diff --git a/0001-libselinux-selinux_check_passwd_access_internal-resp.patch b/0001-libselinux-selinux_check_passwd_access_internal-resp.patch new file mode 100644 index 0000000..d4570d4 --- /dev/null +++ b/0001-libselinux-selinux_check_passwd_access_internal-resp.patch @@ -0,0 +1,45 @@ +From 651c1fdee084cbf9a25d5131ebe367d6d1473ca5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 10 May 2021 12:12:38 +0200 +Subject: [PATCH] libselinux: selinux_check_passwd_access_internal(): respect + deny_unknown +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +`selinux_check_passwd_access_internal()`, and thereby +`checkPasswdAccess(3)` and `selinux_check_passwd_access(3)`, does not +respect the policy defined setting of `deny_unknown`, like +`selinux_check_access(3)` does. +This means in case the security class `passwd` is not defined, success +is returned instead of failure, i.e. permission denied. + +Most policies should define the `passwd` class and the two affected +public functions are marked deprecated. + +Align the behavior with `selinux_check_access(3)` and respect +the deny_unknown setting in case the security class is not defined. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/checkAccess.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c +index b337ea64f977..022cd6b5ecab 100644 +--- a/libselinux/src/checkAccess.c ++++ b/libselinux/src/checkAccess.c +@@ -78,7 +78,9 @@ static int selinux_check_passwd_access_internal(access_vector_t requested) + passwd_class = string_to_security_class("passwd"); + if (passwd_class == 0) { + freecon(user_context); +- return 0; ++ if (security_deny_unknown() == 0) ++ return 0; ++ return -1; + } + + retval = security_compute_av_raw(user_context, +-- +2.32.0.rc1 + diff --git a/0002-libselinux-silence-Wstringop-overflow-warning-from-g.patch b/0002-libselinux-silence-Wstringop-overflow-warning-from-g.patch new file mode 100644 index 0000000..5419a58 --- /dev/null +++ b/0002-libselinux-silence-Wstringop-overflow-warning-from-g.patch @@ -0,0 +1,51 @@ +From 3bf8068d0854bbb4d7b5f63ab0c0137659d6d346 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss +Date: Fri, 30 Apr 2021 21:37:02 +0200 +Subject: [PATCH] libselinux: silence -Wstringop-overflow warning from gcc + 10.3.1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When building libselinux on Fedora 33 with gcc 10.3.1, the compiler +reports: + + label_file.c: In function ‘lookup_all.isra’: + label_file.c:940:4: error: ‘strncpy’ specified bound depends on the + length of the source argument [-Werror=stringop-overflow=] + 940 | strncpy(clean_key, key, len - 1); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + label_file.c:927:8: note: length computed here + 927 | len = strlen(key); + | ^~~~~~~~~~~ + cc1: all warnings being treated as errors + +As clean_key is the result of malloc(len), there is no issue here. But +using strncpy can be considered as strange, because the size of the +string is already known and the NUL terminator is always added later, in +function ‘lookup_all.isra. + +Replace strncpy with memcpy to silence this gcc false-positive warning. + +Signed-off-by: Nicolas Iooss +Acked-by: Petr Lautrbach +--- + libselinux/src/label_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index 726394ca4332..cfce23e0119e 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -909,7 +909,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, + if (!clean_key) + goto finish; + +- strncpy(clean_key, key, len - 1); ++ memcpy(clean_key, key, len - 1); + } + + clean_key[len - 1] = '\0'; +-- +2.32.0.rc1 + diff --git a/0003-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch b/0003-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch new file mode 100644 index 0000000..a91b0b8 --- /dev/null +++ b/0003-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch @@ -0,0 +1,46 @@ +From c530a5f37bb2ebd0cca1eeb714d39c43bd514cd6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:35 +0200 +Subject: [PATCH] libselinux: sidtab_hash(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not discard the const qualifier of the function argument, and drop +the redundant local variable `keyp`. + +avc_sidtab.c: In function ‘sidtab_hash’: +avc_sidtab.c:23:9: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 23 | keyp = (char *)key; + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc_sidtab.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 9669264d651a..8dc875608762 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -15,14 +15,13 @@ + + static inline unsigned sidtab_hash(const char * key) + { +- char *p, *keyp; ++ const char *p; + unsigned int size; + unsigned int val; + + val = 0; +- keyp = (char *)key; +- size = strlen(keyp); +- for (p = keyp; (unsigned int)(p - keyp) < size; p++) ++ size = strlen(key); ++ for (p = key; (unsigned int)(p - key) < size; p++) + val = + (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p); + return val & (SIDTAB_SIZE - 1); +-- +2.32.0.rc1 + diff --git a/0004-libselinux-selinux_file_context_cmp-do-not-discard-c.patch b/0004-libselinux-selinux_file_context_cmp-do-not-discard-c.patch new file mode 100644 index 0000000..d0872c6 --- /dev/null +++ b/0004-libselinux-selinux_file_context_cmp-do-not-discard-c.patch @@ -0,0 +1,48 @@ +From 17ddb94f4014b715214268148447c84e7c037fcb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:40 +0200 +Subject: [PATCH] libselinux: selinux_file_context_cmp(): do not discard const + qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +matchpathcon.c: In function ‘selinux_file_context_cmp’: +matchpathcon.c:487:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 487 | rest_a = strchr((char *)a, ':'); + | ^ +matchpathcon.c:488:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 488 | rest_b = strchr((char *)b, ':'); + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchpathcon.