[PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Kohei KaiGai]

This patch allows to accept percent-encoded object name as the forth
argument of /selinux/create interface to avoid possible bugs when we
supply an object name that includes whitespace or multibytes.

Although I could not test this patch on named TYPE_TRANSITION rules,
but printk() messages for debugging seems to me the logic works correctly.
I assume the libselinux provide the logic to encode object name, so it shall
be applied transparently for the viewpoint of application.

Signed-off-by: KaiGai Kohei <kohei.kaigai@eu.nec.com>
---
 security/selinux/selinuxfs.c |   38 +++++++++++++++++++++++++++++++++++++-
 1 files changed, 37 insertions(+), 1 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 973f5a4..4fde279 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -28,6 +28,7 @@
 #include <linux/percpu.h>
 #include <linux/audit.h>
 #include <linux/uaccess.h>
+#include <linux/ctype.h>

 /* selinuxfs pseudo filesystem for exporting the security policy API.
    Based on the proc code and the fs/nfsd/nfsctl.c code. */
@@ -750,6 +751,15 @@ out:
 	return length;
 }

+static inline int hexcode_to_int(int code)
+{
+	if (code == '\0' || !isxdigit(code))
+		return -1;
+	if (isdigit(code))
+		return code - '0';
+	return tolower(code) - 'a' + 10;
+}
+
 static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
 {
 	char *scon = NULL, *tcon = NULL;
@@ -784,8 +794,34 @@ static ssize_t sel_write_create(struct file
*file, char *buf, size_t size)
 	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
 	if (nargs < 3 || nargs > 4)
 		goto out;
-	if (nargs == 4)
+	if (nargs == 4) {
+		/*
+		 * If and when the name of new object to be queried contains
+		 * either whitespace or multibyte characters, they shall be
+		 * encoded based on the percentage-encoding rule.
+		 * If not encoded, the sscanf logic picks up only left-half
+		 * of the supplied name; splitted by a whitespace unexpectedly.
+		 */
+		char   *r, *w;
+		int	c1, c2;
+
+		r = w = namebuf;
+		do {
+			c1 = *r++;
+			if (c1 == '+')
+				c1 = ' ';
+			else if (c1 == '%') {
+				if ((c1 = hexcode_to_int(*r++)) < 0)
+					goto out;
+				if ((c2 = hexcode_to_int(*r++)) < 0)
+					goto out;
+				c1 = (c1 << 4) | c2;
+			}
+			*w++ = c1;
+		} while (c1 != '\0');
+
 		objname = namebuf;
+	}

 	length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
 	if (length)
-- 
1.7.4.1

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Joshua Brindle]

Kohei KaiGai wrote:
> This patch allows to accept percent-encoded object name as the forth
> argument of /selinux/create interface to avoid possible bugs when we
> supply an object name that includes whitespace or multibytes.

Why not use standard bash escaping instead of html entities?

>
> Although I could not test this patch on named TYPE_TRANSITION rules,
> but printk() messages for debugging seems to me the logic works correctly.
> I assume the libselinux provide the logic to encode object name, so it shall
> be applied transparently for the viewpoint of application.
>
> Signed-off-by: KaiGai Kohei<kohei.kaigai@eu.nec.com>
> ---
>   security/selinux/selinuxfs.c |   38 +++++++++++++++++++++++++++++++++++++-
>   1 files changed, 37 insertions(+), 1 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 973f5a4..4fde279 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -28,6 +28,7 @@
>   #include<linux/percpu.h>
>   #include<linux/audit.h>
>   #include<linux/uaccess.h>
> +#include<linux/ctype.h>
>
>   /* selinuxfs pseudo filesystem for exporting the security policy API.
>      Based on the proc code and the fs/nfsd/nfsctl.c code. */
> @@ -750,6 +751,15 @@ out:
>   	return length;
>   }
>
> +static inline int hexcode_to_int(int code)
> +{
> +	if (code == '\0' || !isxdigit(code))
> +		return -1;
> +	if (isdigit(code))
> +		return code - '0';
> +	return tolower(code) - 'a' + 10;
> +}
> +
>   static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
>   {
>   	char *scon = NULL, *tcon = NULL;
> @@ -784,8 +794,34 @@ static ssize_t sel_write_create(struct file
> *file, char *buf, size_t size)
>   	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon,&tclass, namebuf);
>   	if (nargs<  3 || nargs>  4)
>   		goto out;
> -	if (nargs == 4)
> +	if (nargs == 4) {
> +		/*
> +		 * If and when the name of new object to be queried contains
> +		 * either whitespace or multibyte characters, they shall be
> +		 * encoded based on the percentage-encoding rule.
> +		 * If not encoded, the sscanf logic picks up only left-half
> +		 * of the supplied name; splitted by a whitespace unexpectedly.
> +		 */
> +		char   *r, *w;
> +		int	c1, c2;
> +
> +		r = w = namebuf;
> +		do {
> +			c1 = *r++;
> +			if (c1 == '+')
> +				c1 = ' ';
> +			else if (c1 == '%') {
> +				if ((c1 = hexcode_to_int(*r++))<  0)
> +					goto out;
> +				if ((c2 = hexcode_to_int(*r++))<  0)
> +					goto out;
> +				c1 = (c1<<  4) | c2;
> +			}
> +			*w++ = c1;
> +		} while (c1 != '\0');
> +
>   		objname = namebuf;
> +	}
>
>   	length = security_context_to_sid(scon, strlen(scon) + 1,&ssid);
>   	if (length)

