RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-03-11 04:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

libselinux: simplify policy path logic to avoid uninitialized read

Browse Source 
In case the function __policy_init() gets called with a NULL pointer,
the stack variable path remains uninitialized (except at its last
index).  If parsing the binary policy fails in sepol_policydb_read() the
error branch would access those uninitialized memory.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche 2022-05-10 20:20:36 +02:00 committed by James Carter
parent abaf812c38
commit 31e3537624
1 changed files with 13 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
libselinux/src/audit2why.c
View File

@ -192,25 +192,16 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args)
static int __policy_init(const char *init_path)
{
FILE *fp;
char path[PATH_MAX];
const char *curpolicy;
char errormsg[PATH_MAX+1024+20];
struct sepol_policy_file *pf = NULL;
int rc;
unsigned int cnt;
path[PATH_MAX-1] = '\0';
if (init_path) {
strncpy(path, init_path, PATH_MAX-1);
fp = fopen(path, "re");
if (!fp) {
snprintf(errormsg, sizeof(errormsg),
"unable to open %s: %m\n",
path);
PyErr_SetString( PyExc_ValueError, errormsg);
return 1;
}
curpolicy = init_path;
} else {
const char *curpolicy = selinux_current_policy_path();
curpolicy = selinux_current_policy_path();
if (!curpolicy) {
/* SELinux disabled, must use -p option. */
snprintf(errormsg, sizeof(errormsg),
@ -218,14 +209,15 @@ static int __policy_init(const char *init_path)
PyErr_SetString( PyExc_ValueError, errormsg);
return 1;
}
fp = fopen(curpolicy, "re");
if (!fp) {
snprintf(errormsg, sizeof(errormsg),
"unable to open %s: %m\n",
curpolicy);
PyErr_SetString( PyExc_ValueError, errormsg);
return 1;
}
}
fp = fopen(curpolicy, "re");
if (!fp) {
snprintf(errormsg, sizeof(errormsg),
"unable to open %s: %m\n",
curpolicy);
PyErr_SetString( PyExc_ValueError, errormsg);
return 1;
}
avc = calloc(sizeof(struct avc_t), 1);
@ -249,7 +241,7 @@ static int __policy_init(const char *init_path)
sepol_policy_file_set_fp(pf, fp);
if (sepol_policydb_read(avc->policydb, pf)) {
snprintf(errormsg, sizeof(errormsg),
"invalid binary policy %s\n", path);
"invalid binary policy %s\n", curpolicy);
PyErr_SetString( PyExc_ValueError, errormsg);
fclose(fp);
return 1;