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c +index 2ec66650cae0..9e1fab593266 100644 +--- a/libselinux/src/matchpathcon.c ++++ b/libselinux/src/matchpathcon.c +@@ -477,15 +477,15 @@ void matchpathcon_checkmatches(char *str __attribute__((unused))) + int selinux_file_context_cmp(const char * a, + const char * b) + { +- char *rest_a, *rest_b; /* Rest of the context after the user */ ++ const char *rest_a, *rest_b; /* Rest of the context after the user */ + if (!a && !b) + return 0; + if (!a) + return -1; + if (!b) + return 1; +- rest_a = strchr((char *)a, ':'); +- rest_b = strchr((char *)b, ':'); ++ rest_a = strchr(a, ':'); ++ rest_b = strchr(b, ':'); + if (!rest_a && !rest_b) + return 0; + if (!rest_a) +-- +2.32.0.rc1 + diff --git a/0005-libselinux-label_common-do-not-discard-const-qualifi.patch b/0005-libselinux-label_common-do-not-discard-const-qualifi.patch new file mode 100644 index 0000000..3b55831 --- /dev/null +++ b/0005-libselinux-label_common-do-not-discard-const-qualifi.patch @@ -0,0 +1,69 @@ +From 967d3d5d1b42b6483fc9135e7ac7d198fbd85212 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:42 +0200 +Subject: [PATCH] libselinux: label_common(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As the const qualifier is discarded in label_common(), do not return a +const qualified pointer pointer from the local function `lookup_all()`. + +label_file.c: In function ‘lookup_common’: +label_file.c:994:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 994 | struct spec *result = (struct spec*)matches[0]; + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index cfce23e0119e..b080fcf1305b 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -845,7 +845,7 @@ static void closef(struct selabel_handle *rec) + // Finds all the matches of |key| in the given context. Returns the result in + // the allocated array and updates the match count. If match_count is NULL, + // stops early once the 1st match is found. +-static const struct spec **lookup_all(struct selabel_handle *rec, ++static struct spec **lookup_all(struct selabel_handle *rec, + const char *key, + int type, + bool partial, +@@ -861,7 +861,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec, + unsigned int sofar = 0; + char *sub = NULL; + +- const struct spec **result = NULL; ++ struct spec **result = NULL; + if (match_count) { + *match_count = 0; + result = calloc(data->nspec, sizeof(struct spec*)); +@@ -987,11 +987,11 @@ static struct spec *lookup_common(struct selabel_handle *rec, + const char *key, + int type, + bool partial) { +- const struct spec **matches = lookup_all(rec, key, type, partial, NULL); ++ struct spec **matches = lookup_all(rec, key, type, partial, NULL); + if (!matches) { + return NULL; + } +- struct spec *result = (struct spec*)matches[0]; ++ struct spec *result = matches[0]; + free(matches); + return result; + } +@@ -1054,7 +1054,7 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key + assert(digest); + + size_t total_matches; +- const struct spec **matches = lookup_all(rec, key, 0, true, &total_matches); ++ struct spec **matches = lookup_all(rec, key, 0, true, &total_matches); + if (!matches) { + return false; + } +-- +2.32.0.rc1 + diff --git a/0006-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch b/0006-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch new file mode 100644 index 0000000..1f2508a --- /dev/null +++ b/0006-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch @@ -0,0 +1,85 @@ +From 35016346471698822834471ca2ddf9019ebd25d7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:44 +0200 +Subject: [PATCH] libselinux: Sha1Finalise(): do not discard const qualifier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Mark the argument `Buffer` of `Sha1Update()` const, since it is not +modified. + +sha1.c: In function ‘Sha1Finalise’: +sha1.c:208:25: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 208 | Sha1Update(Context, (uint8_t*)"\x80", 1); + | ^ +sha1.c:211:29: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual] + 211 | Sha1Update(Context, (uint8_t*)"\0", 1); + | ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/sha1.c | 10 +++++----- + libselinux/src/sha1.h | 2 +- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c +index 9a8ce01dceda..664bbcf26eef 100644 +--- a/libselinux/src/sha1.c ++++ b/libselinux/src/sha1.c +@@ -151,7 +151,7 @@ void + Sha1Update + ( + Sha1Context* Context, +- void* Buffer, ++ const void* Buffer, + uint32_t BufferSize + ) + { +@@ -172,7 +172,7 @@ void + TransformFunction(Context->State, Context->Buffer); + for (; i + 63 < BufferSize; i += 64) + { +- TransformFunction(Context->State, (uint8_t*)Buffer + i); ++ TransformFunction(Context->State, (const uint8_t*)Buffer + i); + } + j = 0; + } +@@ -181,7 +181,7 @@ void + i = 0; + } + +- memcpy(&Context->Buffer[j], &((uint8_t*)Buffer)[i], BufferSize - i); ++ memcpy(&Context->Buffer[j], &((const uint8_t*)Buffer)[i], BufferSize - i); + } + + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +@@ -205,10 +205,10 @@ void + finalcount[i] = (unsigned char)((Context->Count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); // Endian independent + } +- Sha1Update(Context, (uint8_t*)"\x80", 1); ++ Sha1Update(Context, (const uint8_t*)"\x80", 1); + while ((Context->Count[0] & 504) != 448) + { +- Sha1Update(Context, (uint8_t*)"\0", 1); ++ Sha1Update(Context, (const uint8_t*)"\0", 1); + } + + Sha1Update(Context, finalcount, 8); // Should cause a Sha1TransformFunction() +diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h +index eac3c195351a..f83a6e7ed7ba 100644 +--- a/libselinux/src/sha1.h ++++ b/libselinux/src/sha1.h +@@ -64,7 +64,7 @@ void + Sha1Update + ( + Sha1Context* Context, +- void* Buffer, ++ const void* Buffer, + uint32_t BufferSize + ); + +-- +2.32.0.rc1 + diff --git a/0007-libselinux-sefcontext_compile-mark-local-variable-st.patch b/0007-libselinux-sefcontext_compile-mark-local-variable-st.patch new file mode 100644 index 0000000..d8ccade --- /dev/null +++ b/0007-libselinux-sefcontext_compile-mark-local-variable-st.patch @@ -0,0 +1,31 @@ +From 0a14ec7348a5657fa29d58e03c51500d89cc9908 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:46 +0200 +Subject: [PATCH] libselinux: sefcontext_compile: mark local variable static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `policy_file` is only used in sefcontext_compile.c. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/sefcontext_compile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c +index dcb0085ad67e..6c32172d9944 100644 +--- a/libselinux/utils/sefcontext_compile.c ++++ b/libselinux/utils/sefcontext_compile.c +@@ -14,7 +14,7 @@ + #include "../src/label_file.h" + #include "../src/regex.h" + +-const char *policy_file; ++static const char *policy_file; + static int ctx_err; + + static int validate_context(char **ctxp) +-- +2.32.0.rc1 + diff --git a/0008-libselinux-avcstat-use-standard-length-modifier-for-.patch b/0008-libselinux-avcstat-use-standard-length-modifier-for-.patch new file mode 100644 index 0000000..8434f1f --- /dev/null +++ b/0008-libselinux-avcstat-use-standard-length-modifier-for-.patch @@ -0,0 +1,42 @@ +From c3f4742bb96b7688eb8abd6cc3a89f30aff55f06 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:48 +0200 +Subject: [PATCH] libselinux: avcstat: use standard length modifier for + unsigned long long +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The format width specifier `L` is only standardized for floating point +types. Use `ll` for fixed-width data types. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/avcstat.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c +index da2392870c51..cc9a48dd4c3a 100644 +--- a/libselinux/utils/avcstat.c ++++ b/libselinux/utils/avcstat.c +@@ -205,7 +205,7 @@ int main(int argc, char **argv) + die("unable to parse \'%s\': no data", avcstatfile); + + if (cumulative || !i) +- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", ++ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n", + tot.lookups, tot.hits, tot.misses, + tot.allocations, tot.reclaims, tot.frees); + else { +@@ -215,7 +215,7 @@ int main(int argc, char **argv) + rel.allocations = tot.allocations - last.allocations; + rel.reclaims = tot.reclaims - last.reclaims; + rel.frees = tot.frees - last.frees; +- printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", ++ printf("%10llu %10llu %10llu %10llu %10llu %10llu\n", + rel.lookups, rel.hits, rel.misses, + rel.allocations, rel.reclaims, rel.frees); + } +-- +2.32.0.rc1 + diff --git a/0009-libselinux-selinux_restorecon-mark-local-variable-st.patch b/0009-libselinux-selinux_restorecon-mark-local-variable-st.patch new file mode 100644 index 0000000..89caae5 --- /dev/null +++ b/0009-libselinux-selinux_restorecon-mark-local-variable-st.patch @@ -0,0 +1,38 @@ +From b1a27a010e12a88eb93c507018d7cb0b5ad84951 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:51 +0200 +Subject: [PATCH] libselinux: selinux_restorecon: mark local variable static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `dir_xattr_list` is only used inside `selinux_restorecon.c`. + +selinux_restorecon.c:65:19: warning: no previous extern declaration for non-static variable 'dir_xattr_list' [-Wmissing-variable-declarations] +struct dir_xattr *dir_xattr_list; + ^ +selinux_restorecon.c:65:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit +struct dir_xattr *dir_xattr_list; +^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_restorecon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 63fb8dc53c28..249c361fa988 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -62,7 +62,7 @@ static uint64_t fc_count = 0; /* Number of files processed so far */ + static uint64_t efile_count; /* Estimated total number of files */ + + /* Store information on directories with xattr's. */ +-struct dir_xattr *dir_xattr_list; ++static struct dir_xattr *dir_xattr_list; + static struct dir_xattr *dir_xattr_last; + + /* restorecon_flags for passing to restorecon_sb() */ +-- +2.32.0.rc1 + diff --git a/0010-libselinux-selabel_get_digests_all_partial_matches-f.patch b/0010-libselinux-selabel_get_digests_all_partial_matches-f.patch new file mode 100644 index 0000000..8dbd825 --- /dev/null +++ b/0010-libselinux-selabel_get_digests_all_partial_matches-f.patch @@ -0,0 +1,51 @@ +From b31e50f9d00c3dcd68a63228e206e1f6099570f6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:53 +0200 +Subject: [PATCH] libselinux: selabel_get_digests_all_partial_matches: free + memory after FTS_D block +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Free all memory from `selabel_get_digests_all_partial_matches()` in case +of success and failure. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + .../utils/selabel_get_digests_all_partial_matches.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c +index 0c2edc67771d..e28833d2ce97 100644 +--- a/libselinux/utils/selabel_get_digests_all_partial_matches.c ++++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c +@@ -128,7 +128,7 @@ int main(int argc, char **argv) + printf("No SHA1 digest available for: %s\n", + ftsent->fts_path); + printf("as file_context entry is \"<>\"\n"); +- break; ++ goto cleanup; + } + + printf("The file_context entries for: %s\n", +@@ -149,11 +149,11 @@ int main(int argc, char **argv) + xattr_digest[i]); + printf("%s\n", sha1_buf); + } +- +- free(xattr_digest); +- free(calculated_digest); +- free(sha1_buf); + } ++ cleanup: ++ free(xattr_digest); ++ free(calculated_digest); ++ free(sha1_buf); + break; + } + default: +-- +2.32.0.rc1 + diff --git a/0011-libselinux-getconlist-free-memory-on-multiple-level-.patch b/0011-libselinux-getconlist-free-memory-on-multiple-level-.patch new file mode 100644 index 0000000..93d1749 --- /dev/null +++ b/0011-libselinux-getconlist-free-memory-on-multiple-level-.patch @@ -0,0 +1,34 @@ +From 809615a5b204e3e8426d363d62717785401618ec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:55 +0200 +Subject: [PATCH] libselinux: getconlist: free memory on multiple level + arguments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not leak memory if the program argument `l` got passed more than +once. