- Update from NSA
Hid translation-related symbols entirely and ensured that raw functions
have hidden definitions for internal use.
Allowed setting NULL via context_set* functions.
Allowed whitespace in MLS component of context.
Changed rpm_execcon to use translated functions to workaround lack of MLS
level on upgraded systems.
This commit is contained in:
Daniel J Walsh
parent
e7e35da33b
commit
d3d9f9e7f8
@ -41,3 +41,4 @@ libselinux-1.24.1.tgz
|
||||
libselinux-1.24.2.tgz
|
||||
libselinux-1.25.2.tgz
|
||||
libselinux-1.25.3.tgz
|
||||
libselinux-1.25.4.tgz
|
||||
|
||||
@ -1,195 +1,21 @@
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.25.3/src/compute_relabel.c
|
||||
--- nsalibselinux/src/compute_relabel.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/compute_relabel.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -20,6 +20,7 @@
|
||||
size_t size;
|
||||
int fd, ret;
|
||||
|
||||
+ *newcon=NULL;
|
||||
snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
|
||||
fd = open(path, O_RDWR);
|
||||
if (fd < 0)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.25.3/src/compute_user.c
|
||||
--- nsalibselinux/src/compute_user.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/compute_user.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -21,6 +21,7 @@
|
||||
int fd, ret;
|
||||
unsigned int i, nel;
|
||||
|
||||
+ *con = NULL;
|
||||
snprintf(path, sizeof path, "%s/user", selinux_mnt);
|
||||
fd = open(path, O_RDWR);
|
||||
if (fd < 0)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/context.c libselinux-1.25.3/src/context.c
|
||||
--- nsalibselinux/src/context.c 2005-08-22 16:37:00.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/context.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -137,19 +137,23 @@
|
||||
--- nsalibselinux/src/context.c 2005-08-25 16:18:01.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/context.c 2005-08-24 16:48:20.000000000 -0400
|
||||
@@ -181,16 +180,8 @@
|
||||
def_set(type,COMP_TYPE)
|
||||
def_set(role,COMP_ROLE)
|
||||
def_set(user,COMP_USER)
|
||||
+def_set(range,COMP_RANGE)
|
||||
|
||||
static int set_comp(context_private_t* n,int index, const char *str)
|
||||
{
|
||||
- char *t = (char*) malloc(strlen(str)+1);
|
||||
+ char *t = NULL;
|
||||
const char *p;
|
||||
- if ( !t ) { return 1; }
|
||||
- for ( p = str; *p; p++ ) {
|
||||
- if ( *p == '\t' || *p == ' ' || *p == '\n' || *p == '\r' ||
|
||||
- (*p == ':' && index != COMP_RANGE) ) {
|
||||
- free(t);
|
||||
- return 1;
|
||||
- }
|
||||
-int context_range_set(context_t context,const char* str)
|
||||
-{
|
||||
- context_private_t *n = context->ptr;
|
||||
- if ( ! n->component[COMP_RANGE] ) {
|
||||
- return 0;
|
||||
- } else {
|
||||
- return set_comp(n,COMP_RANGE,str);
|
||||
- }
|
||||
- conditional_free(&n->component[index]);
|
||||
+ if (str) {
|
||||
+ t=(char*) malloc(strlen(str)+1);
|
||||
+ if ( !t ) { return 1; }
|
||||
+ for ( p = str; *p; p++ ) {
|
||||
+ if ( *p == '\t' || *p == '\n' || *p == '\r' ||
|
||||
+ ((*p == ':' || *p == ' ') && index != COMP_RANGE) ) {
|
||||
+ free(t);
|
||||
+ return 1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ conditional_free(&n->component[index]);
|
||||
+ if (str)
|
||||
+ strcpy(t,str);
|
||||
n->component[index] = t;
|
||||
- strcpy(t,str);
|
||||
return 0;
|
||||
}
|
||||
-}
|
||||
hidden_def(context_range_set)
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.25.3/src/fgetfilecon.c
|
||||
--- nsalibselinux/src/fgetfilecon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/fgetfilecon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -13,6 +13,7 @@
|
||||
ssize_t size;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
size = INITCONTEXTLEN+1;
|
||||
buf = malloc(size);
|
||||
if (!buf)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.25.3/src/getcon.c
|
||||
--- nsalibselinux/src/getcon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/getcon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -14,6 +14,7 @@
|
||||
int fd;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context=NULL;
|
||||
fd = open("/proc/self/attr/current", O_RDONLY);
|
||||
if (fd < 0)
|
||||
return -1;
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.25.3/src/getexeccon.c
|
||||
--- nsalibselinux/src/getexeccon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/getexeccon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -14,6 +14,7 @@
|
||||
int fd;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
fd = open("/proc/self/attr/exec", O_RDONLY);
|
||||
if (fd < 0)
|
||||
return -1;
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.25.3/src/getfilecon.c
