From d4111cf41fbc9dd78a8e12c1781b03584a3ea542 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 2 Mar 2005 04:04:04 +0000 Subject: [PATCH] - Update from NSA Changed matchpathcon_common to ignore any non-format bits in the mode. --- .cvsignore | 1 + libselinux-rhat.patch | 193 +++--------------------------------------- libselinux.spec | 11 ++- sources | 2 +- 4 files changed, 24 insertions(+), 183 deletions(-) diff --git a/.cvsignore b/.cvsignore index 889bdf8..252e0b5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -24,3 +24,4 @@ libselinux-1.21.8.tgz libselinux-1.21.9.tgz libselinux-1.21.10.tgz libselinux-1.21.11.tgz +libselinux-1.21.12.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index f4fb09c..5802d28 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,180 +1,15 @@ ---- libselinux-1.21.10/src/query_user_context.c.ud 2005-02-17 11:22:46.000000000 -0800 -+++ libselinux-1.21.10/src/query_user_context.c 2005-02-20 12:04:50.001377520 -0800 -@@ -23,7 +23,8 @@ - { - printf ("Enter number of choice: "); - fflush (stdin); -- fgets (response, sizeof (response), stdin); -+ if (fgets (response, sizeof (response), stdin) == NULL) -+ continue; - fflush (stdin); - choice = strtol (response, NULL, 10); - } -@@ -50,7 +51,8 @@ - if (list[1]) { - printf ("Do you want to choose a different one? [n]"); - fflush (stdin); -- fgets (response, sizeof (response), stdin); -+ if (fgets (response, sizeof (response), stdin) == NULL) -+ return -1; - fflush (stdin); +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.21.11/src/matchpathcon.c +--- nsalibselinux/src/matchpathcon.c 2005-02-22 16:34:17.000000000 -0500 ++++ libselinux-1.21.11/src/matchpathcon.c 2005-02-28 13:27:33.000000000 -0500 +@@ -679,6 +679,11 @@ + mode_t mode, + security_context_t *con) + { ++ /* If the user provides a mode but does not provide a file type ++ default to regular file */ ++ if (mode && ((mode & S_IFMT)==0)) { ++ mode = mode | S_IFREG; ++ } + int i = matchpathcon_common(name, mode); - if ((response[0] == 'y') || (response[0] == 'Y')) -@@ -86,9 +88,11 @@ - { - printf ("\tEnter %s ", fieldstr); - fflush (stdin); -- fgets (newfield, newfieldlen, stdin); -+ if (fgets (newfield, newfieldlen, stdin) == NULL) -+ continue; - fflush (stdin); -- newfield[strlen(newfield)-1] = '\0'; -+ if (newfield[strlen(newfield)-1] == '\n') -+ newfield[strlen(newfield)-1] = '\0'; - - if (strlen(newfield) == 0) - { -@@ -137,8 +141,8 @@ - while (!done) - { - printf ("Would you like to enter a security context? [y]"); -- fgets (response, sizeof(response), stdin); -- if ((response[0] == 'n') || (response[0] == 'N')) { -+ if (fgets (response, sizeof(response), stdin) == NULL -+ || (response[0] == 'n') || (response[0] == 'N')) { - context_free(new_context); - return -1; - } ---- libselinux-1.21.10/src/matchpathcon.c.ud 2005-02-17 11:22:46.000000000 -0800 -+++ libselinux-1.21.10/src/matchpathcon.c 2005-02-20 12:19:39.883094936 -0800 -@@ -4,6 +4,7 @@ - #include - #include "selinux_internal.h" - #include -+#include - #include - #include - #include -@@ -401,11 +402,8 @@ - char *regex, *type, *context; - char *anchored_regex; - len = strlen(line_buf); -- if (line_buf[len - 1] != '\n') { -- myprintf("%s: line %d is too long, would be truncated, skipping\n", path, lineno); -- return 0; -- } -- line_buf[len - 1] = 