Compare commits
No commits in common. "imports/c9-beta/mcstrans-3.3-2.el9" and "c8" have entirely different histories.
imports/c9
...
c8
|
@ -1 +1 @@
|
|||
SOURCES/mcstrans-3.3.tar.gz
|
||||
SOURCES/mcstrans-2.9.tar.gz
|
||||
|
|
|
@ -1 +1 @@
|
|||
7b1eff06ef33044bfe2956dfc037e698d671c32f SOURCES/mcstrans-3.3.tar.gz
|
||||
64bea2c1cd56e0550049a548dde0ac2e53f71714 SOURCES/mcstrans-2.9.tar.gz
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
From 58a11e55120de4700d4e874dee0d8c36d13caedd Mon Sep 17 00:00:00 2001
|
||||
From eeac35fa98b8b2d323741703a2e59593d1ad200a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Wed, 28 Nov 2018 18:28:05 +0100
|
||||
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
|
||||
defects
|
||||
|
||||
---
|
||||
mcstrans/src/mcstrans.c | 21 +++++++++++++++++++--
|
||||
mcstrans/src/mcstrans.c | 17 ++++++++++++++++-
|
||||
mcstrans/src/mcstransd.c | 4 +++-
|
||||
2 files changed, 22 insertions(+), 3 deletions(-)
|
||||
2 files changed, 19 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index e92dfddb0d20..d0690e6b0dca 100644
|
||||
index 96bdbdff..29cadb78 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
|
||||
|
@ -38,7 +38,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||
|
||||
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
|
||||
goto err;
|
||||
@@ -1520,6 +1527,7 @@ trans_context(const char *incon, char **rcon) {
|
||||
@@ -1519,6 +1526,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
trans = compute_trans_from_raw(range, domain);
|
||||
if (trans)
|
||||
if (add_cache(domain, range, trans) < 0) {
|
||||
|
@ -46,7 +46,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||
free(range);
|
||||
return -1;
|
||||
}
|
||||
@@ -1531,6 +1539,7 @@ trans_context(const char *incon, char **rcon) {
|
||||
@@ -1530,6 +1538,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
ltrans = compute_trans_from_raw(lrange, domain);
|
||||
if (ltrans) {
|
||||
if (add_cache(domain, lrange, ltrans) < 0) {
|
||||
|
@ -54,7 +54,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||
free(range);
|
||||
return -1;
|
||||
}
|
||||
@@ -1549,6 +1558,7 @@ trans_context(const char *incon, char **rcon) {
|
||||
@@ -1548,6 +1557,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
utrans = compute_trans_from_raw(urange, domain);
|
||||
if (utrans) {
|
||||
if (add_cache(domain, urange, utrans) < 0) {
|
||||
|
@ -62,7 +62,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||
free(ltrans);
|
||||
free(range);
|
||||
return -1;
|
||||
@@ -1648,14 +1658,19 @@ untrans_context(const char *incon, char **rcon) {
|
||||
@@ -1647,7 +1657,9 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(raw, domain);
|
||||
if (canonical && strcmp(canonical, range))
|
||||
if (add_cache(domain, raw, canonical) < 0) {
|
||||
|
@ -72,18 +72,15 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||
return -1;
|
||||
}
|
||||
}
|
||||
- if (canonical)
|
||||
+ if (canonical) {
|
||||
@@ -1655,6 +1667,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
free(canonical);
|
||||
+ free(raw);
|
||||
+ }
|
||||
if (add_cache(domain, raw, range) < 0) {
|
||||
free(range);
|
||||
+ free(raw);
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
@@ -1673,6 +1688,7 @@ untrans_context(const char *incon, char **rcon) {
|
||||
@@ -1672,6 +1685,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(lraw, domain);
|
||||
if (canonical)
|
||||
if (add_cache(domain, lraw, canonical) < 0) {
|
||||
|
@ -91,7 +88,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||
free(lraw);
|
||||
free(range);
|
||||
return -1;
|
||||
@@ -1704,6 +1720,7 @@ untrans_context(const char *incon, char **rcon) {
|
||||
@@ -1703,6 +1717,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
|
||||
canonical = compute_trans_from_raw(uraw, domain);
|
||||
if (canonical)
|
||||
if (add_cache(domain, uraw, canonical) < 0) {
|
||||
|
@ -100,7 +97,7 @@ index e92dfddb0d20..d0690e6b0dca 100644
|
|||
free(lraw);
|
||||
free(range);
|
||||
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
|
||||
index 59c152e73be1..5191fc98ef06 100644
|
||||
index 85899493..a1ec81ac 100644
|
||||
--- a/mcstrans/src/mcstransd.c
|
||||
+++ b/mcstrans/src/mcstransd.c
|
||||
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
|
||||
|
@ -125,5 +122,5 @@ index 59c152e73be1..5191fc98ef06 100644
|
|||
" for fd (%d)\n", revents, connfd);
|
||||
|
||||
--
|
||||
2.32.0
|
||||
2.21.0
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
From a6e2b2287254b2880e8697707f10bd303ffcc06a Mon Sep 17 00:00:00 2001
|
||||
From 659cb59cd6cfe36c954c77f945c06a0cd8218287 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 15 Apr 2019 15:22:51 +0200
|
||||
Subject: [PATCH] mcstrans: Do not accept incomplete contexts
|
||||
|
@ -32,7 +32,7 @@ Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
|
||||
index a38388501db5..94421a58dee4 100644
|
||||
index 6ea1aa97..79fc1c8b 100644
|
||||
--- a/mcstrans/src/mcscolor.c
|
||||
+++ b/mcstrans/src/mcscolor.c
|
||||
@@ -272,10 +272,14 @@ static const unsigned precedence[N_COLOR][N_COLOR - 1] = {
|
||||
|
@ -55,5 +55,5 @@ index a38388501db5..94421a58dee4 100644
|
|||
return 0;
|
||||
}
|
||||
--
|
||||
2.32.0
|
||||
2.21.0
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
From 7a170534163ab9d9159dddfadb996587d98fe30e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 9 May 2019 16:44:43 +0200
|
||||
Subject: [PATCH] mcstrans: Fix USER_AFTER_FREE problem
|
||||
|
||||
---
|
||||
mcstrans/src/mcstrans.c | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index d0690e6b0dca..8678418a1570 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -1664,10 +1664,8 @@ untrans_context(const char *incon, char **rcon) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
- if (canonical) {
|
||||
+ if (canonical)
|
||||
free(canonical);
|
||||
- free(raw);
|
||||
- }
|
||||
if (add_cache(domain, raw, range) < 0) {
|
||||
free(range);
|
||||
free(raw);
|
||||
--
|
||||
2.32.0
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
From 7426ba3f8d9edc5222db5663c8a9e5312f489e92 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Tue, 2 Jul 2019 14:09:04 +0200
|
||||
Subject: [PATCH] Revert "mcstransd select correct colour range."