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/getconlist.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c +index 76654b75151a..0bb2846937ca 100644 +--- a/libselinux/utils/getconlist.c ++++ b/libselinux/utils/getconlist.c +@@ -26,6 +26,7 @@ int main(int argc, char **argv) + while ((opt = getopt(argc, argv, "l:")) > 0) { + switch (opt) { + case 'l': ++ free(level); + level = strdup(optarg); + if (!level) { + fprintf(stderr, "memory allocation failure: %d(%s)\n", +-- +2.32.0.rc1 + diff --git a/0012-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch b/0012-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch new file mode 100644 index 0000000..f338c1b --- /dev/null +++ b/0012-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch @@ -0,0 +1,42 @@ +From b7e0f5dce75c4c7a1333f5231a61af58f225b725 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:57 +0200 +Subject: [PATCH] libselinux: exclude_non_seclabel_mounts(): drop unused + variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `num` is never read from. + +Found by clang-analyer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_restorecon.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 249c361fa988..6fb9e1ff486d 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -230,7 +230,6 @@ static int exclude_non_seclabel_mounts(void) + struct utsname uts; + FILE *fp; + size_t len; +- ssize_t num; + int index = 0, found = 0, nfile = 0; + char *mount_info[4]; + char *buf = NULL, *item; +@@ -245,7 +244,7 @@ static int exclude_non_seclabel_mounts(void) + if (!fp) + return 0; + +- while ((num = getline(&buf, &len, fp)) != -1) { ++ while (getline(&buf, &len, fp) != -1) { + found = 0; + index = 0; + item = strtok(buf, " "); +-- +2.32.0.rc1 + diff --git a/0013-libselinux-context_new-drop-dead-assignment.patch b/0013-libselinux-context_new-drop-dead-assignment.patch new file mode 100644 index 0000000..4331e67 --- /dev/null +++ b/0013-libselinux-context_new-drop-dead-assignment.patch @@ -0,0 +1,34 @@ +From d924809116c2a6215d31c08a6a03e4c429f48fc0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:10:59 +0200 +Subject: [PATCH] libselinux: context_new(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `i` is not used inside this loop, and it later +unconditionally set to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/context.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/context.c b/libselinux/src/context.c +index ce4258806c53..b2144c7cf76c 100644 +--- a/libselinux/src/context.c ++++ b/libselinux/src/context.c +@@ -37,7 +37,7 @@ context_t context_new(const char *str) + } + n->current_str = n->component[0] = n->component[1] = n->component[2] = + n->component[3] = 0; +- for (i = count = 0, p = str; *p; p++) { ++ for (count = 0, p = str; *p; p++) { + switch (*p) { + case ':': + count++; +-- +2.32.0.rc1 + diff --git a/0014-libselinux-label_x-init-drop-dead-assignment.patch b/0014-libselinux-label_x-init-drop-dead-assignment.patch new file mode 100644 index 0000000..0f68c1c --- /dev/null +++ b/0014-libselinux-label_x-init-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 36354ac7585d6e40873cbb74602f651d3d8a4d86 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:01 +0200 +Subject: [PATCH] libselinux: label_x::init(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `lineno` is only used in the preceding loop and is always +set prior that to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_x.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c +index 9674529931a7..e9fa063fafff 100644 +--- a/libselinux/src/label_x.c ++++ b/libselinux/src/label_x.c +@@ -146,7 +146,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } +- lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { +-- +2.32.0.rc1 + diff --git a/0015-libselinux-label_media-init-drop-dead-assignment.patch b/0015-libselinux-label_media-init-drop-dead-assignment.patch new file mode 100644 index 0000000..05d2829 --- /dev/null +++ b/0015-libselinux-label_media-init-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 0bceb02d526b73495d8ce0a85170aba46d2760bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:03 +0200 +Subject: [PATCH] libselinux: label_media::init(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `lineno` is only used in the preceding loop and it always +set prior that to 0. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_media.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c +index d202e5d5ab83..eb27deaf510e 100644 +--- a/libselinux/src/label_media.c ++++ b/libselinux/src/label_media.c +@@ -119,7 +119,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } +- lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { +-- +2.32.0.rc1 + diff --git a/0016-libselinux-setexecfilecon-drop-dead-assignment.patch b/0016-libselinux-setexecfilecon-drop-dead-assignment.patch new file mode 100644 index 0000000..df1a8d1 --- /dev/null +++ b/0016-libselinux-setexecfilecon-drop-dead-assignment.patch @@ -0,0 +1,33 @@ +From 39eb347b3c557b65085b007ce5fab93f1f32ddd1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:05 +0200 +Subject: [PATCH] libselinux: setexecfilecon(): drop dead assignment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The variable `rc` is always unconditionally assigned by the next call of +`setexeccon()` and never read in between. + +Found by clang-analyzer. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/setexecfilecon.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c +index e72ba0d98880..2c6505a96a48 100644 +--- a/libselinux/src/setexecfilecon.c ++++ b/libselinux/src/setexecfilecon.c +@@ -37,7 +37,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) + newcon = strdup(context_str(con)); + if (!newcon) + goto out; +- rc = 0; + } + + rc = setexeccon(newcon); +-- +2.32.0.rc1 + diff --git a/0017-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch b/0017-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch new file mode 100644 index 0000000..288da1a --- /dev/null +++ b/0017-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch @@ -0,0 +1,51 @@ +From 4c3c1c070a5f4b80cfdd45e261e4517c76c19448 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:07 +0200 +Subject: [PATCH] libselinux: getdefaultcon: free memory on multiple same + arguments +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not leak memory if program arguments get specified more than once. + +Found by clang-anlyzer. + +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'level' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'role' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ +getdefaultcon.c:52:3: warning: Potential leak of memory pointed to by 'service' [unix.Malloc] + fprintf(stderr, + ^~~~~~~~~~~~~~~ + +Signed-off-by: Christian Göttsche +--- + libselinux/utils/getdefaultcon.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c +index 96a5a8c23656..957c1cb2e307 100644 +--- a/libselinux/utils/getdefaultcon.c ++++ b/libselinux/utils/getdefaultcon.c +@@ -28,12 +28,15 @@ int main(int argc, char **argv) + while ((opt = getopt(argc, argv, "l:r:s:v")) > 0) { + switch (opt) { + case 'l': ++ free(level); + level = strdup(optarg); + break; + case 'r': ++ free(role); + role = strdup(optarg); + break; + case 's': ++ free(service); + service = strdup(optarg); + break; + case 'v': +-- +2.32.0.rc1 + diff --git a/0018-libselinux-store_stem-do-not-free-possible-non-heap-.patch b/0018-libselinux-store_stem-do-not-free-possible-non-heap-.patch new file mode 100644 index 0000000..3273ec3 --- /dev/null +++ b/0018-libselinux-store_stem-do-not-free-possible-non-heap-.patch @@ -0,0 +1,62 @@ +From cc1db9c34d00faf0ee13c152194fcd4e675ab753 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:09 +0200 +Subject: [PATCH] libselinux: store_stem(): do not free possible non-heap + object +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 11 complains: + +In file included from label_file.c:24: +In function ‘store_stem’, + inlined from ‘load_mmap’ at label_file.c:277:12, + inlined from ‘process_file’ at label_file.c:551:5: +label_file.h:289:25: error: ‘free’ called on pointer ‘*mmap_area.next_addr’ with nonzero offset 4 [-Werror=free-nonheap-object] + 289 | free(buf); + | ^~~~~~~~~ + +Free the pointer on failure at the caller instead of inside `store_stem()`. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h +index baed3341b6b3..9f6337012216 100644 +--- a/libselinux/src/label_file.h ++++ b/libselinux/src/label_file.h +@@ -286,7 +286,6 @@ static inline int store_stem(struct saved_data *data, char *buf, int stem_len) + tmp_arr = realloc(data->stem_arr, + sizeof(*tmp_arr) * alloc_stems); + if (!tmp_arr) { +- free(buf); + return -1; + } + data->alloc_stems = alloc_stems; +@@ -308,6 +307,7 @@ static inline int find_stem_from_spec(struct saved_data *data, const char *buf) + int stem_len = get_stem_from_spec(buf); + int stemid; + char *stem; ++ int r; + + if (!stem_len) + return -1; +@@ -321,7 +321,11 @@ static inline int find_stem_from_spec(struct saved_data *data, const char *buf) + if (!stem) + return -1; + +- return store_stem(data, stem, stem_len); ++ r = store_stem(data, stem, stem_len); ++ if (r < 0) ++ free(stem); ++ ++ return r; + } + + /* This will always check for buffer over-runs and either read the next entry +-- +2.32.0.rc1 + diff --git a/0019-libselinux-matchmediacon-close-file-on-error.patch b/0019-libselinux-matchmediacon-close-file-on-error.patch new file mode 100644 index 0000000..7c3b861 --- /dev/null +++ b/0019-libselinux-matchmediacon-close-file-on-error.patch @@ -0,0 +1,39 @@ +From 0732233fd29c20dd54450803d9113916d3b6e28d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:11 +0200 +Subject: [PATCH] libselinux: matchmediacon(): close file on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Infer. + +matchmediacon.c:25: error: Resource Leak + resource of type `_IO_FILE` acquired to `return` by call to `fopen()` at line 21, column 16 is not released after line 25, column 4. + 23. while (!feof_unlocked(infile)) { + 24. if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { + 25. return -1; + ^ + 26. } + 27. if (current_line[strlen(current_line) - 1]) + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchmediacon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c +index 23d01af476d2..d3d9504348e1 100644 +--- a/libselinux/src/matchmediacon.c ++++ b/libselinux/src/matchmediacon.c +@@ -22,6 +22,7 @@ int matchmediacon(const char *media, char ** con) + return -1; + while (!feof_unlocked(infile)) { + if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { ++ fclose(infile); + return -1; + } + if (current_line[strlen(current_line) - 1]) +-- +2.32.0.rc1 + diff --git a/0020-libselinux-init_selinux_config-free-resources-on-err.patch b/0020-libselinux-init_selinux_config-free-resources-on-err.patch new file mode 100644 index 0000000..7894283 --- /dev/null +++ b/0020-libselinux-init_selinux_config-free-resources-on-err.patch @@ -0,0 +1,53 @@ +From 99bb0488069bc6ce8deb629b4f5e2cde73160e7b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:13 +0200 +Subject: [PATCH] libselinux: init_selinux_config(): free resources on error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by Infer. + +selinux_config.c:181: error: Resource Leak + resource of type `_IO_FILE` acquired by call to `fopen()` at line 165, column 7 is not released after line 181, column 6. + 179. type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); + 180. if (!type) + 181. return; + ^ + 182. end = type + strlen(type) - 1; + 183. while ((end > type) && + +Signed-off-by: Christian Göttsche +--- + libselinux/src/selinux_config.