From b83512ff2c71e18b0ed71aa72167309ffa15de53 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 13 Apr 2005 15:42:02 +0000 Subject: [PATCH] - Change assert(selinux_mnt) to if (!selinux_mnt) return -1; --- .cvsignore | 1 + libselinux-rhat.patch | 501 +++--------------------------------------- libselinux.spec | 5 +- sources | 2 +- 4 files changed, 41 insertions(+), 468 deletions(-) diff --git a/.cvsignore b/.cvsignore index 47a8d00..1660cde 100644 --- a/.cvsignore +++ b/.cvsignore @@ -33,3 +33,4 @@ libselinux-1.23.3.tgz libselinux-1.23.4.tgz libselinux-1.23.5.tgz libselinux-1.23.6.tgz +libselinux-1.23.7.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index ddf8cb5..1131c2c 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,474 +1,43 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.23.2/include/selinux/selinux.h ---- nsalibselinux/include/selinux/selinux.h 2005-03-17 10:34:51.000000000 -0500 -+++ libselinux-1.23.2/include/selinux/selinux.h 2005-03-28 15:02:16.000000000 -0500 -@@ -136,6 +136,16 @@ - /* Load a policy configuration. */ - extern int security_load_policy(void *data, size_t len); +diff --exclude-from=exclude -N -u -r nsalibselinux/src/booleans.c libselinux-1.23.5/src/booleans.c +--- nsalibselinux/src/booleans.c 2005-03-29 21:55:23.000000000 -0500 ++++ libselinux-1.23.5/src/booleans.c 2005-04-12 08:48:47.000000000 -0400 +@@ -45,7 +45,8 @@ + char **n; -+/* Translate boolean strict to name value pair. */ -+typedef struct { -+ char *name; -+ int value; -+} SELboolean; -+ /* save a list of booleans in a single transaction. */ -+extern int security_set_boolean_list(size_t boolcnt, -+ SELboolean *boollist, -+ int permanent); -+ - /* Load policy boolean settings. - Path may be NULL, in which case the booleans are loaded from - the active policy boolean configuration file. */ -diff --exclude-from=exclude -N -u -r nsalibselinux/src/booleans.c libselinux-1.23.2/src/booleans.c ---- nsalibselinux/src/booleans.c 2004-11-09 09:13:54.000000000 -0500 -+++ libselinux-1.23.2/src/booleans.c 2005-03-29 10:29:50.000000000 -0500 -@@ -238,51 +238,198 @@ - dest[i+1]='\0'; - return dest; - } -+static int process_boolean(char *buffer, char *name, int namesize, int *val) { -+ char name1[BUFSIZ]; -+ char *ptr; -+ char *tok=strtok_r(buffer,"=",&ptr); -+ if (tok) { -+ strncpy(name1,tok, BUFSIZ-1); -+ strtrim(name,name1,namesize-1); -+ if ( name[0]=='#' ) return 0; -+ tok=strtok_r(NULL,"\0",&ptr); -+ if (tok) { -+ while (isspace(*tok)) tok++; -+ *val = -1; -+ if (isdigit(tok[0])) -+ *val=atoi(tok); -+ else if (!strncasecmp(tok, "true", sizeof("true")-1)) -+ *val = 1; -+ else if (!strncasecmp(tok, "false", sizeof("false")-1)) -+ *val = 0; -+ if (*val != 0 && *val != 1) { -+ errno=EINVAL; -+ return -1; -+ } -+ -+ } -+ } -+ return 1; -+} -+static int save_booleans(size_t boolcnt, SELboolean *boollist) { -+ ssize_t len; -+ size_t i; -+ char outbuf[BUFSIZ]; -+ char *inbuf=NULL; -+ -+ /* Open file */ -+ const char *bool_file = selinux_booleans_path(); -+ char local_bool_file[PATH_MAX]; -+ char tmp_bool_file[PATH_MAX]; -+ FILE *boolf; -+ int fd; -+ int *used= (int *) malloc (sizeof(int) * boolcnt); -+ if (! used) { + assert(len); +- assert(selinux_mnt); ++ if (!selinux_mnt) + return -1; -+ } -+ /* zero out used field */ -+ for (i=0; i < boolcnt; i++) -+ used[i]=0; -+ -+ -+ snprintf(tmp_bool_file,sizeof(tmp_bool_file),"%s.XXXXXX", bool_file); -+ fd = mkstemp(tmp_bool_file); -+ if (fd < 0) { -+ free(used); -+ return -1; -+ } -+ -+ snprintf(local_bool_file,sizeof(local_bool_file),"%s.local", bool_file); boolf = fopen(local_bool_file,"r"); -+ if (boolf != NULL) { -+ ssize_t ret; -+ size_t size=0; -+ int val; -+ char boolname[BUFSIZ]; -+ char *buffer; -+ char *inbuf=NULL; -+ while ((len=getline(&inbuf, &size, boolf)) > 0) { -+ buffer=strdup(inbuf); -+ if (!buffer) goto close_remove_fail; -+ ret=process_boolean(inbuf, boolname, sizeof(boolname), &val); -+ if (ret!=1) { -+ ret=write(fd, buffer, len); -+ free(buffer); -+ if (ret != len) -+ goto close_remove_fail; -+ } else { -+ free(buffer); -+ for (i=0; i < boolcnt; i++) { -+ if (strcmp(boollist[i].name, boolname)==0) { -+ snprintf(outbuf,sizeof(outbuf), "%s=%d\n", boolname, boollist[i].value); -+ len=strlen(outbuf); -+ used[i]=1; -+ if (write(fd, outbuf, len) != len) -+ goto close_remove_fail; -+ else -+ break; -+ } -+ } -+ if ( i == boolcnt ) { -+ snprintf(outbuf,sizeof(outbuf), "%s=%d\n", boolname, val); -+ len=strlen(outbuf); -+ if (write(fd, outbuf, len) != len) -+ goto close_remove_fail; -+ } -+ } -+ free(inbuf); -+ inbuf=NULL; -+ } -+ fclose(boolf); -+ } -+ -+ for (i=0; i < boolcnt; i++) { -+ if (used[i]==0) { -+ snprintf(outbuf,sizeof(outbuf), "%s=%d\n", boollist[i].name, boollist[i].value); -+ len=strlen(outbuf); -+ if (write(fd, outbuf, len) != len) { -+ close_remove_fail: -+ free(inbuf); -+ close(fd); -+ remove_fail: -+ unlink(tmp_bool_file); -+ free(used); -+ return -1; -+ } -+ } -+ -+ } -+ if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) -+ goto close_remove_fail; -+ close(fd); -+ if (rename(tmp_bool_file, local_bool_file) != 0) -+ goto remove_fail; -+ -+ free(used); -+ return 0; -+} -+static void rollback(SELboolean *boollist, int end) -+{ -+ int i; -+ -+ for(i=0; i 1 ) return -1; -- while (fgets_unlocked(buffer, sizeof(buffer), boolf)) { -- char *ptr; -- char *tok=strtok_r(buffer,"=",&ptr); -- if (tok) { -- strncpy(name1,tok, BUFSIZ-1); -- strtrim(name,name1,BUFSIZ-1); -- if ( name[0]=='#' ) continue; -- tok=strtok_r(NULL,"\0",&ptr); -- if (tok) { -- while (isspace(*tok)) tok++; -- val = -1; -- if (isdigit(tok[0])) -- val=atoi(tok); -- else if (!strncmp(tok, "true", sizeof("true")-1)) -- val = 1; -- else if (!strncmp(tok, "false", sizeof("false")-1)) -- val = 0; -- if (val != 0 && val != 1) { -- fprintf(stderr,"illegal value for boolean %s=%s\n", name, tok); -- errors++; -- continue; -- } -+ while (getline(&inbuf, &len, boolf) > 0) { -+ int ret=process_boolean(inbuf, name, sizeof(name), &val); -+ if (ret==-1) -+ errors++; -+ if (ret==1) -+ if (security_set_boolean(name, val) < 0) { -+ errors++; -+ } -+ } -+ fclose(boolf); -+ -+ snprintf(localbools,sizeof(localbools), "%s.local", (path ? path : selinux_booleans_path())); -+ boolf = fopen(localbools,"r"); +@@ -203,7 +206,8 @@ + char buf[2]; + char path[PATH_MAX]; -+ if (boolf != NULL) { -+ int ret; -+ while (getline(&inbuf, &len, boolf) > 0) { -+ ret=process_boolean(inbuf, name, sizeof(name), &val); -+ if (ret==-1) -+ errors++; -+ if (ret==1) - if (security_set_boolean(name, val) < 0) { -- fprintf(stderr,"error setting boolean %s to value %d \n", name, val); - errors++; - } -- } - } -+ fclose(boolf); - } -- fclose(boolf); -- - if (security_commit_booleans() < 0) - return -1; +- assert(selinux_mnt); ++ if (!selinux_mnt) ++ return -1; -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.23.2/src/matchmediacon.c ---- nsalibselinux/src/matchmediacon.c 2004-10-20 16:31:36.000000000 -0400 -+++ libselinux-1.23.2/src/matchmediacon.c 2005-03-28 16:44:29.000000000 -0500 -@@ -16,7 +16,7 @@ - { - const char *path = selinux_media_context_path(); - FILE *infile; -- char *ptr, *ptr2; -+ char *ptr, *ptr2=NULL; - int found=-1; - char current_line[PATH_MAX]; - if ((infile = fopen(path, "r")) == NULL) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.23.2/src/matchpathcon.c ---- nsalibselinux/src/matchpathcon.c 2005-03-17 10:34:51.000000000 -0500 -+++ libselinux-1.23.2/src/matchpathcon.c 2005-03-28 16:45:06.000000000 -0500 -@@ -531,7 +531,7 @@ - char *line_buf = NULL; - size_t line_len = 0; - unsigned int lineno, pass, i, j, maxnspec; -- spec_t *spec_copy; -+ spec_t *spec_copy=NULL; - int status=-1; - - /* Open the specification file. */ -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setenforce.c libselinux-1.23.2/utils/setenforce.c ---- nsalibselinux/utils/setenforce.c 2005-01-20 16:05:25.000000000 -0500 -+++ libselinux-1.23.2/utils/setenforce.c 