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Kohei KaiGai]

2011/4/16 Joshua Brindle <method@manicmethod.com>:
> Kohei KaiGai wrote:
>>
>> This patch allows to accept percent-encoded object name as the forth
>> argument of /selinux/create interface to avoid possible bugs when we
>> supply an object name that includes whitespace or multibytes.
>
> Why not use standard bash escaping instead of html entities?
>
Does bash has a way to escape multibyte characters safety?

Here are various number of multibyte encoding systems rather than unicode.
For example, Japanese has three major encoding; EUC, JIS and Shift-JIS.
If we try to use the code 0x5c ('\') as escape sequence, we may have
possible trouble on the Shift-JIS environment, because it contains several
characters that use 0x5c as second character.

The bad news is Shift-JIS was the default encoding system delivered from
MS-DOS, so it is still popular on Linux systems migrated from legacy ones. :-(

Of course, we have many language support, I don't know what side effects
may happen on a particular environment.

So, it seems to me the assumption of percentage-encoding is enough
conservative to deliver an object name from userspace to kernel.

Thanks,

>> Although I could not test this patch on named TYPE_TRANSITION rules,
>> but printk() messages for debugging seems to me the logic works correctly.
>> I assume the libselinux provide the logic to encode object name, so it
>> shall
>> be applied transparently for the viewpoint of application.
>>
>> Signed-off-by: KaiGai Kohei<kohei.kaigai@eu.nec.com>
>> ---
>>  security/selinux/selinuxfs.c |   38
>> +++++++++++++++++++++++++++++++++++++-
>>  1 files changed, 37 insertions(+), 1 deletions(-)
>>
>> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
>> index 973f5a4..4fde279 100644
>> --- a/security/selinux/selinuxfs.c
>> +++ b/security/selinux/selinuxfs.c
>> @@ -28,6 +28,7 @@
>>  #include<linux/percpu.h>
>>  #include<linux/audit.h>
>>  #include<linux/uaccess.h>
>> +#include<linux/ctype.h>
>>
>>  /* selinuxfs pseudo filesystem for exporting the security policy API.
>>     Based on the proc code and the fs/nfsd/nfsctl.c code. */
>> @@ -750,6 +751,15 @@ out:
>>        return length;
>>  }
>>
>> +static inline int hexcode_to_int(int code)
>> +{
>> +       if (code == '\0' || !isxdigit(code))
>> +               return -1;
>> +       if (isdigit(code))
>> +               return code - '0';
>> +       return tolower(code) - 'a' + 10;
>> +}
>> +
>>  static ssize_t sel_write_create(struct file *file, char *buf, size_t
>> size)
>>  {
>>        char *scon = NULL, *tcon = NULL;
>> @@ -784,8 +794,34 @@ static ssize_t sel_write_create(struct file
>> *file, char *buf, size_t size)
>>        nargs = sscanf(buf, "%s %s %hu %s", scon, tcon,&tclass, namebuf);
>>        if (nargs<  3 || nargs>  4)
>>                goto out;
>> -       if (nargs == 4)
>> +       if (nargs == 4) {
>> +               /*
>> +                * If and when the name of new object to be queried
>> contains
>> +                * either whitespace or multibyte characters, they shall
>> be
>> +                * encoded based on the percentage-encoding rule.
>> +                * If not encoded, the sscanf logic picks up only
>> left-half
>> +                * of the supplied name; splitted by a whitespace
>> unexpectedly.
>> +                */
>> +               char   *r, *w;
>> +               int     c1, c2;
>> +
>> +               r = w = namebuf;
>> +               do {
>> +                       c1 = *r++;
>> +                       if (c1 == '+')
>> +                               c1 = ' ';
>> +                       else if (c1 == '%') {
>> +                               if ((c1 = hexcode_to_int(*r++))<  0)
>> +                                       goto out;
>> +                               if ((c2 = hexcode_to_int(*r++))<  0)
>> +                                       goto out;
>> +                               c1 = (c1<<  4) | c2;
>> +                       }
>> +                       *w++ = c1;
>> +               } while (c1 != '\0');
>> +
>>                objname = namebuf;
>> +       }
>>
>>        length = security_context_to_sid(scon, strlen(scon) + 1,&ssid);
>>        if (length)
>



