powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

libselinux package update 

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
3046eac49e
commit
decdbe3544
4 changed files with 360 additions and 360 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 414
      SOURCES/libselinux-rhel.patch
  2. 2
      SPECS/libselinux.spec

414
SOURCES/libselinux-rhel.patch
Unescape View File

@ -21,8 +21,8 @@ index 24673dd..41507e4 100644 @@ -21,8 +21,8 @@ index 24673dd..41507e4 100644
+ * procattr: return error on invalid pid_t input, from Daniel Cashman.
+
2.5 2016-02-23
* selinux_restorecon.3 man page corrections, from Richard Haines.
* Add selinux_restorecon function, from Richard Haines.
* selinux_restorecon.3 man page corrections, from Richard Haines.
* Add selinux_restorecon function, from Richard Haines.
diff --git libselinux-2.5/Makefile libselinux-2.5/Makefile
index 6142b60..bdf9de8 100644
--- libselinux-2.5/Makefile
@ -739,84 +739,84 @@ index 12745b3..7aca3f0 100644 @@ -739,84 +739,84 @@ index 12745b3..7aca3f0 100644
--- libselinux-2.5/src/audit2why.c
+++ libselinux-2.5/src/audit2why.c
@@ -206,7 +206,7 @@ static int __policy_init(const char *init_path)
"unable to open %s: %s\n",
path, strerror(errno));
PyErr_SetString( PyExc_ValueError, errormsg);
"unable to open %s: %s\n",
path, strerror(errno));
PyErr_SetString( PyExc_ValueError, errormsg);
- return 1;
+ return -1;
}
} else {
const char *curpolicy = selinux_current_policy_path();
}
} else {
const char *curpolicy = selinux_current_policy_path();
@@ -215,7 +215,7 @@ static int __policy_init(const char *init_path)
snprintf(errormsg, sizeof(errormsg),
"You must specify the -p option with the path to the policy file.\n");
PyErr_SetString( PyExc_ValueError, errormsg);
snprintf(errormsg, sizeof(errormsg),
"You must specify the -p option with the path to the policy file.\n");
PyErr_SetString( PyExc_ValueError, errormsg);
- return 1;
+ return -1;
}
fp = fopen(curpolicy, "r");
if (!fp) {
}
fp = fopen(curpolicy, "r");
if (!fp) {
@@ -224,7 +224,7 @@ static int __policy_init(const char *init_path)
curpolicy,
strerror(errno));
PyErr_SetString( PyExc_ValueError, errormsg);
curpolicy,
strerror(errno));
PyErr_SetString( PyExc_ValueError, errormsg);
- return 1;
+ return -1;
}
}
}
}
@@ -232,7 +232,7 @@ static int __policy_init(const char *init_path)
if (!avc) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
fclose(fp);
if (!avc) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
fclose(fp);
- return 1;
+ return -1;
}
}
/* Set up a policydb directly so that we can mutate it later
/* Set up a policydb directly so that we can mutate it later
@@ -244,7 +244,7 @@ static int __policy_init(const char *init_path)
"policydb_init failed: %s\n", strerror(errno));
PyErr_SetString( PyExc_RuntimeError, errormsg);
fclose(fp);
"policydb_init failed: %s\n", strerror(errno));
PyErr_SetString( PyExc_RuntimeError, errormsg);
fclose(fp);
- return 1;
+ return -1;
}
sepol_policy_file_set_fp(pf, fp);
if (sepol_policydb_read(avc->policydb, pf)) {
}
sepol_policy_file_set_fp(pf, fp);
if (sepol_policydb_read(avc->policydb, pf)) {
@@ -252,7 +252,7 @@ static int __policy_init(const char *init_path)
"invalid binary policy %s\n", path);
PyErr_SetString( PyExc_ValueError, errormsg);
fclose(fp);
"invalid binary policy %s\n", path);
PyErr_SetString( PyExc_ValueError, errormsg);
fclose(fp);
- return 1;
+ return -1;
}
fclose(fp);
sepol_set_policydb(&avc->policydb->p);
}
fclose(fp);
sepol_set_policydb(&avc->policydb->p);
@@ -264,13 +264,13 @@ static int __policy_init(const char *init_path)
avc->policydb, &cnt);
if (rc < 0) {
PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
avc->policydb, &cnt);
if (rc < 0) {
PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
- return 1;
+ return -1;
}
}
boollist = calloc(cnt, sizeof(*boollist));
if (!boollist) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
boollist = calloc(cnt, sizeof(*boollist));
if (!boollist) {
PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
- return 1;
+ return -1;
}
}
sepol_bool_iterate(avc->handle, avc->policydb,
sepol_bool_iterate(avc->handle, avc->policydb,
@@ -282,7 +282,7 @@ static int __policy_init(const char *init_path)
if (rc < 0) {
PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n");
free(boollist);
if (rc < 0) {
PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n");
free(boollist);
- return 1;
+ return -1;
}
sepol_set_sidtab(&sidtab);
return 0;
}
sepol_set_sidtab(&sidtab);
return 0;
@@ -298,6 +298,8 @@ static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
if (!PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
return NULL;
@ -827,167 +827,167 @@ index 12745b3..7aca3f0 100644 @@ -827,167 +827,167 @@ index 12745b3..7aca3f0 100644
}
@@ -343,8 +345,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
if (rc < 0)
RETURN(BADTCON)
if (rc < 0)
RETURN(BADTCON)
- tclass = string_to_security_class(tclassstr);
- if (!tclass)
+ rc = sepol_string_to_security_class(tclassstr, &tclass);
+ if (rc < 0)
RETURN(BADTCLASS)
RETURN(BADTCLASS)
/* Convert the permission list to an AV. */
/* Convert the permission list to an AV. */
@@ -365,8 +367,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
permstr = PyString_AsString( strObj );
permstr = PyString_AsString( strObj );
#endif
- perm = string_to_av_perm(tclass, permstr);
- if (!perm)
+ rc = sepol_string_to_av_perm(tclass, permstr, &perm);
+ if (rc < 0)
RETURN(BADPERM)
RETURN(BADPERM)
av |= perm;
av |= perm;
diff --git libselinux-2.5/src/avc_sidtab.c libselinux-2.5/src/avc_sidtab.c
index 9669264..c775430 100644
--- libselinux-2.5/src/avc_sidtab.c
+++ libselinux-2.5/src/avc_sidtab.c
@@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s,
int hvalue, rc = 0;
struct sidtab_node *cur;
int hvalue, rc = 0;
struct sidtab_node *cur;
+ if (! ctx) {
+ errno=EINVAL;
+ return -1;
+ }
+
*sid = NULL;
hvalue = sidtab_hash(ctx);
*sid = NULL;
hvalue = sidtab_hash(ctx);
diff --git libselinux-2.5/src/booleans.c libselinux-2.5/src/booleans.c
index 4b39a28..6a96b4a 100644
--- libselinux-2.5/src/booleans.c
+++ libselinux-2.5/src/booleans.c
@@ -53,6 +53,7 @@ int security_get_boolean_names(char ***names, int *len)
snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR);
*len = scandir(path, &namelist, &filename_select, alphasort);
if (*len <= 0) {
snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR);
*len = scandir(path, &namelist, &filename_select, alphasort);
if (*len <= 0) {
+ errno = ENOENT;
return -1;
}
return -1;
}
diff --git libselinux-2.5/src/canonicalize_context.c libselinux-2.5/src/canonicalize_context.c
index 7cf3139..364a746 100644
--- libselinux-2.5/src/canonicalize_context.c
+++ libselinux-2.5/src/canonicalize_context.c
@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const char * con,