|
||||
--- nsalibselinux/src/getfilecon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/getfilecon.c 2005-08-24 09:15:03.000000000 -0400
|
||||
@@ -13,6 +13,7 @@
|
||||
ssize_t size;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
size = INITCONTEXTLEN+1;
|
||||
buf = malloc(size);
|
||||
if (!buf)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.25.3/src/getfscreatecon.c
|
||||
--- nsalibselinux/src/getfscreatecon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/getfscreatecon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -14,6 +14,7 @@
|
||||
int fd;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
fd = open("/proc/self/attr/fscreate", O_RDONLY);
|
||||
if (fd < 0)
|
||||
return -1;
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.25.3/src/getpeercon.c
|
||||
--- nsalibselinux/src/getpeercon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/getpeercon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -17,6 +17,7 @@
|
||||
socklen_t size;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
size = INITCONTEXTLEN+1;
|
||||
buf = malloc(size);
|
||||
if (!buf)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.25.3/src/getpidcon.c
|
||||
--- nsalibselinux/src/getpidcon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/getpidcon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -16,6 +16,7 @@
|
||||
int fd;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
snprintf(path, sizeof path, "/proc/%d/attr/current", pid);
|
||||
|
||||
fd = open(path, O_RDONLY);
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.25.3/src/getprevcon.c
|
||||
--- nsalibselinux/src/getprevcon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/getprevcon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -14,6 +14,7 @@
|
||||
int fd;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
fd = open("/proc/self/attr/prev", O_RDONLY);
|
||||
if (fd < 0)
|
||||
return -1;
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.25.3/src/lgetfilecon.c
|
||||
--- nsalibselinux/src/lgetfilecon.c 2005-08-24 09:07:11.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/lgetfilecon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -13,6 +13,7 @@
|
||||
ssize_t size;
|
||||
ssize_t ret;
|
||||
|
||||
+ *context = NULL;
|
||||
size = INITCONTEXTLEN+1;
|
||||
buf = malloc(size);
|
||||
if (!buf)
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.25.3/src/trans.c
|
||||
--- nsalibselinux/src/trans.c 2005-08-23 13:34:34.000000000 -0400
|
||||
+++ libselinux-1.25.3/src/trans.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -6,8 +6,8 @@
|
||||
|
||||
int trans_to_raw_context(char *raw, char **transp)
|
||||
{
|
||||
+ *transp = NULL;
|
||||
if (!raw) {
|
||||
- *transp = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -19,8 +19,8 @@
|
||||
|
||||
int raw_to_trans_context(char *trans, char **rawp)
|
||||
{
|
||||
+ *rawp = NULL;
|
||||
if (!trans) {
|
||||
- *rawp = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getfilecon.c libselinux-1.25.3/utils/getfilecon.c
|
||||
--- nsalibselinux/utils/getfilecon.c 2005-01-20 16:05:24.000000000 -0500
|
||||
+++ libselinux-1.25.3/utils/getfilecon.c 2005-08-24 09:13:57.000000000 -0400
|
||||
@@ -21,6 +21,9 @@
|
||||
}
|
||||
printf("%s\t%s\n", argv[i], buf);
|
||||
freecon(buf);
|
||||
+ rc = getfilecon_raw(argv[i], &buf);
|
||||
+ printf("%s\t%s\n", argv[i], buf);
|
||||
+ freecon(buf);
|
||||
}
|
||||
exit(0);
|
||||
}
|
||||
#ifdef L1TEST
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 1.25.3
|
||||
Version: 1.25.4
|
||||
Release: 1
|
||||
License: Public domain (uncopyrighted)
|
||||
Group: System Environment/Libraries
|
||||
@ -85,6 +85,18 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%{_mandir}/man8/*
|
||||
|
||||
%changelog
|
||||
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
|
||||
- Update from NSA
|
||||
* Hid translation-related symbols entirely and ensured that
|
||||
raw functions have hidden definitions for internal use.
|
||||
* Allowed setting NULL via context_set* functions.
|
||||
* Allowed whitespace in MLS component of context.
|
||||
* Changed rpm_execcon to use translated functions to workaround
|
||||
lack of MLS level on upgraded systems.
|
||||
|
||||
* Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-2
|
||||
- Allow set_comp on unset ranges
|
||||
|
||||
* Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
|
||||
* Merged context translation patch, originally by TCS,
|
||||
with modifications by Dan Walsh (Red Hat).
|
||||
|
||||
Loading…
Reference in New Issue
Block a user