|
||||
|
||||
This reverts commit fe17b3d2d924018750386c5ee74f12ca4b054136.
|
||||
|
||||
MLS ranges should be compared based on dominance.
|
||||
|
||||
This fixes mlscolor-test on mcstrans examples.
|
||||
|
||||
Eg. mlscolor-test using /usr/share/mcstrans/examples/urcsts when executed on mls
|
||||
machine fails as follows:
|
||||
|
||||
\#pushd /usr/share/mcstrans/examples/urcsts
|
||||
\#cp -f secolor.conf /etc/selinux/mls/secolor.conf
|
||||
\#cp -f setrans.conf /etc/selinux/mls/setrans.conf
|
||||
\#systemctl restart mcstransd
|
||||
\#python3 /usr/share/mcstrans/util/mlscolor-test urcsts.color
|
||||
For 'system_u:system_r:inetd_t:SystemLow' got
|
||||
'#000000 #000000 #000000 #000000 #000000 #000000 #000000 #000000' expected
|
||||
'#000000 #000000 #000000 #000000 #000000 #000000 #000000 #008000'
|
||||
...
|
||||
mlscolor-test done with 19 errors
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
mcstrans/src/mcscolor.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
|
||||
index 79fc1c8b..f9c64da3 100644
|
||||
--- a/mcstrans/src/mcscolor.c
|
||||
+++ b/mcstrans/src/mcscolor.c
|
||||
@@ -134,12 +134,12 @@ static const secolor_t *find_color(int idx, const char *component,
|
||||
}
|
||||
|
||||
while (ptr) {
|
||||
- if (fnmatch(ptr->pattern, component, 0) == 0) {
|
||||
- if (idx == COLOR_RANGE) {
|
||||
- if (check_dominance(ptr->pattern, raw) == 0)
|
||||
- return &ptr->color;
|
||||
- } else
|
||||
- return &ptr->color;
|
||||
+ if (idx == COLOR_RANGE) {
|
||||
+ if (check_dominance(ptr->pattern, raw) == 0)
|
||||
+ return &ptr->color;
|
||||
+ } else {
|
||||
+ if (fnmatch(ptr->pattern, component, 0) == 0)
|
||||
+ return &ptr->color;
|
||||
}
|
||||
ptr = ptr->next;
|
||||
}
|
||||
--
|
||||
2.21.0
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
From 90a4f2b9a5194a2d1ab4c45b7a90bbb6c8099a68 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Tue, 2 Jul 2019 14:09:05 +0200
|
||||
Subject: [PATCH] Fix mcstrans secolor examples
|
||||
|
||||
According to "check_dominance" function:
|
||||
Range defined as "s15:c0.c1023" does not dominate any other range than
|
||||
"s15:c0.c1023" (does not dominate "s15", "s15:c0.c200", etc.).
|
||||
While range defined as "s15-s15:c0.c1023" dominates all of the above.
|
||||
|
||||
This is either a bug, or "s15:c0.c1023" should not be used in the
|
||||
examples.
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
mcstrans/share/examples/urcsts-via-include/secolor.conf | 2 +-
|
||||
mcstrans/share/examples/urcsts/secolor.conf | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf b/mcstrans/share/examples/urcsts-via-include/secolor.conf
|
||||
index d35b3c67..3b3f5430 100644
|
||||
--- a/mcstrans/share/examples/urcsts-via-include/secolor.conf
|
||||
+++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf
|
||||
@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
|
||||
range s5-s5:c0.c1023 = white blue
|
||||
range s7-s7:c0.c1023 = black red
|
||||
range s9-s9:c0.c1023 = black orange
|
||||
-range s15:c0.c1023 = black yellow
|
||||
+range s15-s15:c0.c1023 = black yellow
|
||||
|
||||
diff --git a/mcstrans/share/examples/urcsts/secolor.conf b/mcstrans/share/examples/urcsts/secolor.conf
|
||||
index d35b3c67..3b3f5430 100644
|
||||
--- a/mcstrans/share/examples/urcsts/secolor.conf
|
||||
+++ b/mcstrans/share/examples/urcsts/secolor.conf
|
||||
@@ -17,5 +17,5 @@ range s3-s3:c0.c1023 = black tan
|
||||
range s5-s5:c0.c1023 = white blue
|
||||
range s7-s7:c0.c1023 = black red
|
||||
range s9-s9:c0.c1023 = black orange
|
||||
-range s15:c0.c1023 = black yellow
|
||||
+range s15-s15:c0.c1023 = black yellow
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
From a98f2f8f2f1c14646ec9c80faecf14e9bf4bbd2c Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 5 Aug 2021 16:26:44 +0200
|
||||
Subject: [PATCH] mcstrans: fix RESOURCE_LEAK (CWE-772)
|
||||
|
||||
Fixes:
|
||||
Error: RESOURCE_LEAK (CWE-772): [#def1]
|
||||
mcstrans-3.2/src/mcstrans.c:1527: alloc_fn: Storage is returned from allocation function "compute_trans_from_raw".
|
||||
mcstrans-3.2/src/mcstrans.c:1527: var_assign: Assigning: "trans" = storage returned from "compute_trans_from_raw(range, domain)".
|
||||
mcstrans-3.2/src/mcstrans.c:1529: noescape: Resource "trans" is not freed or pointed-to in "add_cache".
|
||||
mcstrans-3.2/src/mcstrans.c:1515: overwrite_var: Overwriting "trans" in "trans = find_in_hashtable(range, domain, domain->raw_to_trans)" leaks the storage that "trans" points to.
|
||||
# 1513| domain_t *domain = domains;
|
||||
# 1514| for (;domain; domain = domain->next) {
|
||||
# 1515|-> trans = find_in_hashtable(range, domain, domain->raw_to_trans);
|
||||
# 1516| if (trans) break;
|
||||
# 1517|
|
||||
|
||||
Error: RESOURCE_LEAK (CWE-772): [#def2]
|
||||
mcstrans-3.2/src/mcstrans.c:1654: alloc_fn: Storage is returned from allocation function "compute_raw_from_trans".
|
||||
mcstrans-3.2/src/mcstrans.c:1654: var_assign: Assigning: "raw" = storage returned from "compute_raw_from_trans(range, domain)".
|
||||
mcstrans-3.2/src/mcstrans.c:1656: noescape: Resource "raw" is not freed or pointed-to in "find_in_hashtable".
|
||||
mcstrans-3.2/src/mcstrans.c:1669: noescape: Resource "raw" is not freed or pointed-to in "add_cache".
|
||||
mcstrans-3.2/src/mcstrans.c:1642: overwrite_var: Overwriting "raw" in "raw = find_in_hashtable(range, domain, domain->trans_to_raw)" leaks the storage that "raw" points to.
|
||||
# 1640| domain_t *domain = domains;
|
||||
# 1641| for (;domain; domain = domain->next) {
|
||||
# 1642|-> raw = find_in_hashtable(range, domain, domain->trans_to_raw);
|
||||
# 1643| if (raw) break;
|
||||
# 1644|
|
||||
|
||||
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
||||
---
|
||||
mcstrans/src/mcstrans.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index 8678418a1570..4e110e02f73a 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -1598,6 +1598,10 @@ trans_context(const char *incon, char **rcon) {
|
||||
}
|
||||
if (dashp)
|
||||
*dashp = '-';
|
||||
+ if (trans) {
|
||||
+ free(trans);
|
||||
+ trans = NULL;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (trans) {
|
||||
@@ -1769,6 +1773,10 @@ untrans_context(const char *incon, char **rcon) {
|
||||
}
|
||||
if (dashp)
|
||||
*dashp = '-';
|
||||
+ if (raw) {
|
||||
+ free(raw);
|
||||
+ raw = NULL;
|
||||
+ }
|
||||
}
|
||||
|
||||
if (raw) {
|
||||
--
|
||||
2.32.0
|
||||
|
|
@ -1,343 +0,0 @@
|
|||
From 0fd5d05f4c5cbe4fbeb445f1b0bccfe1833a7253 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Fri, 12 Nov 2021 16:41:58 +0100
|
||||
Subject: [PATCH] mcstrans: avoid missing prototypes
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Mark local functions static.
|
||||
Export functions of mcscolor.c in mcscolor.h and avoid bare extern
|
||||
function declarations.
|
||||
Drop unused function emit_whitespace().
|
||||
|
||||
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||
---
|
||||
mcstrans/src/mcscolor.c | 2 ++
|
||||
mcstrans/src/mcscolor.h | 8 ++++++
|
||||
mcstrans/src/mcstrans.c | 57 ++++++++++++++++++----------------------
|
||||
mcstrans/src/mcstrans.h | 1 -
|
||||
mcstrans/src/mcstransd.c | 13 +++------
|
||||
5 files changed, 38 insertions(+), 43 deletions(-)
|
||||
create mode 100644 mcstrans/src/mcscolor.h
|
||||
|
||||
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
|
||||
index a38388501db5..9ff0ce2f29f1 100644
|
||||
--- a/mcstrans/src/mcscolor.c
|
||||
+++ b/mcstrans/src/mcscolor.c
|
||||
@@ -11,6 +11,8 @@
|
||||
#include <syslog.h>
|
||||
#include <selinux/selinux.h>
|
||||
#include <selinux/context.h>
|
||||
+
|
||||
+#include "mcscolor.h"
|
||||
#include "mcstrans.h"
|
||||
|
||||
/* Define data structures */
|
||||
diff --git a/mcstrans/src/mcscolor.h b/mcstrans/src/mcscolor.h
|
||||
new file mode 100644
|
||||
index 000000000000..c37fe6ed5197
|
||||
--- /dev/null
|
||||
+++ b/mcstrans/src/mcscolor.h
|
||||
@@ -0,0 +1,8 @@
|
||||
+#ifndef __mcscolor_h__
|
||||
+#define __mcscolor_h__
|
||||
+
|
||||
+extern void finish_context_colors(void);
|
||||
+extern int init_colors(void);
|
||||
+extern int raw_color(const char *raw, char **color_str);
|
||||
+
|
||||
+#endif
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index e92dfddb0d20..09577ea0cc0b 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -136,7 +136,7 @@ typedef struct cat_constraint {
|
||||
|
||||
static cat_constraint_t *cat_constraints;
|
||||
|
||||
-unsigned int
|
||||
+static unsigned int
|
||||
hash(const char *str) {
|
||||
unsigned int hash = 5381;
|
||||
int c;
|
||||
@@ -213,7 +213,7 @@ parse_category(ebitmap_t *e, const char *raw, int allowinverse)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int
|
||||
+static int
|
||||
parse_ebitmap(ebitmap_t *e, ebitmap_t *def, const char *raw) {
|
||||
int rc = ebitmap_cpy(e, def);
|
||||
if (rc < 0)
|
||||
@@ -224,7 +224,7 @@ parse_ebitmap(ebitmap_t *e, ebitmap_t *def, const char *raw) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-mls_level_t *
|
||||
+static mls_level_t *
|
||||
parse_raw(const char *raw) {
|
||||
mls_level_t *mls = calloc(1, sizeof(mls_level_t));
|
||||
if (!mls)
|
||||
@@ -248,7 +248,7 @@ err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-void
|
||||
+static void
|
||||
destroy_word(word_t **list, word_t *word) {
|
||||
if (!word) {
|
||||
return;
|
||||
@@ -267,7 +267,7 @@ destroy_word(word_t **list, word_t *word) {
|
||||
free(word);
|
||||
}
|
||||
|
||||
-word_t *
|
||||
+static word_t *
|
||||
create_word(word_t **list, const char *text) {
|
||||
word_t *w = calloc(1, sizeof(word_t));
|
||||
if (!w) {
|
||||
@@ -291,7 +291,7 @@ err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-void
|
||||
+static void
|
||||
destroy_group(word_group_t **list, word_group_t *group) {
|
||||
for (; list && *list; list = &(*list)->next) {
|
||||
if (*list == group) {
|
||||
@@ -324,7 +324,7 @@ destroy_group(word_group_t **list, word_group_t *group) {
|
||||
free(group);
|
||||
}
|
||||
|
||||
-word_group_t *
|
||||
+static word_group_t *
|
||||
create_group(word_group_t **list, const char *name) {
|
||||
word_group_t *group = calloc(1, sizeof(word_group_t));
|
||||
if (!group)
|
||||