size_t size;
int fd, ret;
size_t size;
int fd, ret;
+ if (! con) {
+ errno=EINVAL;
+ return -1;
+ }
+
if (!selinux_mnt) {
errno = ENOENT;
return -1;
if (!selinux_mnt) {
errno = ENOENT;
return -1;
diff --git libselinux-2.5/src/check_context.c libselinux-2.5/src/check_context.c
index 52063fa..234749c 100644
--- libselinux-2.5/src/check_context.c
+++ libselinux-2.5/src/check_context.c
@@ -14,6 +14,11 @@ int security_check_context_raw(const char * con)
char path[PATH_MAX];
int fd, ret;
char path[PATH_MAX];
int fd, ret;
+ if (! con) {
+ errno=EINVAL;
+ return -1;
+ }
+
if (!selinux_mnt) {
errno = ENOENT;
return -1;
if (!selinux_mnt) {
errno = ENOENT;
return -1;
diff --git libselinux-2.5/src/compute_av.c libselinux-2.5/src/compute_av.c
index 937e5c3..35ace7f 100644
--- libselinux-2.5/src/compute_av.c
+++ libselinux-2.5/src/compute_av.c
@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const char * scon,
return -1;
}
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/access", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
snprintf(path, sizeof path, "%s/access", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git libselinux-2.5/src/compute_create.c libselinux-2.5/src/compute_create.c
index 9559d42..14a65d1 100644
--- libselinux-2.5/src/compute_create.c
+++ libselinux-2.5/src/compute_create.c
@@ -64,6 +64,11 @@ int security_compute_create_name_raw(const char * scon,
return -1;
}
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/create", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
snprintf(path, sizeof path, "%s/create", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git libselinux-2.5/src/compute_member.c libselinux-2.5/src/compute_member.c
index 1fc7e41..065d996 100644
--- libselinux-2.5/src/compute_member.c
+++ libselinux-2.5/src/compute_member.c
@@ -25,6 +25,11 @@ int security_compute_member_raw(const char * scon,
return -1;
}
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/member", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
snprintf(path, sizeof path, "%s/member", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git libselinux-2.5/src/compute_relabel.c libselinux-2.5/src/compute_relabel.c
index 4615aee..cc77f36 100644
--- libselinux-2.5/src/compute_relabel.c
+++ libselinux-2.5/src/compute_relabel.c
@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const char * scon,
return -1;
}
return -1;
}
+ if ((! scon) || (! tcon)) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git libselinux-2.5/src/compute_user.c libselinux-2.5/src/compute_user.c
index b37c5d3..7703c26 100644
--- libselinux-2.5/src/compute_user.c
+++ libselinux-2.5/src/compute_user.c
@@ -24,6 +24,11 @@ int security_compute_user_raw(const char * scon,
return -1;
}
return -1;
}
+ if (! scon) {
+ errno=EINVAL;
+ return -1;
+ }
+
snprintf(path, sizeof path, "%s/user", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
snprintf(path, sizeof path, "%s/user", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff --git libselinux-2.5/src/exception.sh libselinux-2.5/src/exception.sh
index b7cff7e..a58bf3f 100755
--- libselinux-2.5/src/exception.sh
@ -1028,9 +1028,9 @@ index 52707d0..0cbe12d 100644 @@ -1028,9 +1028,9 @@ index 52707d0..0cbe12d 100644
+ return -1;
+ }
+ rc = fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0);
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
diff --git libselinux-2.5/src/init.c libselinux-2.5/src/init.c
index 3db4de0..3c687a2 100644
--- libselinux-2.5/src/init.c
@ -1049,14 +1049,14 @@ index 3db4de0..3c687a2 100644 @@ -1049,14 +1049,14 @@ index 3db4de0..3c687a2 100644
{
- int exists = 0, mnt_rc = 0;
+ int exists = 0;
FILE *fp = NULL;
char *buf = NULL;
size_t len;
ssize_t num;
FILE *fp = NULL;
char *buf = NULL;
size_t len;
ssize_t num;
- mnt_rc = mount("proc", "/proc", "proc", 0, 0);
-
fp = fopen("/proc/filesystems", "r");
fp = fopen("/proc/filesystems", "r");
- if (!fp) {
- exists = 1; /* Fail as if it exists */
- goto out;
@ -1064,13 +1064,13 @@ index 3db4de0..3c687a2 100644 @@ -1064,13 +1064,13 @@ index 3db4de0..3c687a2 100644
-
+ if (!fp)
+ return 1; /* Fail as if it exists */
__fsetlocking(fp, FSETLOCKING_BYCALLER);
__fsetlocking(fp, FSETLOCKING_BYCALLER);
num = getline(&buf, &len, fp);
num = getline(&buf, &len, fp);
@@ -84,14 +78,6 @@ int selinuxfs_exists(void)
free(buf);
fclose(fp);
free(buf);
fclose(fp);
-
-out:
-#ifndef MNT_DETACH
@ -1079,7 +1079,7 @@ index 3db4de0..3c687a2 100644 @@ -1079,7 +1079,7 @@ index 3db4de0..3c687a2 100644
- if (mnt_rc == 0)
- umount2("/proc", MNT_DETACH);
-
return exists;
return exists;
}
hidden_def(selinuxfs_exists)
diff --git libselinux-2.5/src/label_file.c libselinux-2.5/src/label_file.c
@ -1087,9 +1087,9 @@ index 071d902..c89bb35 100644 @@ -1087,9 +1087,9 @@ index 071d902..c89bb35 100644
--- libselinux-2.5/src/label_file.c
+++ libselinux-2.5/src/label_file.c
@@ -388,18 +388,21 @@ static int load_mmap(struct selabel_handle *rec, const char *path,
rc = -1;
goto err;
}
rc = -1;
goto err;
}
- spec->lsd.study_data = (void *)mmap_area->next_addr;
- spec->lsd.flags |= PCRE_EXTRA_STUDY_DATA;
- rc = next_entry(NULL, mmap_area, entry_len);
@ -1116,9 +1116,9 @@ index 071d902..c89bb35 100644 @@ -1116,9 +1116,9 @@ index 071d902..c89bb35 100644
+ rc = -1;
+ goto err;
+ }
}
}
data->nspec++;
data->nspec++;
diff --git libselinux-2.5/src/label_file.h libselinux-2.5/src/label_file.h
index 72fed1f..6d1e890 100644
--- libselinux-2.5/src/label_file.h
@ -1136,7 +1136,7 @@ index 72fed1f..6d1e890 100644 @@ -1136,7 +1136,7 @@ index 72fed1f..6d1e890 100644
+ else
+ return NULL;
+ } else
return spec->sd;
return spec->sd;
}
diff --git libselinux-2.5/src/load_policy.c libselinux-2.5/src/load_policy.c
@ -1153,37 +1153,37 @@ index 21ee58b..4f39fc7 100644 @@ -1153,37 +1153,37 @@ index 21ee58b..4f39fc7 100644
+
int security_load_policy(void *data, size_t len)
{
char path[PATH_MAX];
char path[PATH_MAX];
@@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforce)
fclose(cfg);
free(buf);
}
fclose(cfg);
free(buf);
}
-#ifndef MNT_DETACH
-#define MNT_DETACH 2
-#endif
- if (rc == 0)
- umount2("/proc", MNT_DETACH);
/*
* Determine the final desired mode.
/*
* Determine the final desired mode.
@@ -400,11 +399,17 @@ int selinux_init_load_policy(int *enforce)
/* Only emit this error if selinux was not disabled */
fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno));
}
/* Only emit this error if selinux was not disabled */
fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno));
}
+
+ if (rc == 0)
+ umount2("/proc", MNT_DETACH);
goto noload;
}
set_selinuxmnt(mntpoint);
goto noload;
}
set_selinuxmnt(mntpoint);
+ if (rc == 0)
+ umount2("/proc", MNT_DETACH);
+
/*
* Note: The following code depends on having selinuxfs
* already mounted and selinuxmnt set above.