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c +index 6c5238953cb1..97f81a8b61ce 100644 +--- a/libselinux/src/selinux_config.c ++++ b/libselinux/src/selinux_config.c +@@ -177,8 +177,11 @@ static void init_selinux_config(void) + if (!strncasecmp(buf_p, SELINUXTYPETAG, + sizeof(SELINUXTYPETAG) - 1)) { + type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); +- if (!type) ++ if (!type) { ++ free(line_buf); ++ fclose(fp); + return; ++ } + end = type + strlen(type) - 1; + while ((end > type) && + (isspace(*end) || iscntrl(*end))) { +@@ -187,6 +190,8 @@ static void init_selinux_config(void) + } + if (setpolicytype(type) != 0) { + free(type); ++ free(line_buf); ++ fclose(fp); + return; + } + free(type); +-- +2.32.0.rc1 + diff --git a/0021-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch b/0021-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch new file mode 100644 index 0000000..01c6ad3 --- /dev/null +++ b/0021-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch @@ -0,0 +1,48 @@ +From 20feb894849305cdc4c786ced44f397804e308f3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:15 +0200 +Subject: [PATCH] libselinux: label_file::init(): do not pass NULL to strdup +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If any of the build flags `BUILD_HOST` or `ANDROID` is set and the +caller did not pass an option of type `SELABEL_OPT_PATH`, the variable +`path` might be not set. +Add a check to avoid calling `strdup()` with a NULL pointer. + +Found by cppcheck. + +src/label_file.c:759:26: warning: Possible null pointer dereference: path [nullPointer] + rec->spec_file = strdup(path); + ^ +src/label_file.c:713:21: note: Assignment 'path=NULL', assigned value is 0 + const char *path = NULL; + ^ +src/label_file.c:759:26: note: Null pointer dereference + rec->spec_file = strdup(path); + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index b080fcf1305b..4268b52c84cc 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -756,6 +756,10 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts, + } + + #endif ++ ++ if (!path) ++ goto finish; ++ + rec->spec_file = strdup(path); + + /* +-- +2.32.0.rc1 + diff --git a/0022-libselinux-matchpathcon-free-memory-on-realloc-failu.patch b/0022-libselinux-matchpathcon-free-memory-on-realloc-failu.patch new file mode 100644 index 0000000..96d1308 --- /dev/null +++ b/0022-libselinux-matchpathcon-free-memory-on-realloc-failu.patch @@ -0,0 +1,80 @@ +From 640a5a732e3d836c3a0f6992d4085468a486b4b5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:17 +0200 +Subject: [PATCH] libselinux: matchpathcon: free memory on realloc failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case `realloc()` fails and returns NULL, free the passed array, +instead of just setting the size helper variables to 0. + +Also free the string contents in `free_array_elts()` of the array +`con_array`, instead of just the array of pointers. + +Found by cppcheck. + +src/matchpathcon.c:86:4: error: Common realloc mistake: 'con_array' nulled but not freed upon failure [memleakOnRealloc] + con_array = (char **)realloc(con_array, sizeof(char*) * + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/matchpathcon.c | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c +index 9e1fab593266..075a3fb3ffcb 100644 +--- a/libselinux/src/matchpathcon.c ++++ b/libselinux/src/matchpathcon.c +@@ -78,17 +78,30 @@ static pthread_once_t once = PTHREAD_ONCE_INIT; + static pthread_key_t destructor_key; + static int destructor_key_initialized = 0; + ++static void free_array_elts(void) ++{ ++ int i; ++ for (i = 0; i < con_array_used; i++) ++ free(con_array[i]); ++ free(con_array); ++ ++ con_array_size = con_array_used = 0; ++ con_array = NULL; ++} ++ + static int add_array_elt(char *con) + { ++ char **tmp; + if (con_array_size) { + while (con_array_used >= con_array_size) { + con_array_size *= 2; +- con_array = (char **)realloc(con_array, sizeof(char*) * ++ tmp = (char **)realloc(con_array, sizeof(char*) * + con_array_size); +- if (!con_array) { +- con_array_size = con_array_used = 0; ++ if (!tmp) { ++ free_array_elts(); + return -1; + } ++ con_array = tmp; + } + } else { + con_array_size = 1000; +@@ -105,13 +118,6 @@ static int add_array_elt(char *con) + return con_array_used++; + } + +-static void free_array_elts(void) +-{ +- con_array_size = con_array_used = 0; +- free(con_array); +- con_array = NULL; +-} +- + void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c)) + { + myinvalidcon = f; +-- +2.32.0.rc1 + diff --git a/0023-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch b/0023-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch new file mode 100644 index 0000000..bf23fa6 --- /dev/null +++ b/0023-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch @@ -0,0 +1,36 @@ +From 370b39312430af8fc0426cc91a287def5d253771 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:19 +0200 +Subject: [PATCH] libselinux: label_db::db_init(): open file with CLOEXEC mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Open the file stream with the `e` flag, so that the underlying file +descriptor gets closed on an exec in a potential sibling thread. + +Also drop the flag `b`, since it is ignored on POSIX systems. + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_db.