2005-03-28 14:47:58.000000000 -0500 -@@ -13,7 +13,7 @@ - - int main(int argc, char **argv) - { -- int rc; -+ int rc=0; - if (argc != 2) { - usage(argv[0]); - } -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setsebool.c libselinux-1.23.2/utils/setsebool.c ---- nsalibselinux/utils/setsebool.c 2005-02-22 16:34:17.000000000 -0500 -+++ libselinux-1.23.2/utils/setsebool.c 2005-03-28 16:45:42.000000000 -0500 -@@ -8,11 +8,11 @@ - #include - #include - #include -+#include - - int permanent = 0; - --int setbool(char **list, int start, int end); --void rollback(char *list[], int start, int end); -+int setbool(char **list, size_t start, size_t end); - - - void usage(void) -@@ -23,7 +23,7 @@ - - int main(int argc, char **argv) - { -- int rc, start; -+ size_t rc, start; - - if (argc < 2) - usage(); -@@ -72,12 +72,20 @@ - - /* Given an array of strings in the form "boolname=value", a start index, - and a finish index...walk the list and set the bool. */ --int setbool(char **list, int start, int end) -+int setbool(char **list, size_t start, size_t end) - { - char *name, *value_ptr; - int i=start, value; -+ int ret=0; -+ int j=0; -+ size_t boolcnt=end-start; - struct passwd *pwd; -- -+ SELboolean *vallist=calloc(boolcnt, sizeof(SELboolean)); -+ if (!vallist) { -+ fprintf(stderr, -+ "Error setting booleans: %s\n", strerror(errno)); -+ return 1; -+ } - while (i < end) { - name = list[i]; - value_ptr = strchr(list[i], '='); -@@ -85,8 +93,8 @@ - fprintf(stderr, - "setsebool: '=' not found in boolean expression %s\n", - list[i]); -- rollback(list, start, i); -- return 4; -+ ret=4; -+ goto error_label; - } - *value_ptr = 0; - value_ptr++; -@@ -99,92 +107,43 @@ - else { - fprintf(stderr, "setsebool: illegal boolean value %s\n", - value_ptr); -- rollback(list, start, i); -- return 1; -+ ret=1; -+ goto error_label; - } - -- if(security_set_boolean(name, value)) { -+ vallist[j].value = value; -+ vallist[j].name = strdup(name); -+ if (!vallist[j].name) { - fprintf(stderr, - "Error setting boolean %s to value %d (%s)\n", - name, value, strerror(errno)); -- rollback(list, start, i); -- return 2; -+ ret= 2; -+ goto error_label; - } - i++; -+ j++; - - /* Now put it back */ - value_ptr--; - *value_ptr = '='; - } - -- /* At this point we know that everything is good. Let's write -- the file if the -P option was given. */ -- if (permanent) { -- char **names; -- const char *bool_file; -- char *tmp_bool_file; -- int rc, len, fd, j; -- -- rc = security_get_boolean_names(&names, &len); -- if (rc) { -- fprintf(stderr, -- "Unable to get boolean names: %s\n", -- strerror(errno)); -- rollback(list, start, i); -- return 5; -- } -+ ret=security_set_boolean_list(boolcnt, vallist, permanent); - -- if (!len) { -- fprintf(stderr, -- "Unable to get the boolean list from kernel - exiting\n" -- ); -- rollback(list, start, i); -- return 6; -- } -+ error_label: -+ for (i=0; i < boolcnt; i++) -+ if (vallist[i].name) free(vallist[i].name); -+ free(vallist); - -- /* Open file */ -- bool_file = selinux_booleans_path(); -- tmp_bool_file = (char *) alloca (strlen(bool_file) + 8); -- strcpy(stpcpy(tmp_bool_file, bool_file), ".XXXXXX"); -- fd = mkstemp(tmp_bool_file); -- if (fd < 0) { -+ if (ret) { -+ if (errno==ENOENT) { - fprintf(stderr, -- "Error creating boolean file %s\n", -- bool_file); -- rollback(list, start, i); -- return 7; -- -+ "Error setting boolean: Invalid boolean\n"); -+ } else { -+ if (errno) -+ perror("Error setting booleans"); - } -- -- /* Walk the list in pending memory, writing each to the file */ -- for (j=0; j 1.23.7-1 +- Change assert(selinux_mnt) to if (!selinux_mnt) return -1; + * Mon Apr 11 2005 Dan Walsh 1.23.6-1 - Update from NSA * Fixed bug in matchpathcon_filespec_destroy. diff --git a/sources b/sources index dfd8c0e..6353eb5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -57556d4c21c31076177abb14d9e02a2e libselinux-1.23.6.tgz +6f5a934e1388f2a66676587dbfa5e277 libselinux-1.23.7.tgz