/*
* Note: The following code depends on having selinuxfs
* already mounted and selinuxmnt set above.
diff --git libselinux-2.5/src/lsetfilecon.c libselinux-2.5/src/lsetfilecon.c
index 1d3b28a..ea6d70b 100644
--- libselinux-2.5/src/lsetfilecon.c
@ -1201,9 +1201,9 @@ index 1d3b28a..ea6d70b 100644 @@ -1201,9 +1201,9 @@ index 1d3b28a..ea6d70b 100644
+ }
+
+ rc = lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0);
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
diff --git libselinux-2.5/src/matchpathcon.c libselinux-2.5/src/matchpathcon.c
index 5b495a0..d92ed79 100644
--- libselinux-2.5/src/matchpathcon.c
@ -1218,16 +1218,16 @@ index 5b495a0..d92ed79 100644 @@ -1218,16 +1218,16 @@ index 5b495a0..d92ed79 100644
#include "callbacks.h"
@@ -62,7 +63,7 @@ static void
{
va_list ap;
va_start(ap, fmt);
va_list ap;
va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
+ vsyslog(LOG_ERR, fmt, ap);
va_end(ap);
va_end(ap);
}
@@ -361,12 +362,6 @@ int realpath_not_final(const char *name, char *resolved_path)
goto out;
}
goto out;
}
- /* strip leading // */
- while (tmp_path[len] && tmp_path[len] == '/' &&
@ -1235,13 +1235,13 @@ index 5b495a0..d92ed79 100644 @@ -1235,13 +1235,13 @@ index 5b495a0..d92ed79 100644
- tmp_path++;
- len++;
- }
last_component = strrchr(tmp_path, '/');
last_component = strrchr(tmp_path, '/');
if (last_component == tmp_path) {
if (last_component == tmp_path) {
@@ -470,6 +465,17 @@ int selinux_file_context_verify(const char *path, mode_t mode)
char * con = NULL;
char * fcontext = NULL;
int rc = 0;
char * con = NULL;
char * fcontext = NULL;
int rc = 0;
+ char stackpath[PATH_MAX + 1];
+ char *p = NULL;
+
@ -1254,38 +1254,38 @@ index 5b495a0..d92ed79 100644 @@ -1254,38 +1254,38 @@ index 5b495a0..d92ed79 100644
+ path = p;
+ }
rc = lgetfilecon_raw(path, &con);
if (rc == -1) {
rc = lgetfilecon_raw(path, &con);
if (rc == -1) {
diff --git libselinux-2.5/src/procattr.c libselinux-2.5/src/procattr.c
index 527a0a5..eee4612 100644
--- libselinux-2.5/src/procattr.c
+++ libselinux-2.5/src/procattr.c
@@ -70,9 +70,9 @@ static int openattr(pid_t pid, const char *attr, int flags)
char *path;
pid_t tid;
char *path;
pid_t tid;
- if (pid > 0)
+ if (pid > 0) {
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
- else {
+ } else if (pid == 0) {
rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
if (rc < 0)
return -1;
rc = asprintf(&path, "/proc/thread-self/attr/%s", attr);
if (rc < 0)
return -1;
@@ -82,6 +82,9 @@ static int openattr(pid_t pid, const char *attr, int flags)
free(path);
tid = gettid();
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
free(path);
tid = gettid();
rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ } else {
+ errno = EINVAL;
+ return -1;
}
if (rc < 0)
return -1;
}
if (rc < 0)
return -1;
@@ -303,11 +306,21 @@ static int setprocattrcon(const char * context,
#define getpidattr_def(fn, attr) \
int get##fn##_raw(pid_t pid, char **c) \
{ \
int get##fn##_raw(pid_t pid, char **c) \
{ \
- return getprocattrcon_raw(c, pid, #attr); \
+ if (pid <= 0) { \
+ errno = EINVAL; \
