libselinux: Remove trailing slash on selabel_file lookups.

Having a trailing slash on a file lookup, e.g. "/some/path/", can cause a different result, for example, when file contexts are written to have the directory have a different label than the contents. This is inconsistent with normal Linux behaviors where trailing slashes are ignored. Many callers already strip the trailing slash before the lookup or users revise the file contexts to work around this. This fixes it comprehensively. v2: fix length issues Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
2025-04-07 10:09:31 +00:00 · 2020-08-24 09:44:16 -04:00 · 2020-08-24 09:44:16 -04:00 · 9e4480b921
commit 9e4480b921
parent 21fb5f20da
1 changed files with 22 additions and 0 deletions
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@ -854,6 +854,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
 	struct saved_data *data = (struct saved_data *)rec->data;
 	struct spec *spec_arr = data->spec_arr;
 	int i, rc, file_stem;
+	size_t len;
 	mode_t mode = (mode_t)type;
 	char *clean_key = NULL;
 	const char *prev_slash, *next_slash;
@ -894,6 +895,27 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
 		key = clean_key;
 	}

+	/* remove trailing slash */
+	len = strlen(key);
+	if (len == 0) {
+		errno = EINVAL;
+		goto finish;
+	}
+
+	if (key[len - 1] == '/') {
+		/* reuse clean_key from above if available */
+		if (!clean_key) {
+			clean_key = (char *) malloc(len);
+			if (!clean_key)
+				goto finish;
+
+			strncpy(clean_key, key, len - 1);
+		}
+
+		clean_key[len - 1] = '\0';
+		key = clean_key;
+	}
+
 	sub = selabel_sub_key(data, key);
 	if (sub)
 		key = sub;