0; -+ if (line_buf[len - 1] == '\n') -+ line_buf[len - 1] = 0; - buf_p = line_buf; - while (isspace(*buf_p)) - buf_p++; -@@ -522,7 +520,8 @@ - FILE *homedirfp; - char local_path[PATH_MAX + 1]; - char homedir_path[PATH_MAX + 1]; -- char line_buf[BUFSIZ + 1]; -+ char *line_buf = NULL; -+ size_t line_len = 0; - unsigned int lineno, pass, i, j, maxnspec; - spec_t *spec_copy; - int status=-1; -@@ -532,12 +531,17 @@ - path = selinux_file_context_path(); - if ((fp = fopen(path, "r")) == NULL) - return -1; -+ __fsetlocking(fp, FSETLOCKING_BYCALLER); - - snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs", path); - homedirfp = fopen(homedir_path, "r"); -+ if (homedirfp != NULL) -+ __fsetlocking(homedirfp, FSETLOCKING_BYCALLER); - - snprintf(local_path, sizeof(local_path), "%s.local", path); - localfp = fopen(local_path, "r"); -+ if (localfp != NULL) -+ __fsetlocking(localfp, FSETLOCKING_BYCALLER); - - /* - * Perform two passes over the specification file. -@@ -551,19 +555,19 @@ - for (pass = 0; pass < 2; pass++) { - lineno = 0; - nspec = 0; -- while (fgets_unlocked(line_buf, sizeof line_buf, fp) && nspec < maxnspec) { -+ while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) { - if (process_line(path, line_buf, pass, ++lineno) != 0) - goto finish; - } - if (homedirfp) -- while (fgets_unlocked(line_buf, sizeof line_buf, homedirfp) && nspec < maxnspec) { -+ while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) { - if (process_line(homedir_path, line_buf, pass, ++lineno) != 0) - goto finish; - } - - - if (localfp) -- while (fgets_unlocked(line_buf, sizeof line_buf, localfp) && nspec < maxnspec) { -+ while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) { - if (process_line(local_path, line_buf, pass, ++lineno) != 0) - goto finish; - } -@@ -583,6 +587,7 @@ - if (localfp) rewind(localfp); - } - } -+ free(line_buf); - - /* Move exact pathname specifications to the end. */ - spec_copy = malloc(sizeof(spec_t) * nspec); ---- libselinux-1.21.10/utils/setsebool.c.ud 2005-02-17 11:22:47.000000000 -0800 -+++ libselinux-1.21.10/utils/setsebool.c 2005-02-20 12:04:50.001377520 -0800 -@@ -122,6 +122,7 @@ - if (permanent) { - char **names; - const char *bool_file; -+ char *tmp_bool_file; - int rc, len, fd, j; - - rc = security_get_boolean_names(&names, &len); -@@ -143,8 +144,9 @@ - - /* Open file */ - bool_file = selinux_booleans_path(); -- fd = open(bool_file, O_CREAT | O_TRUNC | O_WRONLY, -- S_IRUSR | S_IWUSR); -+ tmp_bool_file = (char *) alloca (strlen(bool_file) + 8); -+ strcpy(stpcpy(tmp_bool_file, bool_file), ".XXXXXX"); -+ fd = mkstemp(tmp_bool_file); - if (fd < 0) { - fprintf(stderr, - "Error creating boolean file %s\n", -@@ -157,13 +159,25 @@ - /* Walk the list in pending memory, writing each to the file */ - for (j=0; j 1.21.12-1 +- Update from NSA + * Changed matchpathcon_common to ignore any non-format bits in the mode. + +* Mon Feb 28 2005 Dan Walsh 1.21.11-2 +- Default matchpathcon to regular files if the user specifies a mode + * Tue Feb 22 2005 Dan Walsh 1.21.11-1 - Update from NSA * Merged several fixes from Ulrich Drepper. diff --git a/sources b/sources index 8f4bdf2..bfb46d1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ee39882c0606733034474a069c2608ec libselinux-1.21.11.tgz +d81814f959f030e4065127d8e1e7d96a libselinux-1.21.12.tgz