@ -1293,9 +1293,9 @@ index 527a0a5..eee4612 100644 @@ -1293,9 +1293,9 @@ index 527a0a5..eee4612 100644
+ } else { \
+ return getprocattrcon_raw(c, pid, #attr); \
+ } \
} \
int get##fn(pid_t pid, char **c) \
{ \
} \
int get##fn(pid_t pid, char **c) \
{ \
- return getprocattrcon(c, pid, #attr); \
+ if (pid <= 0) { \
+ errno = EINVAL; \
@ -1303,7 +1303,7 @@ index 527a0a5..eee4612 100644 @@ -1303,7 +1303,7 @@ index 527a0a5..eee4612 100644
+ } else { \
+ return getprocattrcon(c, pid, #attr); \
+ } \
}
}
all_selfattr_def(con, current)
diff --git libselinux-2.5/src/selinux_config.c libselinux-2.5/src/selinux_config.c
@ -1333,7 +1333,7 @@ index bec5f3b..c519a77 100644 @@ -1333,7 +1333,7 @@ index bec5f3b..c519a77 100644
+
const char *selinux_systemd_contexts_path(void)
{
return get_path(SYSTEMD_CONTEXTS);
return get_path(SYSTEMD_CONTEXTS);
diff --git libselinux-2.5/src/selinux_internal.h libselinux-2.5/src/selinux_internal.h
index 46566f6..9b9145c 100644
--- libselinux-2.5/src/selinux_internal.h
@ -1351,23 +1351,23 @@ index 17ed6fe..d2c2402 100644 @@ -1351,23 +1351,23 @@ index 17ed6fe..d2c2402 100644
--- libselinux-2.5/src/selinux_restorecon.c
+++ libselinux-2.5/src/selinux_restorecon.c
@@ -245,25 +245,41 @@ int selinux_restorecon(const char *pathname_orig,
* realpath of containing dir, then appending last component name.
*/
if (userealpath) {
* realpath of containing dir, then appending last component name.
*/
if (userealpath) {
- pathbname = basename((char *)pathname_orig);
+ char *basename_cpy = strdup(pathname_orig);
+ if (!basename_cpy)
+ goto realpatherr;
+ pathbname = basename(basename_cpy);
if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||
!strcmp(pathbname, "..")) {
pathname = realpath(pathname_orig, NULL);
if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||
!strcmp(pathbname, "..")) {
pathname = realpath(pathname_orig, NULL);
- if (!pathname)
+ if (!pathname) {
+ free(basename_cpy);
goto realpatherr;
goto realpatherr;
+ }
} else {
} else {
- pathdname = dirname((char *)pathname_orig);
+ char *dirname_cpy = strdup(pathname_orig);
+ if (!dirname_cpy) {
@ -1375,28 +1375,28 @@ index 17ed6fe..d2c2402 100644 @@ -1375,28 +1375,28 @@ index 17ed6fe..d2c2402 100644
+ goto realpatherr;
+ }
+ pathdname = dirname(dirname_cpy);
pathdnamer = realpath(pathdname, NULL);
pathdnamer = realpath(pathdname, NULL);
- if (!pathdnamer)
+ free(dirname_cpy);
+ if (!pathdnamer) {
+ free(basename_cpy);
goto realpatherr;
goto realpatherr;
+ }
if (!strcmp(pathdnamer, "/"))
error = asprintf(&pathname, "/%s", pathbname);
else
error = asprintf(&pathname, "%s/%s",
pathdnamer, pathbname);
if (!strcmp(pathdnamer, "/"))
error = asprintf(&pathname, "/%s", pathbname);
else
error = asprintf(&pathname, "%s/%s",
pathdnamer, pathbname);
- if (error < 0)
+ if (error < 0) {
+ free(basename_cpy);
goto oom;
goto oom;
+ }
}
}
+ free(basename_cpy);
} else {
pathname = strdup(pathname_orig);
if (!pathname)
} else {
pathname = strdup(pathname_orig);
if (!pathname)
diff --git libselinux-2.5/src/selinuxswig_python.i libselinux-2.5/src/selinuxswig_python.i
index 8cea18d..592d70c 100644
--- libselinux-2.5/src/selinuxswig_python.i