@@ -357,7 +357,7 @@ err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-void
|
||||
+static void
|
||||
destroy_domain(domain_t *domain) {
|
||||
int i;
|
||||
unsigned int rt = 0, tr = 0;
|
||||
@@ -401,7 +401,7 @@ destroy_domain(domain_t *domain) {
|
||||
syslog(LOG_INFO, "cache sizes: tr = %u, rt = %u", tr, rt);
|
||||
}
|
||||
|
||||
-domain_t *
|
||||
+static domain_t *
|
||||
create_domain(const char *name) {
|
||||
domain_t *domain = calloc(1, sizeof(domain_t));
|
||||
if (!domain) {
|
||||
@@ -425,7 +425,7 @@ err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-int
|
||||
+static int
|
||||
add_word(word_group_t *group, char *raw, char *trans) {
|
||||
if (strchr(trans,'-')) {
|
||||
log_error("'%s'is invalid because '-' is illegal in modifiers.\n", trans);
|
||||
@@ -451,7 +451,7 @@ add_word(word_group_t *group, char *raw, char *trans) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int
|
||||
+static int
|
||||
add_constraint(char op, char *raw, char *tok) {
|
||||
log_debug("%s\n", "add_constraint");
|
||||
ebitmap_t empty;
|
||||
@@ -521,7 +521,7 @@ add_constraint(char op, char *raw, char *tok) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int
|
||||
+static int
|
||||
violates_constraints(mls_level_t *l) {
|
||||
int nbits;
|
||||
sens_constraint_t *s;
|
||||
@@ -563,7 +563,7 @@ violates_constraints(mls_level_t *l) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-void
|
||||
+static void
|
||||
destroy_sens_constraint(sens_constraint_t **list, sens_constraint_t *constraint) {
|
||||
if (!constraint) {
|
||||
return;
|
||||
@@ -580,7 +580,7 @@ destroy_sens_constraint(sens_constraint_t **list, sens_constraint_t *constraint)
|
||||
free(constraint);
|
||||
}
|
||||
|
||||
-void
|
||||
+static void
|
||||
destroy_cat_constraint(cat_constraint_t **list, cat_constraint_t *constraint) {
|
||||
if (!constraint) {
|
||||
return;
|
||||
@@ -663,7 +663,7 @@ find_in_table(context_map_node_t **table, const char *key) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-char *
|
||||
+static char *
|
||||
trim(char *str, const char *whitespace) {
|
||||
char *p = str + strlen(str);
|
||||
|
||||
@@ -672,7 +672,7 @@ trim(char *str, const char *whitespace) {
|
||||
return str;
|
||||
}
|
||||
|
||||
-char *
|
||||
+static char *
|
||||
triml(char *str, const char *whitespace) {
|
||||
char *p = str;
|
||||
|
||||
@@ -681,7 +681,7 @@ triml(char *str, const char *whitespace) {
|
||||
return p;
|
||||
}
|
||||
|
||||
-int
|
||||
+static int
|
||||
update(char **p, char *const val) {
|
||||
free (*p);
|
||||
*p = strdup(val);
|
||||
@@ -692,7 +692,7 @@ update(char **p, char *const val) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int
|
||||
+static int
|
||||
append(affix_t **affixes, const char *val) {
|
||||
affix_t *affix = calloc(1, sizeof(affix_t));
|
||||
if (!affix) {
|
||||
@@ -887,7 +887,7 @@ init_translations(void) {
|
||||
return(read_translations(selinux_translations_path()));
|
||||
}
|
||||
|
||||
-char *
|
||||
+static char *
|
||||
extract_range(const char *incon) {
|
||||
context_t con = context_new(incon);
|
||||
if (!con) {
|
||||
@@ -910,7 +910,7 @@ extract_range(const char *incon) {
|
||||
return r;
|
||||
}
|
||||
|
||||
-char *
|
||||
+static char *
|
||||
new_context_str(const char *incon, const char *range) {
|
||||
char *rcon = NULL;
|
||||
context_t con = context_new(incon);
|
||||
@@ -931,7 +931,7 @@ exit:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-char *
|
||||
+static char *
|
||||
find_in_hashtable(const char *range, domain_t *domain, context_map_node_t **table) {
|
||||
char *trans = NULL;
|
||||
context_map_t *map = find_in_table(table, range);
|
||||
@@ -946,13 +946,6 @@ find_in_hashtable(const char *range, domain_t *domain, context_map_node_t **tabl
|
||||
return trans;
|
||||
}
|
||||
|
||||
-void
|
||||
-emit_whitespace(char*buffer, char *whitespace) {
|
||||
- strcat(buffer, "[");
|
||||
- strcat(buffer, whitespace);
|
||||
- strcat(buffer, "]");
|
||||
-}
|
||||
-
|
||||
static int
|
||||
string_size(const void *p1, const void *p2) {
|
||||
return strlen(*(char **)p2) - strlen(*(char **)p1);
|
||||
@@ -969,7 +962,7 @@ word_size(const void *p1, const void *p2) {
|
||||
return (w2_len - w1_len);
|
||||
}
|
||||
|
||||
-void
|
||||
+static void
|
||||
build_regexp(pcre **r, char *buffer) {
|
||||
const char *error;
|
||||
int error_offset;
|
||||
@@ -982,7 +975,7 @@ build_regexp(pcre **r, char *buffer) {
|
||||
buffer[0] = '\0';
|
||||
}
|
||||
|
||||
-int
|
||||
+static int
|
||||
build_regexps(domain_t *domain) {
|
||||
char buffer[1024 * 128];
|
||||
buffer[0] = '\0';
|
||||
@@ -1086,7 +1079,7 @@ build_regexps(domain_t *domain) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-char *
|
||||
+static char *
|
||||
compute_raw_from_trans(const char *level, domain_t *domain) {
|
||||
|
||||
#ifdef DEBUG
|
||||
@@ -1278,7 +1271,7 @@ err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
-char *
|
||||
+static char *
|
||||
compute_trans_from_raw(const char *level, domain_t *domain) {
|
||||
|
||||
#ifdef DEBUG
|
||||
diff --git a/mcstrans/src/mcstrans.h b/mcstrans/src/mcstrans.h
|
||||
index e5cda93b8a4b..0addb325e569 100644
|
||||
--- a/mcstrans/src/mcstrans.h
|
||||
+++ b/mcstrans/src/mcstrans.h
|
||||