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c +index fba96c92299f..94c05c6d4397 100644 +--- a/libselinux/src/label_db.c ++++ b/libselinux/src/label_db.c +@@ -277,7 +277,7 @@ db_init(const struct selinux_opt *opts, unsigned nopts, + if (!path) + path = selinux_sepgsql_context_path(); + +- if ((filp = fopen(path, "rb")) == NULL) { ++ if ((filp = fopen(path, "re")) == NULL) { + free(catalog); + return NULL; + } +-- +2.32.0.rc1 + diff --git a/0024-libselinux-drop-redundant-casts-to-the-same-type.patch b/0024-libselinux-drop-redundant-casts-to-the-same-type.patch new file mode 100644 index 0000000..7924670 --- /dev/null +++ b/0024-libselinux-drop-redundant-casts-to-the-same-type.patch @@ -0,0 +1,73 @@ +From 2fb2a289325e63b603124741ba12a0dedad5fae0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:22 +0200 +Subject: [PATCH] libselinux: drop redundant casts to the same type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/audit2why.c | 2 +- + libselinux/src/avc_sidtab.c | 2 +- + libselinux/src/is_customizable_type.c | 2 +- + libselinux/src/selinux_restorecon.c | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c +index d56b56eb2a1a..029f874f4702 100644 +--- a/libselinux/src/audit2why.c ++++ b/libselinux/src/audit2why.c +@@ -275,7 +275,7 @@ static int __policy_init(const char *init_path) + } + + sepol_bool_iterate(avc->handle, avc->policydb, +- load_booleans, (void *)NULL); ++ load_booleans, NULL); + + /* Initialize the sidtab for subsequent use by sepol_context_to_sid + and sepol_compute_av_reason. */ +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 8dc875608762..8c81cf65d2ef 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -56,7 +56,7 @@ int sidtab_insert(struct sidtab *s, const char * ctx) + rc = -1; + goto out; + } +- newctx = (char *) strdup(ctx); ++ newctx = strdup(ctx); + if (!newctx) { + rc = -1; + avc_free(newnode); +diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c +index 92876f4d9371..1b17860c3622 100644 +--- a/libselinux/src/is_customizable_type.c ++++ b/libselinux/src/is_customizable_type.c +@@ -38,7 +38,7 @@ static int get_customizable_type_list(char *** retlist) + while (fgets_unlocked(buf, selinux_page_size, fp) + && i < ctr) { + buf[strlen(buf) - 1] = 0; +- list[i] = (char *) strdup(buf); ++ list[i] = strdup(buf); + if (!list[i]) { + unsigned int j; + for (j = 0; j < i; j++) +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index 6fb9e1ff486d..999aa924ba32 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -1152,7 +1152,7 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl) + unsigned char *fc_digest; + size_t num_specfiles, fc_digest_len; + +- fc_sehandle = (struct selabel_handle *) hndl; ++ fc_sehandle = hndl; + if (!fc_sehandle) + return; + +-- +2.32.0.rc1 + diff --git a/0025-libselinux-sidtab_sid_stats-unify-parameter-name.patch b/0025-libselinux-sidtab_sid_stats-unify-parameter-name.patch new file mode 100644 index 0000000..4787f1c --- /dev/null +++ b/0025-libselinux-sidtab_sid_stats-unify-parameter-name.patch @@ -0,0 +1,60 @@ +From 215d83598c180055cddd3787bcb6e1abe8a416d9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:24 +0200 +Subject: [PATCH] libselinux: sidtab_sid_stats(): unify parameter name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +libselinux/src/avc_sidtab.h:32:6: warning: function 'sidtab_sid_stats' has a definition with different parameter names [readability-inconsistent-declaration-parameter-name] +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) ; + ^ +libselinux/src/avc_sidtab.c:103:6: note: the definition seen here +void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + ^ +libselinux/src/avc_sidtab.h:32:6: note: differing parameters are named here: ('s'), in definition: ('h') +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) ; + ^ ~ + h + +Signed-off-by: Christian Göttsche +--- + libselinux/src/avc_sidtab.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c +index 8c81cf65d2ef..f179d8558a45 100644 +--- a/libselinux/src/avc_sidtab.c ++++ b/libselinux/src/avc_sidtab.c +@@ -100,7 +100,7 @@ sidtab_context_to_sid(struct sidtab *s, + return rc; + } + +-void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) ++void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) + { + int i, chain_len, slots_used, max_chain_len; + struct sidtab_node *cur; +@@ -108,7 +108,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + slots_used = 0; + max_chain_len = 0; + for (i = 0; i < SIDTAB_SIZE; i++) { +- cur = h->htable[i]; ++ cur = s->htable[i]; + if (cur) { + slots_used++; + chain_len = 0; +@@ -124,7 +124,7 @@ void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) + + snprintf(buf, buflen, + "%s: %u SID entries and %d/%d buckets used, longest " +- "chain length %d\n", avc_prefix, h->nel, slots_used, ++ "chain length %d\n", avc_prefix, s->nel, slots_used, + SIDTAB_SIZE, max_chain_len); + } + +-- +2.32.0.rc1 + diff --git a/0026-libselinux-regex-unify-parameter-names.patch b/0026-libselinux-regex-unify-parameter-names.patch new file mode 100644 index 0000000..f7d6bff --- /dev/null +++ b/0026-libselinux-regex-unify-parameter-names.patch @@ -0,0 +1,42 @@ +From 027fa1706e3804577132e835b22965ceca761b31 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:26 +0200 +Subject: [PATCH] libselinux: regex: unify parameter names +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use the same parameter names as in the header `regex.h`. + +Found by clang-tidy. + +Signed-off-by: Christian Göttsche +--- + libselinux/src/regex.