RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-21 12:06:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: make process_boolean() fail on invalid lines

Browse Source 
When load_booleans() calls process_boolean() to parse a boolean
definition, process_boolean() returns a successful value when it fails
to use strtok_r() (e.g. when there is no "=" in the parsed line). This
leads load_booleans() to use uninitialized name and/or val when setting
the boolean into the policy.

Rework process_boolean() in order to report errors when a boolean
definition is incorrect.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2017-03-28 23:41:47 +02:00 committed by James Carter
parent a83f1cfd7e
commit 76f8c04c19
1 changed files with 35 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
libsepol/src/genbools.c
View File

@ -34,31 +34,42 @@ static int process_boolean(char *buffer, char *name, int namesize, int *val)
{
char name1[BUFSIZ];
char *ptr = NULL;
char *tok = strtok_r(buffer, "=", &ptr);
if (tok) {
strncpy(name1, tok, BUFSIZ - 1);
strtrim(name, name1, namesize - 1);
if (name[0] == '#')
return 0;
tok = strtok_r(NULL, "\0", &ptr);
if (tok) {
while (isspace(*tok))
tok++;
*val = -1;
if (isdigit(tok[0]))
*val = atoi(tok);
else if (!strncasecmp(tok, "true", sizeof("true") - 1))
*val = 1;
else if (!strncasecmp
(tok, "false", sizeof("false") - 1))
*val = 0;
if (*val != 0 && *val != 1) {
ERR(NULL, "illegal value for boolean "
"%s=%s", name, tok);
return -1;
}
char *tok;
}
/* Skip spaces */
while (isspace(buffer[0]))
buffer++;
/* Ignore comments */
if (buffer[0] == '#')
return 0;
tok = strtok_r(buffer, "=", &ptr);
if (!tok) {
ERR(NULL, "illegal boolean definition %s", buffer);
return -1;
}
strncpy(name1, tok, BUFSIZ - 1);
strtrim(name, name1, namesize - 1);
tok = strtok_r(NULL, "\0", &ptr);
if (!tok) {
ERR(NULL, "illegal boolean definition %s=%s", name, buffer);
return -1;
}
while (isspace(*tok))
tok++;
*val = -1;
if (isdigit(tok[0]))
*val = atoi(tok);
else if (!strncasecmp(tok, "true", sizeof("true") - 1))
*val = 1;
else if (!strncasecmp(tok, "false", sizeof("false") - 1))
*val = 0;
if (*val != 0 && *val != 1) {
ERR(NULL, "illegal value for boolean %s=%s", name, tok);
return -1;
}
return 1;
}