-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Joshua Brindle]

Kohei KaiGai wrote:
> 2011/4/16 Joshua Brindle<method@manicmethod.com>:
>> Kohei KaiGai wrote:
>>> This patch allows to accept percent-encoded object name as the forth
>>> argument of /selinux/create interface to avoid possible bugs when we
>>> supply an object name that includes whitespace or multibytes.
>> Why not use standard bash escaping instead of html entities?
>>
> Does bash has a way to escape multibyte characters safety?
>
> Here are various number of multibyte encoding systems rather than unicode.
> For example, Japanese has three major encoding; EUC, JIS and Shift-JIS.
> If we try to use the code 0x5c ('\') as escape sequence, we may have
> possible trouble on the Shift-JIS environment, because it contains several
> characters that use 0x5c as second character.
>
> The bad news is Shift-JIS was the default encoding system delivered from
> MS-DOS, so it is still popular on Linux systems migrated from legacy ones. :-(
>
> Of course, we have many language support, I don't know what side effects
> may happen on a particular environment.
>
> So, it seems to me the assumption of percentage-encoding is enough
> conservative to deliver an object name from userspace to kernel.
>

Actually, this all seems moot since the current userspace labeling 
doesn't handle multibyte encoding.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Kohei KaiGai]

2011/4/17 Joshua Brindle <method@manicmethod.com>:
> Kohei KaiGai wrote:
>>
>> 2011/4/16 Joshua Brindle<method@manicmethod.com>:
>>>
>>> Kohei KaiGai wrote:
>>>>
>>>> This patch allows to accept percent-encoded object name as the forth
>>>> argument of /selinux/create interface to avoid possible bugs when we
>>>> supply an object name that includes whitespace or multibytes.
>>>
>>> Why not use standard bash escaping instead of html entities?
>>>
>> Does bash has a way to escape multibyte characters safety?
>>
>> Here are various number of multibyte encoding systems rather than unicode.
>> For example, Japanese has three major encoding; EUC, JIS and Shift-JIS.
>> If we try to use the code 0x5c ('\') as escape sequence, we may have
>> possible trouble on the Shift-JIS environment, because it contains several
>> characters that use 0x5c as second character.
>>
>> The bad news is Shift-JIS was the default encoding system delivered from
>> MS-DOS, so it is still popular on Linux systems migrated from legacy ones.
>> :-(
>>
>> Of course, we have many language support, I don't know what side effects
>> may happen on a particular environment.
>>
>> So, it seems to me the assumption of percentage-encoding is enough
>> conservative to deliver an object name from userspace to kernel.
>>
>
> Actually, this all seems moot since the current userspace labeling doesn't
> handle multibyte encoding.
>
Any security context has to be validated by SELinux, so all we need to consider
is in the area of ascii code set. However, userspace can arbitrarily
define the name
of object being controlled. In fact, PostgreSQL support a table-name including
whitespace or multibyte character.
So, we need to have a way to deliver the object name into kernel space in safe.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Eric Paris]

On Sat, 2011-04-16 at 16:09 +0200, Kohei KaiGai wrote:
> This patch allows to accept percent-encoded object name as the forth
> argument of /selinux/create interface to avoid possible bugs when we
> supply an object name that includes whitespace or multibytes.
> 
> Although I could not test this patch on named TYPE_TRANSITION rules,
> but printk() messages for debugging seems to me the logic works correctly.
> I assume the libselinux provide the logic to encode object name, so it shall
> be applied transparently for the viewpoint of application.


"You assume" libselinux provides this.  Does it?  Or are you going to
send a patch to support it?  I honestly don't know....

