RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-04-01 23:08:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

libselinux: Fix potential undefined shifts

Browse Source 
An expression of the form "1 << x" is undefined if x == 31 because
the "1" is an int and cannot be left shifted by 31.

Instead, use "UINT32_C(1) << x" which will be an unsigned int of
at least 32 bits.

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2021-10-08 15:07:36 -04:00
parent ce815bd11b
commit c3ad59cc97
2 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
libselinux/src/mapping.c
View File

@ -144,9 +144,9 @@ unmap_perm(security_class_t tclass, access_vector_t tperm)
access_vector_t kperm = 0; access_vector_t kperm = 0;
for (i = 0; i < current_mapping[tclass].num_perms; i++) for (i = 0; i < current_mapping[tclass].num_perms; i++)
if (tperm & (1<<i)) { if (tperm & (UINT32_C(1)<<i)) {
kperm |= current_mapping[tclass].perms[i]; kperm |= current_mapping[tclass].perms[i];
tperm &= ~(1<<i); tperm &= ~(UINT32_C(1)<<i);
} }
return kperm; return kperm;
} }
@ -191,7 +191,7 @@ map_perm(security_class_t tclass, access_vector_t kperm)
for (i = 0; i < current_mapping[tclass].num_perms; i++) for (i = 0; i < current_mapping[tclass].num_perms; i++)
if (kperm & current_mapping[tclass].perms[i]) { if (kperm & current_mapping[tclass].perms[i]) {
tperm |= 1<<i; tperm |= UINT32_C(1)<<i;
kperm &= ~current_mapping[tclass].perms[i]; kperm &= ~current_mapping[tclass].perms[i];
} }
@ -216,30 +216,30 @@ map_decision(security_class_t tclass, struct av_decision *avd)
for (i = 0, result = 0; i < n; i++) { for (i = 0, result = 0; i < n; i++) {
if (avd->allowed & mapping->perms[i]) if (avd->allowed & mapping->perms[i])
result |= 1<<i; result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i]) else if (allow_unknown && !mapping->perms[i])
result |= 1<<i; result |= UINT32_C(1)<<i;
} }
avd->allowed = result; avd->allowed = result;
for (i = 0, result = 0; i < n; i++) { for (i = 0, result = 0; i < n; i++) {
if (avd->decided & mapping->perms[i]) if (avd->decided & mapping->perms[i])
result |= 1<<i; result |= UINT32_C(1)<<i;
else if (allow_unknown && !mapping->perms[i]) else if (allow_unknown && !mapping->perms[i])
result |= 1<<i; result |= UINT32_C(1)<<i;
} }
avd->decided = result; avd->decided = result;
for (i = 0, result = 0; i < n; i++) for (i = 0, result = 0; i < n; i++)
if (avd->auditallow & mapping->perms[i]) if (avd->auditallow & mapping->perms[i])
result |= 1<<i; result |= UINT32_C(1)<<i;
avd->auditallow = result; avd->auditallow = result;
for (i = 0, result = 0; i < n; i++) { for (i = 0, result = 0; i < n; i++) {
if (avd->auditdeny & mapping->perms[i]) if (avd->auditdeny & mapping->perms[i])
result |= 1<<i; result |= UINT32_C(1)<<i;
else if (!allow_unknown && !mapping->perms[i]) else if (!allow_unknown && !mapping->perms[i])
result |= 1<<i; result |= UINT32_C(1)<<i;
} }
/* /*
@ -248,7 +248,7 @@ map_decision(security_class_t tclass, struct av_decision *avd)
* a bug in the object manager. * a bug in the object manager.
*/ */
for (; i < (sizeof(result)*8); i++) for (; i < (sizeof(result)*8); i++)
result |= 1<<i; result |= UINT32_C(1)<<i;
avd->auditdeny = result; avd->auditdeny = result;
} }
} }

8
libselinux/src/stringrep.c
View File

@ -229,7 +229,7 @@ access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
size_t i; size_t i;
for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++) for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)
if (strcmp(node->perms[i],s) == 0) if (strcmp(node->perms[i],s) == 0)
return map_perm(tclass, 1<<i); return map_perm(tclass, UINT32_C(1)<<i);
} }
errno = EINVAL; errno = EINVAL;
@ -261,7 +261,7 @@ const char *security_av_perm_to_string(security_class_t tclass,
node = get_class_cache_entry_value(tclass); node = get_class_cache_entry_value(tclass);
if (av && node) if (av && node)
for (i = 0; i<MAXVECTORS; i++) for (i = 0; i<MAXVECTORS; i++)
if ((1<<i) & av) if ((UINT32_C(1)<<i) & av)
return node->perms[i]; return node->perms[i];
return NULL; return NULL;
@ -279,7 +279,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
/* first pass computes the required length */ /* first pass computes the required length */
for (i = 0; tmp; tmp >>= 1, i++) { for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) { if (tmp & 1) {
str = security_av_perm_to_string(tclass, av & (1<<i)); str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
if (str) if (str)
len += strlen(str) + 1; len += strlen(str) + 1;
} }
@ -303,7 +303,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
ptr += sprintf(ptr, "{ "); ptr += sprintf(ptr, "{ ");
for (i = 0; tmp; tmp >>= 1, i++) { for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) { if (tmp & 1) {
str = security_av_perm_to_string(tclass, av & (1<<i)); str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
if (str) if (str)
ptr += sprintf(ptr, "%s ", str); ptr += sprintf(ptr, "%s ", str);
} }