powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
678 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: deeabdce5d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'deeabdce5d'
${ noResults }
base/SOURCES/coreutils-8.22-cp-selinux.p...

109 lines
3.7 KiB
Raw Blame History

From 2b3b5bfcd5f4161d17c0bc3d43f6edcfc4a2b294 Mon Sep 17 00:00:00 2001
From: Nicolas Looss <nicolas.iooss@m4x.org>
Date: Sat, 4 Jan 2014 03:03:51 +0000
Subject: [PATCH] copy: fix a segfault in SELinux context copying code
* src/selinux.c (restorecon_private): On ArchLinux the
`fakeroot cp -a file1 file2` command segfaulted due
to getfscreatecon() returning a NULL context.
So map this to the sometimes ignored ENODATA error,
rather than crashing.
* tests/cp/no-ctx.sh: Add a new test case.
* tests/local.mk: Reference the new test.
---
src/selinux.c | 5 ++++
tests/cp/no-ctx.sh | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
tests/local.mk | 1 +
3 files changed, 59 insertions(+), 0 deletions(-)
create mode 100755 tests/cp/no-ctx.sh
diff --git a/src/selinux.c b/src/selinux.c
index cd38a81..016db16 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local)
{
if (getfscreatecon (&tcon) < 0)
return rc;
+ if (!tcon)
+ {
+ errno = ENODATA;
+ return rc;
+ }
rc = lsetfilecon (path, tcon);
freecon (tcon);
return rc;
diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh
new file mode 100755
index 0000000..59d30de
--- /dev/null
+++ b/tests/cp/no-ctx.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+# Ensure we handle file systems returning no SELinux context,
+# which triggered a segmentation fault in coreutils-8.22.
+# This test is skipped on systems that lack LD_PRELOAD support; that's fine.
+# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine.
+
+# Copyright (C) 2014 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
+print_ver_ cp
+require_gcc_shared_
+
+# Replace each getfilecon and lgetfilecon call with a call to these stubs.
+cat > k.c <<'EOF' || skip_
+#include <selinux/selinux.h>
+#include <errno.h>
+
+int getfilecon (const char *path, security_context_t *con)
+{ errno=ENODATA; return -1; }
+int lgetfilecon (const char *path, security_context_t *con)
+{ errno=ENODATA; return -1; }
+EOF
+
+# Then compile/link it:
+$CC -shared -fPIC -O2 k.c -o k.so \
+ || skip_ 'failed to build SELinux shared library'
+
+touch file_src
+
+# New file with SELinux context optionally included
+LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1
+
+# Existing file with SELinux context optionally included
+LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1
+
+# ENODATA should give an immediate error when required to preserve ctx
+# This is debatable, and maybe we should not fail when no context available?
+LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1
+
+Exit $fail
diff --git a/tests/local.mk b/tests/local.mk
index dc7341c..9d556f6 100644
--- a/tests/local.mk
+++ b/tests/local.mk
@@ -161,6 +161,7 @@ all_tests = \
tests/rm/ext3-perf.sh \
tests/rm/cycle.sh \
tests/cp/link-heap.sh \
+ tests/cp/no-ctx.sh \
tests/misc/tty-eof.pl \
tests/tail-2/inotify-hash-abuse.sh \
tests/tail-2/inotify-hash-abuse2.sh \
--
1.7.7.6