packages/policycoreutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport patch from upstream to avoid unsigned integer underflow

Browse Source 
(cherry picked from commit 3dbd4020f5877c142c64bc5b23152eb8040f392f)
This commit is contained in:
yixiangzhike 2024-03-20 13:43:35 +08:00 committed by openeuler-sync-bot
parent fa7d10b42d
commit 1b1e9bd383
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
backport-setfiles-avoid-unsigned-integer-underflow.patch Normal file
View File

@ -0,0 +1,53 @@
From fc2e9318d0a1b2ec331f6af25e70358f130d003b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 19 Dec 2023 17:09:33 +0100
Subject: [PATCH] setfiles: avoid unsigned integer underflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
While well-defined unsigned integer underflow might signal a logic
mistake or processing of unchecked user input. Please Clang's undefined
behavior sanitizer:
restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot
be represented in type 'unsigned long'
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
policycoreutils/setfiles/restore.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 9d688c6..612cc21 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -75,8 +75,8 @@ void restore_finish(void)
int process_glob(char *name, struct restore_opts *opts)
{
glob_t globbuf;
- size_t i = 0;
- int len, rc, errors;
+ size_t i, len;
+ int rc, errors;
memset(&globbuf, 0, sizeof(globbuf));
@@ -86,10 +86,10 @@ int process_glob(char *name, struct restore_opts *opts)
return errors;
for (i = 0; i < globbuf.gl_pathc; i++) {
- len = strlen(globbuf.gl_pathv[i]) - 2;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
+ len = strlen(globbuf.gl_pathv[i]);
+ if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0)
continue;
- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+ if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0)
continue;
rc = selinux_restorecon(globbuf.gl_pathv[i],
opts->restorecon_flags);
--
2.33.0

6
policycoreutils.spec
View File

@ -3,7 +3,7 @@
Name: policycoreutils Name: policycoreutils
Version: 3.3 Version: 3.3
Release: 10 Release: 11
Summary: Policy core utilities of selinux Summary: Policy core utilities of selinux
License: GPLv2 License: GPLv2
URL: https://github.com/SELinuxProject URL: https://github.com/SELinuxProject
@ -37,6 +37,7 @@ Patch6016: restorecond-remove-dependency-of-glib2.patch
Patch6017: backport-newrole-silence-compiler-warnings.patch Patch6017: backport-newrole-silence-compiler-warnings.patch
Patch6018: backport-newrole-use-DJB2a-string-hash-function.patch Patch6018: backport-newrole-use-DJB2a-string-hash-function.patch
Patch6019: backport-python-Harden-more-tools-against-rogue-modules.patch Patch6019: backport-python-Harden-more-tools-against-rogue-modules.patch
Patch6020: backport-setfiles-avoid-unsigned-integer-underflow.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3 libcap-devel audit-libs-devel gettext BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3 libcap-devel audit-libs-devel gettext
@ -277,6 +278,9 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
%{_mandir}/* %{_mandir}/*
%changelog %changelog
* Wed Mar 20 2024 yixiangzhike <yixiangzhike007@163.com> -3.3-11
- backport patch from upstream to avoid unsigned integer underflow
* Wed Jan 31 2024 zhangruifang <zhangruifang1@h-partners.com> -3.3-10 * Wed Jan 31 2024 zhangruifang <zhangruifang1@h-partners.com> -3.3-10
- backport patches from upstream - backport patches from upstream