Thanks!
-Eric

> 
> Signed-off-by: KaiGai Kohei <kohei.kaigai@eu.nec.com>
> ---
>  security/selinux/selinuxfs.c |   38 +++++++++++++++++++++++++++++++++++++-
>  1 files changed, 37 insertions(+), 1 deletions(-)
> 
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 973f5a4..4fde279 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -28,6 +28,7 @@
>  #include <linux/percpu.h>
>  #include <linux/audit.h>
>  #include <linux/uaccess.h>
> +#include <linux/ctype.h>
> 
>  /* selinuxfs pseudo filesystem for exporting the security policy API.
>     Based on the proc code and the fs/nfsd/nfsctl.c code. */
> @@ -750,6 +751,15 @@ out:
>  	return length;
>  }
> 
> +static inline int hexcode_to_int(int code)
> +{
> +	if (code == '\0' || !isxdigit(code))
> +		return -1;
> +	if (isdigit(code))
> +		return code - '0';
> +	return tolower(code) - 'a' + 10;
> +}
> +
>  static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
>  {
>  	char *scon = NULL, *tcon = NULL;
> @@ -784,8 +794,34 @@ static ssize_t sel_write_create(struct file
> *file, char *buf, size_t size)
>  	nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
>  	if (nargs < 3 || nargs > 4)
>  		goto out;
> -	if (nargs == 4)
> +	if (nargs == 4) {
> +		/*
> +		 * If and when the name of new object to be queried contains
> +		 * either whitespace or multibyte characters, they shall be
> +		 * encoded based on the percentage-encoding rule.
> +		 * If not encoded, the sscanf logic picks up only left-half
> +		 * of the supplied name; splitted by a whitespace unexpectedly.
> +		 */
> +		char   *r, *w;
> +		int	c1, c2;
> +
> +		r = w = namebuf;
> +		do {
> +			c1 = *r++;
> +			if (c1 == '+')
> +				c1 = ' ';
> +			else if (c1 == '%') {
> +				if ((c1 = hexcode_to_int(*r++)) < 0)
> +					goto out;
> +				if ((c2 = hexcode_to_int(*r++)) < 0)
> +					goto out;
> +				c1 = (c1 << 4) | c2;
> +			}
> +			*w++ = c1;
> +		} while (c1 != '\0');
> +
>  		objname = namebuf;
> +	}
> 
>  	length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
>  	if (length)



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Kohei KaiGai]

2011/4/20 Eric Paris <eparis@redhat.com>:
> On Sat, 2011-04-16 at 16:09 +0200, Kohei KaiGai wrote:
>> This patch allows to accept percent-encoded object name as the forth
>> argument of /selinux/create interface to avoid possible bugs when we
>> supply an object name that includes whitespace or multibytes.
>>
>> Although I could not test this patch on named TYPE_TRANSITION rules,
>> but printk() messages for debugging seems to me the logic works correctly.
>> I assume the libselinux provide the logic to encode object name, so it shall
>> be applied transparently for the viewpoint of application.
>
>
> "You assume" libselinux provides this.  Does it?  Or are you going to
> send a patch to support it?  I honestly don't know....
>
Yes. I'll update my libselinux patch to support this feature.

> Thanks!
> -Eric
>
>>
>> Signed-off-by: KaiGai Kohei <kohei.kaigai@eu.nec.com>
>> ---
>>  security/selinux/selinuxfs.c |   38 +++++++++++++++++++++++++++++++++++++-
>>  1 files changed, 37 insertions(+), 1 deletions(-)
>>
>> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
>> index 973f5a4..4fde279 100644
>> --- a/security/selinux/selinuxfs.c
>> +++ b/security/selinux/selinuxfs.c
>> @@ -28,6 +28,7 @@
>>  #include <linux/percpu.h>
>>  #include <linux/audit.h>
>>  #include <linux/uaccess.h>
>> +#include <linux/ctype.h>
>>
>>  /* selinuxfs pseudo filesystem for exporting the security policy API.
>>     Based on the proc code and the fs/nfsd/nfsctl.c code. */
>> @@ -750,6 +751,15 @@ out:
>>       return length;
>>  }
>>
>> +static inline int hexcode_to_int(int code)
>> +{
>> +     if (code == '\0' || !isxdigit(code))
>> +             return -1;
>> +     if (isdigit(code))
>> +             return code - '0';
>> +     return tolower(code) - 'a' + 10;
>> +}
>> +
>>  static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
>>  {
>>       char *scon = NULL, *tcon = NULL;
>> @@ -784,8 +794,34 @@ static ssize_t sel_write_create(struct file
>> *file, char *buf, size_t size)
>>       nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
>>       if (nargs < 3 || nargs > 4)
>>               goto out;
>> -     if (nargs == 4)
>> +     if (nargs == 4) {
>> +             /*
>> +              * If and when the name of new object to be queried contains
>> +              * either whitespace or multibyte characters, they shall be
>> +              * encoded based on the percentage-encoding rule.
>> +              * If not encoded, the sscanf logic picks up only left-half
>> +              * of the supplied name; splitted by a whitespace unexpectedly.
>> +              */
>> +             char   *r, *w;
>> +             int     c1, c2;
>> +
>> +             r = w = namebuf;
>> +             do {
>> +                     c1 = *r++;
>> +                     if (c1 == '+')
>> +                             c1 = ' ';
>> +                     else if (c1 == '%') {
>> +                             if ((c1 = hexcode_to_int(*r++)) < 0)
>> +                                     goto out;
>> +                             if ((c2 = hexcode_to_int(*r++)) < 0)
>> +                                     goto out;
>> +                             c1 = (c1 << 4) | c2;
>> +                     }
>> +                     *w++ = c1;
>> +             } while (c1 != '\0');
>> +
>>               objname = namebuf;
>> +     }
>>
>>       length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
>>       if (length)
>
>
>



