libselinux: procattr: return einval for <= 0 pid args.

getpidcon documentation does not specify that a pid of 0 refers to the current process, and getcon exists specifically to provide this functionality, and getpidcon(getpid()) would provide it as well. Disallow pid values <= 0 that may lead to unintended behavior in userspace object managers. Signed-off-by: Daniel Cashman <dcashman@android.com>
2024-12-28 00:42:07 +00:00 · 2016-02-23 12:24:00 -08:00 · 2016-02-23 12:24:00 -08:00 · c7cf5d8aa0
commit c7cf5d8aa0
parent ece9a6db47
1 changed files with 12 additions and 2 deletions
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@ -306,11 +306,21 @@ static int setprocattrcon(const char * context,
 #define getpidattr_def(fn, attr) \
 	int get##fn##_raw(pid_t pid, char **c)	\
 	{ \
-		return getprocattrcon_raw(c, pid, #attr); \
+		if (pid <= 0) { \
+			errno = EINVAL; \
+			return -1; \
+		} else { \
+			return getprocattrcon_raw(c, pid, #attr); \
+		} \
 	} \
 	int get##fn(pid_t pid, char **c)	\
 	{ \
-		return getprocattrcon(c, pid, #attr); \
+		if (pid <= 0) { \
+			errno = EINVAL; \
+			return -1; \
+		} else { \
+			return getprocattrcon(c, pid, #attr); \
+		} \
 	}

 all_selfattr_def(con, current)