From daf7971d4c908e9c8594b2c9560a16eb7b02caf4 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 4 Dec 2024 19:38:06 +0100 Subject: [PATCH] libselinux/utils: drop reachable assert in sefcontext_compile Resolves: RHEL-69451 --- ...-drop-reachable-assert-in-sefcontext.patch | 54 +++++++++++++++++++ changelog | 6 +++ libselinux.spec | 3 +- 3 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch diff --git a/0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch b/0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch new file mode 100644 index 0000000..c0b23c1 --- /dev/null +++ b/0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch @@ -0,0 +1,54 @@ +From ac0fc6d50077a6f33df9859322e13a2434070d4c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 3 Dec 2024 16:54:48 +0100 +Subject: [PATCH] libselinux/utils: drop reachable assert in sefcontext_compile +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Content-type: text/plain + +The two asserts following qsort(3) where useful during development to +ensure the comparison function and the corresponding pointer handling +were correct. They however do not take into account an empty file +context definition file containing no definitions and thus `stab->nel` +being NULL. Drop the two asserts. + +Also return early to not depend on whether calloc(3) called with a size +of zero returns NULL or a special value. + +Reported-by: Petr Lautrbach +Closes: https://lore.kernel.org/selinux/87jzchqck5.fsf@redhat.com/ +Fixes: 92306daf ("libselinux: rework selabel_file(5) database") +Signed-off-by: Christian Göttsche +Tested-by: Petr Lautrbach +Acked-by: James Carter +--- + libselinux/utils/sefcontext_compile.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c +index 23d312744016..e5da51ea12df 100644 +--- a/libselinux/utils/sefcontext_compile.c ++++ b/libselinux/utils/sefcontext_compile.c +@@ -188,6 +188,9 @@ static int write_sidtab(FILE *bin_file, const struct sidtab *stab) + if (len != 1) + return -1; + ++ if (stab->nel == 0) ++ return 0; ++ + /* sort entries by id */ + sids = calloc(stab->nel, sizeof(*sids)); + if (!sids) +@@ -203,8 +206,6 @@ static int write_sidtab(FILE *bin_file, const struct sidtab *stab) + } + assert(index == stab->nel); + qsort(sids, stab->nel, sizeof(struct security_id), security_id_compare); +- assert(sids[0].id == 1); +- assert(sids[stab->nel - 1].id == stab->nel); + + /* write raw contexts sorted by id */ + for (uint32_t i = 0; i < stab->nel; i++) { +-- +2.47.0 + diff --git a/changelog b/changelog index b6c393f..e8d2e33 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,9 @@ +* Wed Dec 04 2024 Petr Lautrbach - 3.8-0.rc1.2 +- libselinux/utils: drop reachable assert in sefcontext_compile + +* Thu Nov 28 2024 Petr Lautrbach - 3.8-0.rc1.1 +- SELinux userspace 3.8-rc1 release + * Tue Nov 12 2024 Vit Mojzis - 3.7-5 - setexecfilecon: Remove useless rc check (RHEL-35586) - matchpathcon: RESOURCE_LEAK: Variable "con" (RHEL-35584) diff --git a/libselinux.spec b/libselinux.spec index e1d4f64..fbce7c0 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,7 +4,7 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 3.8 -Release: 0.rc1.1%{?dist} +Release: 0.rc1.2%{?dist} License: LicenseRef-Fedora-Public-Domain # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz @@ -20,6 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch +Patch0002: 0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch # Patch list end BuildRequires: gcc make BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel