All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] libsemanage: prevent string overflow on final paths
@ 2018-05-08 14:32 Stephen Smalley
  2018-05-08 16:24 ` William Roberts
  0 siblings, 1 reply; 2+ messages in thread
From: Stephen Smalley @ 2018-05-08 14:32 UTC (permalink / raw)
  To: selinux; +Cc: Stephen Smalley

Verify that the final path does not exceed the size of the
buffer before copying.  This can only occur if an alternate
path for the policy root and/or the policy store root has been
specified and if the resulting path would exceed PATH_MAX. A
similar check is already applied by semanage_make_final().

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libsemanage/src/semanage_store.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index bce648c4..f1984c50 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -1597,7 +1597,12 @@ static int semanage_install_final_tmp(semanage_handle_t * sh)
 		/* skip genhomedircon if configured */
 		if (sh->conf->disable_genhomedircon &&
 		    i == SEMANAGE_FC_HOMEDIRS) continue;
-		
+
+		if (strlen(dst) >= sizeof(fn)) {
+			ERR(sh, "Unable to compose the final paths.");
+			status = -1;
+			goto cleanup;
+		}
 		strcpy(fn, dst);
 		ret = semanage_mkpath(sh, dirname(fn));
 		if (ret < 0) {
-- 
2.14.3

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] libsemanage: prevent string overflow on final paths
  2018-05-08 14:32 [PATCH] libsemanage: prevent string overflow on final paths Stephen Smalley
@ 2018-05-08 16:24 ` William Roberts
  0 siblings, 0 replies; 2+ messages in thread
From: William Roberts @ 2018-05-08 16:24 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: selinux

On Tue, May 8, 2018 at 7:32 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> Verify that the final path does not exceed the size of the
> buffer before copying.  This can only occur if an alternate
> path for the policy root and/or the policy store root has been
> specified and if the resulting path would exceed PATH_MAX. A
> similar check is already applied by semanage_make_final().
>
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
>  libsemanage/src/semanage_store.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
> index bce648c4..f1984c50 100644
> --- a/libsemanage/src/semanage_store.c
> +++ b/libsemanage/src/semanage_store.c
> @@ -1597,7 +1597,12 @@ static int semanage_install_final_tmp(semanage_handle_t * sh)
>                 /* skip genhomedircon if configured */
>                 if (sh->conf->disable_genhomedircon &&
>                     i == SEMANAGE_FC_HOMEDIRS) continue;
> -
> +
> +               if (strlen(dst) >= sizeof(fn)) {
> +                       ERR(sh, "Unable to compose the final paths.");
> +                       status = -1;
> +                       goto cleanup;
> +               }
>                 strcpy(fn, dst);
>                 ret = semanage_mkpath(sh, dirname(fn));
>                 if (ret < 0) {
> --
> 2.14.3
>

ack

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-05-08 16:24 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-08 14:32 [PATCH] libsemanage: prevent string overflow on final paths Stephen Smalley
2018-05-08 16:24 ` William Roberts

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.