@@ -6,4 +6,3 @@ extern int init_translations(void);
|
||||
extern void finish_context_translations(void);
|
||||
extern int trans_context(const char *, char **);
|
||||
extern int untrans_context(const char *, char **);
|
||||
-
|
||||
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
|
||||
index 59c152e73be1..536c0f32f23a 100644
|
||||
--- a/mcstrans/src/mcstransd.c
|
||||
+++ b/mcstrans/src/mcstransd.c
|
||||
@@ -16,6 +16,8 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/un.h>
|
||||
+
|
||||
+#include "mcscolor.h"
|
||||
#include "mcstrans.h"
|
||||
|
||||
#ifdef UNUSED
|
||||
@@ -43,15 +45,6 @@
|
||||
#define log_debug(fmt, ...) do {} while (0)
|
||||
#endif
|
||||
|
||||
-extern int init_translations(void);
|
||||
-extern void finish_context_translations(void);
|
||||
-extern int trans_context(const char *, char **);
|
||||
-extern int untrans_context(const char *, char **);
|
||||
-
|
||||
-extern int init_colors(void);
|
||||
-extern void finish_context_colors(void);
|
||||
-extern int raw_color(const char *, char **);
|
||||
-
|
||||
#define SETRANSD_PATHNAME "/sbin/mcstransd"
|
||||
|
||||
/* name of program (for error messages) */
|
||||
@@ -514,7 +507,7 @@ initialize(void)
|
||||
|
||||
}
|
||||
|
||||
-void dropprivs(void)
|
||||
+static void dropprivs(void)
|
||||
{
|
||||
cap_t new_caps;
|
||||
|
||||
--
|
||||
2.33.1
|
||||
|
|
@ -1,344 +0,0 @@
|
|||
From c8fea6b657cc256c43fc9c5dbe2c4e04677416c9 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Tue, 30 Nov 2021 12:04:25 +0100
|
||||
Subject: [PATCH] mcstrans: port to new PCRE2 from end-of-life PCRE
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Quoting pcre.org:
|
||||
|
||||
There are two major versions of the PCRE library. The current
|
||||
version, PCRE2, released in 2015, is now at version 10.39.
|
||||
|
||||
The older, but still widely deployed PCRE library, originally
|
||||
released in 1997, is at version 8.45. This version of PCRE is now at
|
||||
end of life, and is no longer being actively maintained. Version
|
||||
8.45 is expected to be the final release of the older PCRE library,
|
||||
and new projects should use PCRE2 instead.
|
||||
|
||||
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
||||
---
|
||||
mcstrans/Makefile | 6 ++
|
||||
mcstrans/src/Makefile | 4 +-
|
||||
mcstrans/src/mcstrans.c | 131 ++++++++++++++++++++++++++++------------
|
||||
mcstrans/utils/Makefile | 6 +-
|
||||
4 files changed, 104 insertions(+), 43 deletions(-)
|
||||
|
||||
diff --git a/mcstrans/Makefile b/mcstrans/Makefile
|
||||
index c993a9f52713..b20279ab984a 100644
|
||||
--- a/mcstrans/Makefile
|
||||
+++ b/mcstrans/Makefile
|
||||
@@ -1,3 +1,9 @@
|
||||
+PKG_CONFIG ?= pkg-config
|
||||
+PCRE_MODULE := libpcre2-8
|
||||
+PCRE_CFLAGS := $(shell $(PKG_CONFIG) --cflags $(PCRE_MODULE)) -DPCRE2_CODE_UNIT_WIDTH=8
|
||||
+PCRE_LDLIBS := $(shell $(PKG_CONFIG) --libs $(PCRE_MODULE))
|
||||
+export PCRE_MODULE PCRE_CFLAGS PCRE_LDLIBS
|
||||
+
|
||||
all:
|
||||
$(MAKE) -C src
|
||||
$(MAKE) -C utils
|
||||
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
|
||||
index 76ef055714e9..ef518625cd3b 100644
|
||||
--- a/mcstrans/src/Makefile
|
||||
+++ b/mcstrans/src/Makefile
|
||||
@@ -20,10 +20,10 @@ CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
|
||||
all: $(PROG)
|
||||
|
||||
$(PROG): $(PROG_OBJS) $(LIBSEPOLA)
|
||||
- $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LDLIBS_LIBSEPOLA)
|
||||
+ $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap $(PCRE_LDLIBS) $(LDLIBS_LIBSEPOLA)
|
||||
|
||||
%.o: %.c
|
||||
- $(CC) $(CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o $@ $<
|
||||
+ $(CC) $(CFLAGS) $(PCRE_CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o $@ $<
|
||||
|
||||
install: all
|
||||
test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
|
||||
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
|
||||
index 09577ea0cc0b..6e4bfd3b16bd 100644
|
||||
--- a/mcstrans/src/mcstrans.c
|
||||
+++ b/mcstrans/src/mcstrans.c
|
||||
@@ -26,7 +26,7 @@
|
||||
#include <selinux/context.h>
|
||||
#include <syslog.h>
|
||||
#include <errno.h>
|
||||
-#include <pcre.h>
|
||||
+#include <pcre2.h>
|
||||
#include <ctype.h>
|
||||
#include <time.h>
|
||||
#include <sys/time.h>
|
||||
@@ -36,7 +36,6 @@
|
||||
#include "mcstrans.h"
|
||||
|
||||
#define N_BUCKETS 1453
|
||||
-#define OVECCOUNT (512*3)
|
||||
|
||||
#define log_error(fmt, ...) fprintf(stderr, fmt, __VA_ARGS__)
|
||||
|
||||
@@ -82,9 +81,9 @@ typedef struct word_group {
|
||||
affix_t *suffixes;
|
||||
word_t *words;
|
||||
|
||||
- pcre *prefix_regexp;
|
||||
- pcre *word_regexp;
|
||||
- pcre *suffix_regexp;
|
||||
+ pcre2_code *prefix_regexp;
|
||||
+ pcre2_code *word_regexp;
|
||||
+ pcre2_code *suffix_regexp;
|
||||
|
||||
ebitmap_t def;
|
||||
|
||||
@@ -109,7 +108,7 @@ typedef struct domain {
|
||||
base_classification_t *base_classifications;
|
||||
word_group_t *groups;
|
||||
|
||||
- pcre *base_classification_regexp;
|
||||
+ pcre2_code *base_classification_regexp;
|
||||
struct domain *next;
|
||||
} domain_t;
|
||||
|
||||
@@ -317,9 +316,9 @@ destroy_group(word_group_t **list, word_group_t *group) {
|
||||
free(group->name);
|
||||
free(group->sword);
|
||||
free(group->join);
|
||||
- pcre_free(group->prefix_regexp);
|
||||
