libselinux/0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch

From ac0fc6d50077a6f33df9859322e13a2434070d4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 3 Dec 2024 16:54:48 +0100
Subject: [PATCH] libselinux/utils: drop reachable assert in sefcontext_compile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain

The two asserts following qsort(3) where useful during development to
ensure the comparison function and the corresponding pointer handling
were correct.  They however do not take into account an empty file
context definition file containing no definitions and thus `stab->nel`
being NULL.  Drop the two asserts.

Also return early to not depend on whether calloc(3) called with a size
of zero returns NULL or a special value.

Reported-by: Petr Lautrbach <lautrbach@redhat.com>
Closes: https://lore.kernel.org/selinux/87jzchqck5.fsf@redhat.com/
Fixes: 92306daf ("libselinux: rework selabel_file(5) database")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Tested-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 libselinux/utils/sefcontext_compile.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
index 23d312744016..e5da51ea12df 100644
--- a/libselinux/utils/sefcontext_compile.c
+++ b/libselinux/utils/sefcontext_compile.c
@@ -188,6 +188,9 @@ static int write_sidtab(FILE *bin_file, const struct sidtab *stab)
 	if (len != 1)
 		return -1;
 
+	if (stab->nel == 0)
+		return 0;
+
 	/* sort entries by id */
 	sids = calloc(stab->nel, sizeof(*sids));
 	if (!sids)
@@ -203,8 +206,6 @@ static int write_sidtab(FILE *bin_file, const struct sidtab *stab)
 	}
 	assert(index == stab->nel);
 	qsort(sids, stab->nel, sizeof(struct security_id), security_id_compare);
-	assert(sids[0].id == 1);
-	assert(sids[stab->nel - 1].id == stab->nel);
 
 	/* write raw contexts sorted by id */
 	for (uint32_t i = 0; i < stab->nel; i++) {
-- 
2.47.0
libselinux/utils: drop reachable assert in sefcontext_compile Resolves: RHEL-69451 2024-12-04 18:38:06 +00:00			`From ac0fc6d50077a6f33df9859322e13a2434070d4c Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>`
			`Date: Tue, 3 Dec 2024 16:54:48 +0100`
			`Subject: [PATCH] libselinux/utils: drop reachable assert in sefcontext_compile`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`
			`Content-type: text/plain`

			`The two asserts following qsort(3) where useful during development to`
			`ensure the comparison function and the corresponding pointer handling`
			`were correct. They however do not take into account an empty file`
			context definition file containing no definitions and thus `stab->nel`
			`being NULL. Drop the two asserts.`

			`Also return early to not depend on whether calloc(3) called with a size`
			`of zero returns NULL or a special value.`

			`Reported-by: Petr Lautrbach <lautrbach@redhat.com>`
			`Closes: https://lore.kernel.org/selinux/87jzchqck5.fsf@redhat.com/`
			`Fixes: 92306daf ("libselinux: rework selabel_file(5) database")`
			`Signed-off-by: Christian Göttsche <cgzones@googlemail.com>`
			`Tested-by: Petr Lautrbach <lautrbach@redhat.com>`
			`Acked-by: James Carter <jwcart2@gmail.com>`
			`---`
			`libselinux/utils/sefcontext_compile.c \| 5 +++--`
			`1 file changed, 3 insertions(+), 2 deletions(-)`

			`diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c`
			`index 23d312744016..e5da51ea12df 100644`
			`--- a/libselinux/utils/sefcontext_compile.c`
			`+++ b/libselinux/utils/sefcontext_compile.c`
			`@@ -188,6 +188,9 @@ static int write_sidtab(FILE bin_file, const struct sidtab stab)`
			`if (len != 1)`
			`return -1;`

			`+ if (stab->nel == 0)`
			`+ return 0;`
			`+`
			`/* sort entries by id */`
			`sids = calloc(stab->nel, sizeof(*sids));`
			`if (!sids)`
			`@@ -203,8 +206,6 @@ static int write_sidtab(FILE bin_file, const struct sidtab stab)`
			`}`
			`assert(index == stab->nel);`
			`qsort(sids, stab->nel, sizeof(struct security_id), security_id_compare);`
			`- assert(sids[0].id == 1);`
			`- assert(sids[stab->nel - 1].id == stab->nel);`

			`/* write raw contexts sorted by id */`
			`for (uint32_t i = 0; i < stab->nel; i++) {`
			`--`
			`2.47.0`