From: Stephen Smalley <sds@tycho.nsa.gov>
To: Nicolas Iooss <nicolas.iooss@m4x.org>, selinux@vger.kernel.org
Subject: Re: [PATCH v2 1/2] libselinux: ensure strlen() is not called on NULL
Date: Fri, 20 Sep 2019 10:22:14 -0400 [thread overview]
Message-ID: <8142cbbb-055d-d61e-2f43-8e6b34306e61@tycho.nsa.gov> (raw)
In-Reply-To: <20190920055955.2780-1-nicolas.iooss@m4x.org>
On 9/20/19 1:59 AM, Nicolas Iooss wrote:
> When compile_regex() calls regex_prepare_data() and this function fails
> in the following condition:
>
> *regex = regex_data_create();
> if (!(*regex))
> return -1;
>
> ... error_data has been zero-ed and compile_regex() calls:
>
> regex_format_error(&error_data,
> regex_error_format_buffer,
> sizeof(regex_error_format_buffer));
>
> This leads to a call to strlen(error_data->error_buffer), where
> error_data->error_buffer is NULL.
>
> Avoid this by checking that error_data->error_buffer is not NULL before
> trying to format it.
>
> This issue has been found using clang's static analyzer:
> https://337-118970575-gh.circle-artifacts.com/0/output-scan-build/2019-09-01-181851-6152-1/report-0b122b.html#EndPath
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Personally, I would have just used a single error message for both cases
(and only wrapped the condition itself with #ifdef...#else...#endif),
but I'm ok with this as well.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> libselinux/src/regex.c | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c
> index a6fcbbfec1f3..c835dd1b0e5d 100644
> --- a/libselinux/src/regex.c
> +++ b/libselinux/src/regex.c
> @@ -519,6 +519,29 @@ void regex_format_error(struct regex_error_data const *error_data, char *buffer,
> if (pos >= buf_size)
> goto truncated;
>
> + /* Return early if there is no error to format */
> +#ifdef USE_PCRE2
> + if (!error_data->error_code) {
> + rc = snprintf(buffer + pos, buf_size - pos, "no error code");
> + if (rc < 0)
> + abort();
> + pos += rc;
> + if (pos >= buf_size)
> + goto truncated;
> + return;
> + }
> +#else
> + if (!error_data->error_buffer) {
> + rc = snprintf(buffer + pos, buf_size - pos, "empty error");
> + if (rc < 0)
> + abort();
> + pos += rc;
> + if (pos >= buf_size)
> + goto truncated;
> + return;
> + }
> +#endif
> +
> if (error_data->error_offset > 0) {
> #ifdef USE_PCRE2
> rc = snprintf(buffer + pos, buf_size - pos, "At offset %zu: ",
>
prev parent reply other threads:[~2019-09-20 14:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-20 5:59 [PATCH v2 1/2] libselinux: ensure strlen() is not called on NULL Nicolas Iooss
2019-09-20 5:59 ` [PATCH v2 2/2] libselinux: do not add rc to pos twice Nicolas Iooss
2019-09-20 14:22 ` Stephen Smalley
2019-09-23 13:54 ` Stephen Smalley
2019-09-20 14:22 ` Stephen Smalley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8142cbbb-055d-d61e-2f43-8e6b34306e61@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=nicolas.iooss@m4x.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).