90 lines
2.8 KiB
Diff
90 lines
2.8 KiB
Diff
From 31e3537624ad2d07271d4c02925ebc6cb942e0c6 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Tue, 10 May 2022 20:20:36 +0200
|
|
Subject: [PATCH] libselinux: simplify policy path logic to avoid uninitialized
|
|
read
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
Content-type: text/plain
|
|
|
|
In case the function __policy_init() gets called with a NULL pointer,
|
|
the stack variable path remains uninitialized (except at its last
|
|
index). If parsing the binary policy fails in sepol_policydb_read() the
|
|
error branch would access those uninitialized memory.
|
|
|
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
---
|
|
libselinux/src/audit2why.c | 34 +++++++++++++---------------------
|
|
1 file changed, 13 insertions(+), 21 deletions(-)
|
|
|
|
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
|
|
index ca38e13c0eeb..44a9a3419f96 100644
|
|
--- a/libselinux/src/audit2why.c
|
|
+++ b/libselinux/src/audit2why.c
|
|
@@ -192,25 +192,16 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args)
|
|
static int __policy_init(const char *init_path)
|
|
{
|
|
FILE *fp;
|
|
- char path[PATH_MAX];
|
|
+ const char *curpolicy;
|
|
char errormsg[PATH_MAX+1024+20];
|
|
struct sepol_policy_file *pf = NULL;
|
|
int rc;
|
|
unsigned int cnt;
|
|
|
|
- path[PATH_MAX-1] = '\0';
|
|
if (init_path) {
|
|
- strncpy(path, init_path, PATH_MAX-1);
|
|
- fp = fopen(path, "re");
|
|
- if (!fp) {
|
|
- snprintf(errormsg, sizeof(errormsg),
|
|
- "unable to open %s: %m\n",
|
|
- path);
|
|
- PyErr_SetString( PyExc_ValueError, errormsg);
|
|
- return 1;
|
|
- }
|
|
+ curpolicy = init_path;
|
|
} else {
|
|
- const char *curpolicy = selinux_current_policy_path();
|
|
+ curpolicy = selinux_current_policy_path();
|
|
if (!curpolicy) {
|
|
/* SELinux disabled, must use -p option. */
|
|
snprintf(errormsg, sizeof(errormsg),
|
|
@@ -218,14 +209,15 @@ static int __policy_init(const char *init_path)
|
|
PyErr_SetString( PyExc_ValueError, errormsg);
|
|
return 1;
|
|
}
|
|
- fp = fopen(curpolicy, "re");
|
|
- if (!fp) {
|
|
- snprintf(errormsg, sizeof(errormsg),
|
|
- "unable to open %s: %m\n",
|
|
- curpolicy);
|
|
- PyErr_SetString( PyExc_ValueError, errormsg);
|
|
- return 1;
|
|
- }
|
|
+ }
|
|
+
|
|
+ fp = fopen(curpolicy, "re");
|
|
+ if (!fp) {
|
|
+ snprintf(errormsg, sizeof(errormsg),
|
|
+ "unable to open %s: %m\n",
|
|
+ curpolicy);
|
|
+ PyErr_SetString( PyExc_ValueError, errormsg);
|
|
+ return 1;
|
|
}
|
|
|
|
avc = calloc(sizeof(struct avc_t), 1);
|
|
@@ -249,7 +241,7 @@ static int __policy_init(const char *init_path)
|
|
sepol_policy_file_set_fp(pf, fp);
|
|
if (sepol_policydb_read(avc->policydb, pf)) {
|
|
snprintf(errormsg, sizeof(errormsg),
|
|
- "invalid binary policy %s\n", path);
|
|
+ "invalid binary policy %s\n", curpolicy);
|
|
PyErr_SetString( PyExc_ValueError, errormsg);
|
|
fclose(fp);
|
|
return 1;
|
|
--
|
|
2.38.1
|
|
|