libselinux/utils: drop reachable assert in sefcontext_compile

Resolves: RHEL-69451
2024-12-04 19:38:06 +01:00 · 2024-12-04 19:38:06 +01:00 · daf7971d4c
commit daf7971d4c
parent 6d5c5e5819
3 changed files with 62 additions and 1 deletions
--- a/0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch
+++ b/0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch
@ -0,0 +1,54 @@
 From ac0fc6d50077a6f33df9859322e13a2434070d4c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
 Date: Tue, 3 Dec 2024 16:54:48 +0100
 Subject: [PATCH] libselinux/utils: drop reachable assert in sefcontext_compile
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Content-type: text/plain
 The two asserts following qsort(3) where useful during development to
 ensure the comparison function and the corresponding pointer handling
 were correct.  They however do not take into account an empty file
 context definition file containing no definitions and thus `stab->nel`
 being NULL.  Drop the two asserts.
 Also return early to not depend on whether calloc(3) called with a size
 of zero returns NULL or a special value.
 Reported-by: Petr Lautrbach <lautrbach@redhat.com>
 Closes: https://lore.kernel.org/selinux/87jzchqck5.fsf@redhat.com/
 Fixes: 92306daf ("libselinux: rework selabel_file(5) database")
 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
 Tested-by: Petr Lautrbach <lautrbach@redhat.com>
 Acked-by: James Carter <jwcart2@gmail.com>
 ---
 libselinux/utils/sefcontext_compile.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
 index 23d312744016..e5da51ea12df 100644
 --- a/libselinux/utils/sefcontext_compile.c
 +++ b/libselinux/utils/sefcontext_compile.c
@@ -188,6 +188,9 @@ static int write_sidtab(FILE *bin_file, const struct sidtab *stab)
 	if (len != 1)
 		return -1;
 +	if (stab->nel == 0)
 +		return 0;
 +
 	/* sort entries by id */
 	sids = calloc(stab->nel, sizeof(*sids));
 	if (!sids)
@@ -203,8 +206,6 @@ static int write_sidtab(FILE *bin_file, const struct sidtab *stab)
 	}
 	assert(index == stab->nel);
 	qsort(sids, stab->nel, sizeof(struct security_id), security_id_compare);
 -	assert(sids[0].id == 1);
 -	assert(sids[stab->nel - 1].id == stab->nel);
 	/* write raw contexts sorted by id */
 	for (uint32_t i = 0; i < stab->nel; i++) {
 -- 
 2.47.0
--- a/6
+++ b/6
@ -1,3 +1,9 @@
 * Wed Dec 04 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.8-0.rc1.2
 - libselinux/utils: drop reachable assert in sefcontext_compile
 * Thu Nov 28 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.8-0.rc1.1
 - SELinux userspace 3.8-rc1 release
 * Tue Nov 12 2024 Vit Mojzis <vmojzis@redhat.com> - 3.7-5
 - setexecfilecon: Remove useless rc check (RHEL-35586)
 - matchpathcon: RESOURCE_LEAK: Variable "con" (RHEL-35584)
--- a/libselinux.spec
+++ b/libselinux.spec
@ -4,7 +4,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 3.8
-Release: 0.rc1.1%{?dist}
+Release: 0.rc1.2%{?dist}
 License: LicenseRef-Fedora-Public-Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc1/libselinux-%{version}-rc1.tar.gz
@ -20,6 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
 # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
 Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
 Patch0002: 0002-libselinux-utils-drop-reachable-assert-in-sefcontext.patch
 # Patch list end
 BuildRequires: gcc make
 BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel