[refpolicy] [PATCH 1/3] fc_sort: fix typos in comments

[refpolicy] [PATCH 1/3] fc_sort: fix typos in comments

[Nicolas Iooss]

---
 support/fc_sort.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/support/fc_sort.c b/support/fc_sort.c
index e03ef3b..29e2ce9 100644
--- a/support/fc_sort.c
+++ b/support/fc_sort.c
@@ -81,7 +81,7 @@ typedef struct file_context_bucket {
  *      -> a is less specific than b.
  *     If a's string length is shorter than b's string length,
  *      -> a is less specific than b.
- *     If a does not have a specified type and b does not,
+ *     If a does not have a specified type and b does,
  *      -> a is less specific than b.
  */
 int fc_compare(file_context_node_t *a, file_context_node_t *b)
@@ -496,7 +496,7 @@ int main(int argc, char *argv[])
 		bcurrent->data = current;
 		current = current->next;
 
-		/* Detatch the node in the bucket from the old list. */
+		/* Detach the node in the bucket from the old list. */
 		bcurrent->data->next = NULL;
 
 		/* If there should be another bucket, put one at the end. */
-- 
1.9.0

[refpolicy] [PATCH 2/3] fc_sort: initialize allocated memory to fix execution on an empty file

[Nicolas Iooss]

When running fc_sort on an empty context file, this program uses uninitialized
pointers when accessing to the elements of a list.  On my system, it goes in a
very long loop (maybe infinite) because uninitialized fields in malloc'ed
structures happen to contain valid pointers in the heap.

This patch fixes this bug by initializing ->next and ->data fields before they
may be read.
---
 support/fc_sort.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/support/fc_sort.c b/support/fc_sort.c
index 29e2ce9..5aed783 100644
--- a/support/fc_sort.c
+++ b/support/fc_sort.c
@@ -346,6 +346,7 @@ int main(int argc, char *argv[])
 
 	/* Initialize the head of the linked list. */
 	head = current = (file_context_node_t*)malloc(sizeof(file_context_node_t));
+	head->next = NULL;
 
 	/* Parse the file into a file_context linked list. */
 	line_buf = NULL;
@@ -489,6 +490,8 @@ int main(int argc, char *argv[])
 	bcurrent = master =
 	    (file_context_bucket_t *)
 	    malloc(sizeof(file_context_bucket_t));
+	bcurrent->next = NULL;
+	bcurrent->data = NULL;
 
 	/* Go until all the nodes have been put in individual buckets. */
 	while (current) {
-- 
1.9.0

[refpolicy] [PATCH 3/3] fc_sort: make outfile argument optional

[Nicolas Iooss]

When working on fc_sort to try to understand why using /usr/s?bin/... file
contexts has been reported not to work properly [1], I found it frustrating not
to be able to do "tmp/fc_sort my_filecontexts.fc" and see the result printed on
the screen.  This patch implements this behavior by making optional the second
argument of fc_sort.

[1] commit 36e2216f8 of contrib repository,
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=36e2216f82192660d063012e69281f27ba20864b
---
 support/fc_sort.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/support/fc_sort.c b/support/fc_sort.c
index 5aed783..6dc59af 100644
--- a/support/fc_sort.c
+++ b/support/fc_sort.c
@@ -328,13 +328,13 @@ int main(int argc, char *argv[])
 
 
 	/* Check for the correct number of command line arguments. */
-	if (argc != 3) {
-		fprintf(stderr, "Usage: %s <infile> <outfile>\n",argv[0]);
+	if (argc < 2 || argc > 3) {
+		fprintf(stderr, "Usage: %s <infile> [<outfile>]\n",argv[0]);
 		return 1;
 	}
 	
 	input_name = argv[1];
-	output_name = argv[2];
+	output_name = (argc >= 3) ? argv[2] : NULL;
 
 	i = j = lines = 0;
 
@@ -526,9 +526,13 @@ int main(int argc, char *argv[])
 	fc_merge_sort(master);
 
 	/* Open the output file. */
-	if (!(out_file = fopen(output_name, "w"))) {
-		printf("Error: failure opening output file for write.\n");
-		return -1;
+	if (output_name) {
+		if (!(out_file = fopen(output_name, "w"))) {
+			printf("Error: failure opening output file for write.\n");
+			return -1;
+		}
+	} else {
+		out_file = stdout;
 	}
 
 	/* Output the sorted file_context linked list to the output file. */
@@ -555,7 +559,9 @@ int main(int argc, char *argv[])
 	}
 	free(master);
 
-	fclose(out_file);
+	if (output_name) {
+		fclose(out_file);
+	}
 
 	return 0;
 }
-- 
1.9.0

[refpolicy] [PATCH 1/3] fc_sort: fix typos in comments

[Christopher J. PeBenito]

On 03/23/2014 05:01 PM, Nicolas Iooss wrote:
> ---
>  support/fc_sort.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/support/fc_sort.c b/support/fc_sort.c
> index e03ef3b..29e2ce9 100644
> --- a/support/fc_sort.c
> +++ b/support/fc_sort.c
> @@ -81,7 +81,7 @@ typedef struct file_context_bucket {
>   *      -> a is less specific than b.
>   *     If a's string length is shorter than b's string length,
>   *      -> a is less specific than b.
> - *     If a does not have a specified type and b does not,
> + *     If a does not have a specified type and b does,
>   *      -> a is less specific than b.
>   */
>  int fc_compare(file_context_node_t *a, file_context_node_t *b)
> @@ -496,7 +496,7 @@ int main(int argc, char *argv[])
>  		bcurrent->data = current;
>  		current = current->next;
>  
> -		/* Detatch the node in the bucket from the old list. */
> +		/* Detach the node in the bucket from the old list. */
>  		bcurrent->data->next = NULL;
>  
>  		/* If there should be another bucket, put one at the end. */
> 

This set is merged.


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com