub)
key = sub;
--
2.29.0