RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libselinux: Correctly handle an empty file_contexts file. 

If you add some local file contexts via semanage fcontext -a and
later delete them all via semanage fcontext -D, you get an empty
file_contexts.local file.  Then when you try to load it, getline()
returns 0 and we fall through to the out path without having set rc.
In label_file.c, rc will always be non-zero at this point because
we will have failed the load_mmap() call.  In sefcontext_compile,
rc may contain random garbage at this point.  Explicitly set rc
before the loop.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2015-06-22 09:11:33 -04:00
parent ac78c677ab
commit aab9d90b35
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libselinux/src/label_file.c
View File

@ -425,9 +425,10 @@ static int process_file(const char *path, const char *suffix,
goto out;
/*
* The do detailed validation of the input and fill the spec array
* Then do detailed validation of the input and fill the spec array
*/
lineno = 0;
rc = 0;
while (getline(&line_buf, &line_len, fp) > 0) {
rc = process_line(rec, path, prefix, line_buf, ++lineno);
if (rc)

1
libselinux/utils/sefcontext_compile.c
View File

@ -35,6 +35,7 @@ static int process_file(struct selabel_handle *rec, const char *filename)
}
line_num = 0;
rc = 0;
while (getline(&line_buf, &line_len, context_file) > 0) {
rc = process_line(rec, filename, prefix, line_buf, ++line_num);
if (rc)