libselinux Patch to prevent segfault from un-initialized print statement

libselinux Patch to prevent segfault from un-initialized print statement

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 511 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.24/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c	2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.24/src/matchpathcon.c	2007-07-23 10:21:34.000000000 -0400
@@ -65,7 +65,7 @@
 #ifdef __GNUC__
     __attribute__ ((format(printf, 1, 2)))
 #endif
-    (*myprintf) (const char *fmt,...);
+    (*myprintf) (const char *fmt,...) = &default_printf;
 
 void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
 {

Re: libselinux Patch to prevent segfault from un-initialized print statement

[Eamon Walsh]

Please use the following instead, this is a result of the new
labeling interface having its own logging callback.  I tried to use
the value of the function pointer to decide compatibility mode;
this introduces a separate flag variable.

How did you find this bug?  Was it from running an old setfiles
using a new libselinux?

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
---

 label_internal.h |    3 ++-
 matchpathcon.c   |    9 ++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)


Index: libselinux/src/matchpathcon.c
===================================================================
--- libselinux/src/matchpathcon.c	(revision 2508)
+++ libselinux/src/matchpathcon.c	(working copy)
@@ -65,14 +65,13 @@
 #ifdef __GNUC__
     __attribute__ ((format(printf, 1, 2)))
 #endif
-    (*myprintf) (const char *fmt,...);
+    (*myprintf) (const char *fmt,...) = &default_printf;
+int myprintf_compat = 0;
 
 void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
 {
-	if (f)
-		myprintf = f;
-	else
-		myprintf = &default_printf;
+	myprintf = f ? f : &default_printf;
+	myprintf_compat = 1;
 }
 
 static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
Index: libselinux/src/label_internal.h
===================================================================
--- libselinux/src/label_internal.h	(revision 2508)
+++ libselinux/src/label_internal.h	(working copy)
@@ -58,10 +58,11 @@
 /*
  * Compatibility support
  */
+extern int myprintf_compat;
 extern void __attribute__ ((format(printf, 1, 2)))
 (*myprintf) (const char *fmt,...);
 
-#define COMPAT_LOG(type, fmt...) if (myprintf)		  \
+#define COMPAT_LOG(type, fmt...) if (myprintf_compat)	  \
 		myprintf(fmt);				  \
 	else						  \
 		selinux_log(type, fmt);


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux Patch to prevent segfault from un-initialized print statement

[Daniel J Walsh]

Eamon Walsh wrote:
> Please use the following instead, this is a result of the new
> labeling interface having its own logging callback.  I tried to use
> the value of the function pointer to decide compatibility mode;
> this introduces a separate flag variable.
>
> How did you find this bug?  Was it from running an old setfiles
> using a new libselinux?
>
No I believe the Anaconda team found this by using some chroot 
environments.  Don't remember the exact cause.
As long as it is initialized.
> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
> ---
>
> label_internal.h |    3 ++-
> matchpathcon.c   |    9 ++++-----
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
>
> Index: libselinux/src/matchpathcon.c
> ===================================================================
> --- libselinux/src/matchpathcon.c    (revision 2508)
> +++ libselinux/src/matchpathcon.c    (working copy)
> @@ -65,14 +65,13 @@
> #ifdef __GNUC__
>     __attribute__ ((format(printf, 1, 2)))
> #endif
> -    (*myprintf) (const char *fmt,...);
> +    (*myprintf) (const char *fmt,...) = &default_printf;
> +int myprintf_compat = 0;
>
> void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
> {
> -    if (f)
> -        myprintf = f;
> -    else
> -        myprintf = &default_printf;
> +    myprintf = f ? f : &default_printf;
> +    myprintf_compat = 1;
> }
>
> static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
> Index: libselinux/src/label_internal.h
> ===================================================================
> --- libselinux/src/label_internal.h    (revision 2508)
> +++ libselinux/src/label_internal.h    (working copy)
> @@ -58,10 +58,11 @@
> /*
>  * Compatibility support
>  */
> +extern int myprintf_compat;
> extern void __attribute__ ((format(printf, 1, 2)))
> (*myprintf) (const char *fmt,...);
>
> -#define COMPAT_LOG(type, fmt...) if (myprintf)          \
> +#define COMPAT_LOG(type, fmt...) if (myprintf_compat)      \
>         myprintf(fmt);                  \
>     else                          \
>         selinux_log(type, fmt);
>
>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.