- pcre_free(group->word_regexp);
|
||||
- pcre_free(group->suffix_regexp);
|
||||
+ pcre2_code_free(group->prefix_regexp);
|
||||
+ pcre2_code_free(group->word_regexp);
|
||||
+ pcre2_code_free(group->suffix_regexp);
|
||||
ebitmap_destroy(&group->def);
|
||||
free(group);
|
||||
}
|
||||
@@ -392,7 +391,7 @@ destroy_domain(domain_t *domain) {
|
||||
free(domain->base_classifications);
|
||||
domain->base_classifications = next;
|
||||
}
|
||||
- pcre_free(domain->base_classification_regexp);
|
||||
+ pcre2_code_free(domain->base_classification_regexp);
|
||||
while (domain->groups)
|
||||
destroy_group(&domain->groups, domain->groups);
|
||||
free(domain->name);
|
||||
@@ -963,14 +962,16 @@ word_size(const void *p1, const void *p2) {
|
||||
}
|
||||
|
||||
static void
|
||||
-build_regexp(pcre **r, char *buffer) {
|
||||
- const char *error;
|
||||
- int error_offset;
|
||||
+build_regexp(pcre2_code **r, char *buffer) {
|
||||
+ int error;
|
||||
+ PCRE2_SIZE error_offset;
|
||||
if (*r)
|
||||
- pcre_free(*r);
|
||||
- *r = pcre_compile(buffer, PCRE_CASELESS, &error, &error_offset, NULL);
|
||||
- if (error) {
|
||||
- log_error("pcre=%s, error=%s\n", buffer, error ? error: "none");
|
||||
+ pcre2_code_free(*r);
|
||||
+ *r = pcre2_compile((PCRE2_SPTR8) buffer, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &error, &error_offset, NULL);
|
||||
+ if (!*r) {
|
||||
+ PCRE2_UCHAR errbuf[256];
|
||||
+ pcre2_get_error_message(error, errbuf, sizeof(errbuf));
|
||||
+ log_error("pcre compilation of '%s' failed at offset %zu: %s\n", buffer, error_offset, errbuf);
|
||||
}
|
||||
buffer[0] = '\0';
|
||||
}
|
||||
@@ -1088,12 +1089,12 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
|
||||
#endif
|
||||
|
||||
int rc = 0;
|
||||
- int ovector[OVECCOUNT];
|
||||
+ pcre2_match_data *match_data = NULL;
|
||||
word_group_t *g = NULL;
|
||||
char *work = NULL;
|
||||
char *r = NULL;
|
||||
- const char * match = NULL;
|
||||
- int work_len;
|
||||
+ char *match = NULL;
|
||||
+ size_t work_len;
|
||||
mls_level_t *mraw = NULL;
|
||||
ebitmap_t set, clear, tmp;
|
||||
|
||||
@@ -1114,11 +1115,20 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
|
||||
if (!domain->base_classification_regexp)
|
||||
goto err;
|
||||
log_debug(" compute_raw_from_trans work = %s\n", work);
|
||||
- rc = pcre_exec(domain->base_classification_regexp, 0, work, work_len, 0, PCRE_ANCHORED, ovector, OVECCOUNT);
|
||||
+ match_data = pcre2_match_data_create_from_pattern(domain->base_classification_regexp, NULL);
|
||||
+ if (!match_data) {
|
||||
+ log_error("allocation error %s", strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rc = pcre2_match(domain->base_classification_regexp, (PCRE2_SPTR8)work, work_len, 0, PCRE2_ANCHORED, match_data, NULL);
|
||||
if (rc > 0) {
|
||||
- match = NULL;
|
||||
- pcre_get_substring(work, ovector, rc, 0, &match);
|
||||
- log_debug(" compute_raw_from_trans match = %s len = %u\n", match, strlen(match));
|
||||
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
|
||||
+ match = strndup(work + ovector[0], ovector[1] - ovector[0]);
|
||||
+ if (!match) {
|
||||
+ log_error("allocation error %s", strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ log_debug(" compute_raw_from_trans match = %s len = %zu\n", match, strlen(match));
|
||||
base_classification_t *bc;
|
||||
for (bc = domain->base_classifications; bc; bc = bc->next) {
|
||||
if (!strcmp(bc->trans, match)) {
|
||||
@@ -1138,12 +1148,23 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
|
||||
char *p=work + ovector[0] + ovector[1];
|
||||
while (*p && (strchr(" ", *p) != NULL))
|
||||
*p++ = '#';
|
||||
- pcre_free((char *)match);
|
||||
+
|
||||
+ free(match);
|
||||
match = NULL;
|
||||
} else {
|
||||
- log_debug(" compute_raw_from_trans no base classification matched %s\n", level);
|
||||
+ switch (rc) {
|
||||
+ case PCRE2_ERROR_NOMATCH:
|
||||
+ log_debug(" compute_raw_from_trans no base classification matched %s\n", level);
|
||||
+ break;
|
||||
+ default:
|
||||
+ log_error("compute_raw_from_trans: base matching error for input '%s': %d\n", level, rc);
|
||||
+ break;
|
||||
+ }
|
||||
}
|
||||
|
||||
+ pcre2_match_data_free(match_data);
|
||||
+ match_data = NULL;
|
||||
+
|
||||
if (mraw == NULL) {
|
||||
goto err;
|
||||
}
|
||||
@@ -1154,23 +1175,43 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
|
||||
change = 0;
|
||||
for (g = domain->groups; g && !change && !complete; g = g->next) {
|
||||
int prefix = 0, suffix = 0;
|
||||
- int prefix_offset = 0, prefix_len = 0;
|
||||
- int suffix_offset = 0, suffix_len = 0;
|
||||
+ PCRE2_SIZE prefix_offset = 0, prefix_len = 0;
|
||||
+ PCRE2_SIZE suffix_offset = 0, suffix_len = 0;
|
||||
if (g->prefix_regexp) {
|
||||
- rc = pcre_exec(g->prefix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT);
|
||||
+ match_data = pcre2_match_data_create_from_pattern(g->prefix_regexp, NULL);
|
||||
+ if (!match_data) {
|
||||
+ log_error("allocation error %s", strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rc = pcre2_match(g->prefix_regexp, (PCRE2_SPTR8)work, work_len, 0, 0, match_data, NULL);
|
||||
if (rc > 0) {
|
||||
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
|
||||
prefix = 1;
|
||||
prefix_offset = ovector[0];
|
||||
prefix_len = ovector[1] - ovector[0];