-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] selinux: revise /selinux/create to handle whitespace/multibytes correctly

[Kohei KaiGai]

What is the status of these patches (kernel and libselinux)?

It seems to me there is no arguments to use percentage encoding to handle
object names including white-spaces or multibyte characters.

Thanks,

2011/4/16 Kohei KaiGai <kaigai@kaigai.gr.jp>:
> This patch allows to accept percent-encoded object name as the forth
> argument of /selinux/create interface to avoid possible bugs when we
> supply an object name that includes whitespace or multibytes.
>
> Although I could not test this patch on named TYPE_TRANSITION rules,
> but printk() messages for debugging seems to me the logic works correctly.
> I assume the libselinux provide the logic to encode object name, so it shall
> be applied transparently for the viewpoint of application.
>
> Signed-off-by: KaiGai Kohei <kohei.kaigai@eu.nec.com>
> ---
>  security/selinux/selinuxfs.c |   38 +++++++++++++++++++++++++++++++++++++-
>  1 files changed, 37 insertions(+), 1 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 973f5a4..4fde279 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -28,6 +28,7 @@
>  #include <linux/percpu.h>
>  #include <linux/audit.h>
>  #include <linux/uaccess.h>
> +#include <linux/ctype.h>
>
>  /* selinuxfs pseudo filesystem for exporting the security policy API.
>    Based on the proc code and the fs/nfsd/nfsctl.c code. */
> @@ -750,6 +751,15 @@ out:
>        return length;
>  }
>
> +static inline int hexcode_to_int(int code)
> +{
> +       if (code == '\0' || !isxdigit(code))
> +               return -1;
> +       if (isdigit(code))
> +               return code - '0';
> +       return tolower(code) - 'a' + 10;
> +}
> +
>  static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
>  {
>        char *scon = NULL, *tcon = NULL;
> @@ -784,8 +794,34 @@ static ssize_t sel_write_create(struct file
> *file, char *buf, size_t size)
>        nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf);
>        if (nargs < 3 || nargs > 4)
>                goto out;
> -       if (nargs == 4)
> +       if (nargs == 4) {
> +               /*
> +                * If and when the name of new object to be queried contains
> +                * either whitespace or multibyte characters, they shall be
> +                * encoded based on the percentage-encoding rule.
> +                * If not encoded, the sscanf logic picks up only left-half
> +                * of the supplied name; splitted by a whitespace unexpectedly.
> +                */
> +               char   *r, *w;
> +               int     c1, c2;
> +
> +               r = w = namebuf;
> +               do {
> +                       c1 = *r++;
> +                       if (c1 == '+')
> +                               c1 = ' ';
> +                       else if (c1 == '%') {
> +                               if ((c1 = hexcode_to_int(*r++)) < 0)
> +                                       goto out;
> +                               if ((c2 = hexcode_to_int(*r++)) < 0)
> +                                       goto out;
> +                               c1 = (c1 << 4) | c2;
> +                       }
> +                       *w++ = c1;
> +               } while (c1 != '\0');
> +
>                objname = namebuf;
> +       }
>
>        length = security_context_to_sid(scon, strlen(scon) + 1, &ssid);
>        if (length)
> --
> 1.7.4.1
>

-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.