@ -1421,14 +1421,14 @@ index e72ba0d..9c821f8 100644 @@ -1421,14 +1421,14 @@ index e72ba0d..9c821f8 100644
--- libselinux-2.5/src/setexecfilecon.c
+++ libselinux-2.5/src/setexecfilecon.c
@@ -45,7 +45,7 @@ int setexecfilecon(const char *filename, const char *fallback_type)
goto out;
goto out;
out:
- if (rc < 0 && security_getenforce() == 0)
+ if (rc < 0 && security_getenforce() < 1)
rc = 0;
rc = 0;
context_free(con);
context_free(con);
diff --git libselinux-2.5/src/setfilecon.c libselinux-2.5/src/setfilecon.c
index d05969c..3f0200e 100644
--- libselinux-2.5/src/setfilecon.c
@ -1445,9 +1445,9 @@ index d05969c..3f0200e 100644 @@ -1445,9 +1445,9 @@ index d05969c..3f0200e 100644
+ return -1;
+ }
+ rc = setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0);
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL;
int err = errno;
diff --git libselinux-2.5/utils/.gitignore libselinux-2.5/utils/.gitignore
index 060eaab..ed3bf0b 100644
--- libselinux-2.5/utils/.gitignore
@ -1493,19 +1493,19 @@ index d1f1348..0288feb 100644 @@ -1493,19 +1493,19 @@ index d1f1348..0288feb 100644
@@ -15,7 +15,7 @@
static void usage(const char *progname)
{
fprintf(stderr,
fprintf(stderr,
- "usage: %s [-N] [-n] [-f file_contexts] [ -P policy_root_path ] [-p prefix] [-Vq] path...\n",
+ "usage: %s [-V] [-N] [-n] [-m type] [-f file_contexts_file] [-p prefix] [-P policy_root_path] filepath...\n",
progname);
exit(1);
progname);
exit(1);
}
diff --git libselinux-2.5/utils/sefcontext_compile.c libselinux-2.5/utils/sefcontext_compile.c
index d2578b6..fd6fb78 100644
--- libselinux-2.5/utils/sefcontext_compile.c
+++ libselinux-2.5/utils/sefcontext_compile.c
@@ -228,10 +228,13 @@ static int write_binary_file(struct saved_data *data, int fd)
if (len != to_write)
goto err;
if (len != to_write)
goto err;
- /* determine the size of the pcre study info */
- rc = pcre_fullinfo(re, sd, PCRE_INFO_STUDYSIZE, &size);
@ -1519,11 +1519,11 @@ index d2578b6..fd6fb78 100644 @@ -1519,11 +1519,11 @@ index d2578b6..fd6fb78 100644
+ } else
+ size = 0;
/* write the number of bytes in the pcre study data */
to_write = size;
/* write the number of bytes in the pcre study data */
to_write = size;
@@ -239,10 +242,12 @@ static int write_binary_file(struct saved_data *data, int fd)
if (len != 1)
goto err;
if (len != 1)
goto err;
- /* write the actual pcre study data as a char array */
- len = fwrite(sd->study_data, 1, to_write, bin_file);
@ -1535,6 +1535,6 @@ index d2578b6..fd6fb78 100644 @@ -1535,6 +1535,6 @@ index d2578b6..fd6fb78 100644
+ if (len != to_write)
+ goto err;
+ }
}
}
rc = 0;
rc = 0;

2
SPECS/libselinux.spec
Unescape View File

@ -1540,7 +1540,7 @@ Resolves: #200110 @@ -1540,7 +1540,7 @@ Resolves: #200110
* Tue Oct 24 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-1
- Upgrade to latest from NSA
* Merged updated flask definitions from Darrel Goeddel.
This adds the context security class, and also adds
This adds the context security class, and also adds
the string definitions for setsockcreate and polmatch.

* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.32-1

Write Preview
Loading…
Cancel
Save