|
||||
+ } else if (rc != PCRE2_ERROR_NOMATCH) {
|
||||
+ log_error("compute_raw_from_trans: prefix matching error for input '%s': %d\n", level, rc);
|
||||
}
|
||||
+ pcre2_match_data_free(match_data);
|
||||
+ match_data = NULL;
|
||||
}
|
||||
if (g->suffix_regexp) {
|
||||
- rc = pcre_exec(g->suffix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT);
|
||||
+ match_data = pcre2_match_data_create_from_pattern(g->suffix_regexp, NULL);
|
||||
+ if (!match_data) {
|
||||
+ log_error("allocation error %s", strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rc = pcre2_match(g->suffix_regexp, (PCRE2_SPTR8)work, work_len, 0, 0, match_data, NULL);
|
||||
if (rc > 0) {
|
||||
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
|
||||
suffix = 1;
|
||||
suffix_offset = ovector[0];
|
||||
suffix_len = ovector[1] - ovector[0];
|
||||
+ } else if (rc != PCRE2_ERROR_NOMATCH) {
|
||||
+ log_error("compute_raw_from_trans: suffix matching error for input '%s': %d\n", level, rc);
|
||||
}
|
||||
+ pcre2_match_data_free(match_data);
|
||||
+ match_data = NULL;
|
||||
}
|
||||
|
||||
/* anchors prefix ^, suffix $ */
|
||||
@@ -1179,14 +1220,23 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
|
||||
(g->suffixes && suffix)) &&
|
||||
g->word_regexp) {
|
||||
char *s = work + prefix_offset + prefix_len;
|
||||
- int l = (suffix_len ? suffix_offset : work_len) - prefix_len - prefix_offset;
|
||||
- rc = pcre_exec(g->word_regexp, 0, s, l, 0, 0, ovector, OVECCOUNT);
|
||||
+ PCRE2_SIZE len = (suffix_len ? suffix_offset : work_len) - prefix_len - prefix_offset;
|
||||
+ match_data = pcre2_match_data_create_from_pattern(g->word_regexp, NULL);
|
||||
+ if (!match_data) {
|
||||
+ log_error("allocation error %s", strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ rc = pcre2_match(g->word_regexp, (PCRE2_SPTR8)s, len, 0, 0, match_data, NULL);
|
||||
if (rc > 0) {
|
||||
- match = NULL;
|
||||
- pcre_get_substring(s, ovector, rc, 0, &match);
|
||||
- trim((char *)match, g->whitespace);
|
||||
+ const PCRE2_SIZE *ovector = pcre2_get_ovector_pointer(match_data);
|
||||
+ match = strndup(s + ovector[0], ovector[1] - ovector[0]);
|
||||
+ if (!match) {
|
||||
+ log_error("allocation error %s", strerror(errno));
|
||||
+ goto err;
|
||||
+ }
|
||||
+ trim(match, g->whitespace);
|
||||
if (*match) {
|
||||
- char *p = triml((char *)match, g->whitespace);
|
||||
+ char *p = triml(match, g->whitespace);
|
||||
while (p && *p) {
|
||||
int plen = strlen(p);
|
||||
unsigned int i;
|
||||
@@ -1223,9 +1273,13 @@ compute_raw_from_trans(const char *level, domain_t *domain) {
|
||||
memset(work + suffix_offset, '#', suffix_len);
|
||||
memset(s + ovector[0], '#', ovector[1] - ovector[0]);
|
||||
}
|
||||
- pcre_free((void *)match);
|
||||
+ free(match);
|
||||
match = NULL;
|
||||
+ } else if (rc != PCRE2_ERROR_NOMATCH) {
|
||||
+ log_error("compute_raw_from_trans: word matching error for input '%s' for substring '%s': %d\n", level, s, rc);
|
||||
}
|
||||
+ pcre2_match_data_free(match_data);
|
||||
+ match_data = NULL;
|
||||
}
|
||||
/* YYY */
|
||||
complete=1;
|
||||
@@ -1264,10 +1318,11 @@ err:
|
||||
mls_level_destroy(mraw);
|
||||
free(mraw);
|
||||
free(work);
|
||||
- pcre_free((void *)match);
|
||||
+ free(match);
|
||||
ebitmap_destroy(&tmp);
|
||||
ebitmap_destroy(&set);
|
||||
ebitmap_destroy(&clear);
|
||||
+ pcre2_match_data_free(match_data);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
|
||||
index 9dfe772332b4..a48f4e72acc0 100644
|
||||
--- a/mcstrans/utils/Makefile
|
||||
+++ b/mcstrans/utils/Makefile
|
||||
@@ -14,13 +14,13 @@ endif
|
||||
all: $(TARGETS)
|
||||
|
||||
transcon: transcon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
|
||||
- $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA)
|
||||
+ $(CC) $(LDFLAGS) -o $@ $^ $(PCRE_LDLIBS) -lselinux $(LDLIBS_LIBSEPOLA)
|
||||
|
||||
untranscon: untranscon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
|
||||
- $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA)
|
||||
+ $(CC) $(LDFLAGS) -o $@ $^ $(PCRE_LDLIBS) -lselinux $(LDLIBS_LIBSEPOLA)
|
||||
|
||||
%.o: %.c
|
||||
- $(CC) $(CFLAGS) -D_GNU_SOURCE -I../src -fPIE -c -o $@ $<
|
||||
+ $(CC) $(CFLAGS) $(PCRE_CFLAGS) -D_GNU_SOURCE -I../src -fPIE -c -o $@ $<
|
||||
|
||||
install: all
|
||||
-mkdir -p $(DESTDIR)$(SBINDIR)
|
||||
--
|
||||
2.33.1
|
||||
|
|
@ -1,30 +1,25 @@
|
|||
Summary: SELinux Translation Daemon
|
||||
Name: mcstrans
|
||||
Version: 3.3
|
||||
Version: 2.9
|
||||
Release: 2%{?dist}
|
||||
License: GPL+
|
||||
Url: https://github.com/SELinuxProject/selinux/wiki
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/3.3/mcstrans-3.3.tar.gz
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/20190315/mcstrans-2.9.tar.gz
|
||||
Source2: secolor.conf.8
|
||||
# fedora-selinux/selinux: git format-patch -N 3.3 -- mcstrans
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
# Patch list start
|
||||
Patch0001: 0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
|
||||
Patch0002: 0002-mcstrans-Fix-USER_AFTER_FREE-problem.patch
|
||||
Patch0003: 0003-mcstrans-Do-not-accept-incomplete-contexts.patch
|
||||
Patch0004: 0004-mcstrans-fix-RESOURCE_LEAK-CWE-772.patch
|
||||
Patch0005: 0005-mcstrans-avoid-missing-prototypes.patch
|
||||