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c +index 770bc3ea1310..73987d9f1063 100644 +--- a/libselinux/src/regex.c ++++ b/libselinux/src/regex.c +@@ -319,7 +319,7 @@ char const *regex_version(void) + } + + int regex_load_mmap(struct mmap_area *mmap_area, struct regex_data **regex, +- int unused __attribute__((unused)), bool *regex_compiled) ++ int do_load_precompregex __attribute__((unused)), bool *regex_compiled) + { + int rc; + uint32_t entry_len; +@@ -387,7 +387,7 @@ static inline pcre_extra *get_pcre_extra(struct regex_data *regex) + } + + int regex_writef(struct regex_data *regex, FILE *fp, +- int unused __attribute__((unused))) ++ int do_write_precompregex __attribute__((unused))) + { + int rc; + size_t len; +-- +2.32.0.rc1 + diff --git a/0027-libselinux-label_file.c-fix-indent.patch b/0027-libselinux-label_file.c-fix-indent.patch new file mode 100644 index 0000000..7153bae --- /dev/null +++ b/0027-libselinux-label_file.c-fix-indent.patch @@ -0,0 +1,35 @@ +From 700c829317e44f194f69c785144423d10b14c21d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 3 May 2021 17:11:31 +0200 +Subject: [PATCH] libselinux: label_file.c: fix indent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Found by clang-tidy. + +libselinux/src/label_file.c:374:4: warning: different indentation for 'if' and corresponding 'else' [readability-misleading-indentation] + else + ^ + +Signed-off-by: Christian Göttsche +--- + libselinux/src/label_file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c +index 4268b52c84cc..56f499faef97 100644 +--- a/libselinux/src/label_file.c ++++ b/libselinux/src/label_file.c +@@ -371,7 +371,7 @@ end_arch_check: + + if (stem_id < 0 || stem_id >= (int32_t)stem_map_len) + spec->stem_id = -1; +- else ++ else + spec->stem_id = stem_map[stem_id]; + + /* retrieve the hasMetaChars bit */ +-- +2.32.0.rc1 + diff --git a/0028-libselinux-setexecfilecon-remove-unnecessary-if.patch b/0028-libselinux-setexecfilecon-remove-unnecessary-if.patch new file mode 100644 index 0000000..a84bfab --- /dev/null +++ b/0028-libselinux-setexecfilecon-remove-unnecessary-if.patch @@ -0,0 +1,39 @@ +From 44760b7ef671b83eb7d1168b07d849d1d887b54f Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 25 May 2021 14:55:02 +0200 +Subject: [PATCH] libselinux/setexecfilecon: remove unnecessary if + +Fixes: + Error: IDENTICAL_BRANCHES (CWE-398): [#def2] + libselinux/src/setexecfilecon.c:46: implicit_else: The code from the above if-then branch is identical to the code after the if statement. + libselinux/src/setexecfilecon.c:44: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed? + # 42| + # 43| rc = setexeccon(newcon); + # 44|-> if (rc < 0) + # 45| goto out; + # 46| out: + +Signed-off-by: Petr Lautrbach +--- + libselinux/src/setexecfilecon.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c +index 2c6505a96a48..669d426065f6 100644 +--- a/libselinux/src/setexecfilecon.c ++++ b/libselinux/src/setexecfilecon.c +@@ -40,9 +40,8 @@ int setexecfilecon(const char *filename, const char *fallback_type) + } + + rc = setexeccon(newcon); +- if (rc < 0) +- goto out; +- out: ++ ++ out: + + if (rc < 0 && security_getenforce() == 0) + rc = 0; +-- +2.32.0.rc1 + diff --git a/libselinux.spec b/libselinux.spec index aed07fd..e13d146 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,7 +4,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 3.2 -Release: 2%{?dist} +Release: 3%{?dist} License: Public Domain # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/libselinux-3.2.tar.gz @@ -16,6 +16,34 @@ Url: https://github.com/SELinuxProject/selinux/wiki # $ git format-patch -N 3.2 -- libselinux # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start +Patch0001: 0001-libselinux-selinux_check_passwd_access_internal-resp.patch +Patch0002: 0002-libselinux-silence-Wstringop-overflow-warning-from-g.patch +Patch0003: 0003-libselinux-sidtab_hash-do-not-discard-const-qualifie.patch +Patch0004: 0004-libselinux-selinux_file_context_cmp-do-not-discard-c.patch +Patch0005: 0005-libselinux-label_common-do-not-discard-const-qualifi.patch +Patch0006: 0006-libselinux-Sha1Finalise-do-not-discard-const-qualifi.patch +Patch0007: 0007-libselinux-sefcontext_compile-mark-local-variable-st.patch +Patch0008: 0008-libselinux-avcstat-use-standard-length-modifier-for-.patch +Patch0009: 0009-libselinux-selinux_restorecon-mark-local-variable-st.patch +Patch0010: 0010-libselinux-selabel_get_digests_all_partial_matches-f.patch +Patch0011: 0011-libselinux-getconlist-free-memory-on-multiple-level-.patch +Patch0012: 0012-libselinux-exclude_non_seclabel_mounts-drop-unused-v.patch +Patch0013: 0013-libselinux-context_new-drop-dead-assignment.patch +Patch0014: 0014-libselinux-label_x-init-drop-dead-assignment.patch +Patch0015: 0015-libselinux-label_media-init-drop-dead-assignment.patch +Patch0016: 0016-libselinux-setexecfilecon-drop-dead-assignment.patch +Patch0017: 0017-libselinux-getdefaultcon-free-memory-on-multiple-sam.patch +Patch0018: 0018-libselinux-store_stem-do-not-free-possible-non-heap-.patch +Patch0019: 0019-libselinux-matchmediacon-close-file-on-error.patch +Patch0020: 0020-libselinux-init_selinux_config-free-resources-on-err.patch +Patch0021: 0021-libselinux-label_file-init-do-not-pass-NULL-to-strdu.patch +Patch0022: 0022-libselinux-matchpathcon-free-memory-on-realloc-failu.patch +Patch0023: 0023-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch +Patch0024: 0024-libselinux-drop-redundant-casts-to-the-same-type.patch +Patch0025: 0025-libselinux-sidtab_sid_stats-unify-parameter-name.patch +Patch0026: 0026-libselinux-regex-unify-parameter-names.patch +Patch0027: 0027-libselinux-label_file.c-fix-indent.patch +Patch0028: 0028-libselinux-setexecfilecon-remove-unnecessary-if.patch # Patch list end BuildRequires: gcc make BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel @@ -212,6 +240,11 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %{ruby_vendorarchdir}/selinux.so %changelog +* Tue May 25 2021 Petr Lautrbach - 3.2-3 +- selinux_check_passwd_access_internal(): respect deny_unknown +- Silence -Wstringop-overflow warning from gcc 10.3.1 +- Fixed misc compiler and static analyzer findings + * Fri Apr 16 2021 Mohan Boddu - 3.2-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937