Patch0006: 0006-mcstrans-port-to-new-PCRE2-from-end-of-life-PCRE.patch
|
||||
# Patch list end
|
||||
Patch0002: 0002-mcstrans-Do-not-accept-incomplete-contexts.patch
|
||||
Patch0003: 0003-Revert-mcstransd-select-correct-colour-range.patch
|
||||
Patch0004: 0004-Fix-mcstrans-secolor-examples.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: libselinux-devel >= %{version}
|
||||
BuildRequires: libcap-devel pcre2-devel libsepol-devel libsepol-static
|
||||
BuildRequires: libcap-devel pcre-devel libsepol-devel libsepol-static
|
||||
BuildRequires: systemd
|
||||
Requires: pcre2
|
||||
Requires: pcre
|
||||
%{?systemd_requires}
|
||||
Provides: setransd
|
||||
Provides: libsetrans
|
||||
Obsoletes: libsetrans
|
||||
|
||||
%description
|
||||
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
||||
|
@ -45,17 +40,15 @@ from internal representations to user defined representation.
|
|||
|
||||
%build
|
||||
%set_build_flags
|
||||
|
||||
%make_build LIBDIR="%{_libdir}"
|
||||
make LIBDIR="%{_libdir}" %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
mkdir -p %{buildroot}/%{_lib}
|
||||
mkdir -p %{buildroot}/%{_libdir}
|
||||
mkdir -p %{buildroot}%{_usr}/share/mcstrans
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/selinux/mls/setrans.d
|
||||
|
||||
%make_install LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" SBINDIR="%{_sbindir}"
|
||||
make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" SBINDIR="%{_sbindir}" install
|
||||
rm -f %{buildroot}%{_libdir}/*.a
|
||||
cp -r share/* %{buildroot}%{_usr}/share/mcstrans/
|
||||
# Systemd
|
||||
|
@ -64,6 +57,9 @@ ln -s %{_unitdir}/mcstrans.service %{buildroot}/%{_unitdir}/mcstransd.service
|
|||
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
|
||||
install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%post
|
||||
%systemd_post mcstransd.service
|
||||
|
||||
|
@ -74,12 +70,13 @@ install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
|||
%systemd_postun mcstransd.service
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,0755)
|
||||
%{_mandir}/man8/mcs.8.gz
|
||||
%{_mandir}/man8/mcstransd.8.gz
|
||||
%{_mandir}/man5/setrans.conf.5.gz
|
||||
%{_mandir}/man8/setrans.conf.8.gz
|
||||
%{_mandir}/ru/man8/mcs.8.gz
|
||||
%{_mandir}/ru/man8/mcstransd.8.gz
|
||||
%{_mandir}/ru/man5/setrans.conf.5.gz
|
||||
%{_mandir}/ru/man8/setrans.conf.8.gz
|
||||
%{_mandir}/man8/secolor.conf.8.gz
|
||||
/usr/sbin/mcstransd
|
||||
%{_unitdir}/mcstrans.service
|
||||
|
@ -97,83 +94,19 @@ install -m644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
|
|||
%{_usr}/share/mcstrans/util/*
|
||||
|
||||
%changelog
|
||||
* Fri Dec 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-2
|
||||
- Port to new PCRE2 from end-of-life PCRE
|
||||
* Fri Nov 08 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-2
|
||||
- Revert "mcstransd select correct colour range." (#1731451)
|
||||
- Fix mcstrans secolor examples (#1731451)
|
||||
|
||||
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
|
||||
- SELinux userspace 3.3 release
|
||||
|
||||
* Mon Oct 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
|
||||
- SELinux userspace 3.3-rc3 release
|
||||
|
||||
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
|
||||
- SELinux userspace 3.3-rc2 release
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-4
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Thu Aug 5 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-3
|
||||
- Fix RESOURCE_LEAK (CWE-772)
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Tue Mar 9 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-1
|
||||
- SELinux userspace 3.2 release
|
||||
|
||||
* Sun Feb 7 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc2.1
|
||||
- SELinux userspace 3.2-rc2 release
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-0.rc1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Fri Jan 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.2-0.rc1.1
|
||||
- SELinux userspace 3.2-rc1 release
|
||||
|
||||
* Tue Jul 28 2020 Tom Stellard <tstellar@redhat.com> - 3.1-3
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
|
||||
- SELinux userspace 3.1 release
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Dec 6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
|
||||
- SELinux userspace 3.0 release
|
||||
|
||||
* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc1.1
|
||||
- SELinux userspace 3.0-rc1 release candidate
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue Mar 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
||||
* Fri Apr 12 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1.2
|
||||
- SELinux userspace 2.9 release
|
||||
|
||||
* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
|
||||
- SELinux userspace 2.9-rc2 release
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Jan 30 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
|
||||
- Update to mcstrans-2.9-rc1
|
||||
* Sun Dec 16 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-2
|
||||
- Fix RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects
|
||||
|
||||
* Tue Oct 2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1
|
||||
- Update to mcstrans-2.8
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
|
|
Loading…
Reference in New Issue