From: "Christian Göttsche" <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 02/12] libsepol: use string literals as format strings
Date: Fri, 12 Nov 2021 16:41:51 +0100 [thread overview]
Message-ID: <20211112154201.78217-2-cgzones@googlemail.com> (raw)
In-Reply-To: <20211112154201.78217-1-cgzones@googlemail.com>
Use string literals as format strings so that compilers can validate the
count and types of the inherent arguments.
kernel_to_cil.c: In function ‘class_constraint_rules_to_strs’:
kernel_to_cil.c:301:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
301 | rc = strs_create_and_add(strs, format_str, 3, classkey, perms+1, expr);
| ^~
kernel_to_cil.c: In function ‘class_validatetrans_rules_to_strs’:
kernel_to_cil.c:341:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
341 | rc = strs_create_and_add(strs, format_str, 2, classkey, expr);
| ^~
kernel_to_cil.c: In function ‘cats_ebitmap_to_str’:
kernel_to_cil.c:1068:40: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1068 | val_to_name[start], val_to_name[i]);
| ^~~~~~~~~~~
kernel_to_conf.c: In function ‘class_constraint_rules_to_strs’:
kernel_to_conf.c:301:42: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
301 | flavor, classkey, perms+1, expr);
| ^~~~~~
kernel_to_conf.c: In function ‘cats_ebitmap_to_str’:
kernel_to_conf.c:1059:40: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1059 | val_to_name[start], sep, val_to_name[i]);
| ^~~~~~~~~~~
kernel_to_conf.c:1062:25: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1062 | len = snprintf(p, remaining, fmt, val_to_name[start]);
| ^~~
module_to_cil.c: In function ‘cond_expr_to_cil’:
module_to_cil.c:1340:25: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1340 | rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
| ^~~~
module_to_cil.c: In function ‘constraint_expr_to_string’:
module_to_cil.c:1881:25: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1881 | rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
| ^~~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/kernel_to_cil.c | 29 +++++++++++++++++------------
libsepol/src/kernel_to_conf.c | 23 +++++++++++++----------
libsepol/src/module_to_cil.c | 22 ++++++++--------------
3 files changed, 38 insertions(+), 36 deletions(-)
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 305567a5..b81cdb22 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -278,7 +278,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
char *expr = NULL;
int is_mls;
char *perms;
- const char *format_str;
+ const char *key_word;
struct strs *strs;
for (curr = constraint_rules; curr != NULL; curr = curr->next) {
@@ -291,14 +291,14 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
perms = sepol_av_to_string(pdb, class->s.value, curr->permissions);
if (is_mls) {
- format_str = "(mlsconstrain (%s (%s)) %s)";
+ key_word = "mlsconstrain";
strs = mls_list;
} else {
- format_str = "(constrain (%s (%s)) %s)";
+ key_word = "constrain";
strs = non_mls_list;
}
- rc = strs_create_and_add(strs, format_str, 3, classkey, perms+1, expr);
+ rc = strs_create_and_add(strs, "(%s (%s (%s)) %s)", 4, key_word, classkey, perms+1, expr);
free(expr);
if (rc != 0) {
goto exit;
@@ -319,7 +319,7 @@ static int class_validatetrans_rules_to_strs(struct policydb *pdb, char *classke
struct constraint_node *curr;
char *expr = NULL;
int is_mls;
- const char *format_str;
+ const char *key_word;
struct strs *strs;
int rc = 0;
@@ -331,14 +331,14 @@ static int class_validatetrans_rules_to_strs(struct policydb *pdb, char *classke
}
if (is_mls) {
- format_str = "(mlsvalidatetrans %s %s)";
+ key_word = "mlsvalidatetrans";
strs = mls_list;
} else {
- format_str = "(validatetrans %s %s)";
+ key_word = "validatetrans";
strs = non_mls_list;
}
- rc = strs_create_and_add(strs, format_str, 2, classkey, expr);
+ rc = strs_create_and_add(strs, "(%s %s %s)", 3, key_word, classkey, expr);
free(expr);
if (rc != 0) {
goto exit;
@@ -1035,7 +1035,6 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
struct ebitmap_node *node;
uint32_t i, start, range;
char *catsbuf = NULL, *p;
- const char *fmt;
int len, remaining;
remaining = (int)cats_ebitmap_len(cats, val_to_name);
@@ -1063,9 +1062,15 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
continue;
if (range > 1) {
- fmt = (range == 2) ? "%s %s " : "(range %s %s) ";
- len = snprintf(p, remaining, fmt,
- val_to_name[start], val_to_name[i]);
+ if (range == 2) {
+ len = snprintf(p, remaining, "%s %s ",
+ val_to_name[start],
+ val_to_name[i]);
+ } else {
+ len = snprintf(p, remaining, "(range %s %s) ",
+ val_to_name[start],
+ val_to_name[i]);
+ }
} else {
len = snprintf(p, remaining, "%s ", val_to_name[start]);
}
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index eb72e4ac..460209c8 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -271,7 +271,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
{
struct constraint_node *curr;
struct strs *strs;
- const char *format_str, *flavor;
+ const char *flavor, *perm_prefix, *perm_suffix;
char *perms, *expr;
int is_mls;
int rc = 0;
@@ -285,9 +285,11 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
perms = sepol_av_to_string(pdb, class->s.value, curr->permissions);
if (strchr(perms, ' ')) {
- format_str = "%s %s { %s } %s;";
+ perm_prefix = "{ ";
+ perm_suffix = " }";
} else {
- format_str = "%s %s %s %s";
+ perm_prefix = "";
+ perm_suffix = "";
}
if (is_mls) {
flavor = "mlsconstrain";
@@ -297,8 +299,10 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
strs = non_mls_list;
}
- rc = strs_create_and_add(strs, format_str, 4,
- flavor, classkey, perms+1, expr);
+ rc = strs_create_and_add(strs, "%s %s %s%s%s %s;", 6,
+ flavor, classkey,
+ perm_prefix, perms+1, perm_suffix,
+ expr);
free(expr);
if (rc != 0) {
goto exit;
@@ -1026,7 +1030,6 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
struct ebitmap_node *node;
uint32_t i, start, range, first;
char *catsbuf = NULL, *p;
- const char *fmt;
char sep;
int len, remaining;
@@ -1054,12 +1057,12 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
if (range > 1) {
sep = (range == 2) ? ',' : '.';
- fmt = first ? "%s%c%s" : ",%s%c%s";
- len = snprintf(p, remaining, fmt,
+ len = snprintf(p, remaining, "%s%s%c%s",
+ first ? "" : ",",
val_to_name[start], sep, val_to_name[i]);
} else {
- fmt = first ? "%s" : ",%s";
- len = snprintf(p, remaining, fmt, val_to_name[start]);
+ len = snprintf(p, remaining, "%s%s", first ? "" : ",",
+ val_to_name[start]);
}
if (len < 0 || len >= remaining) {
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 16e4004e..b231d7f8 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -1259,7 +1259,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
char *val2 = NULL;
unsigned int num_params;
const char *op;
- const char *fmt_str;
+ const char *sep;
const char *type;
rc = stack_init(&stack);
@@ -1308,11 +1308,11 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
rc = -1;
goto exit;
}
- fmt_str = "(%s %s)";
+ sep = "";
} else {
val2 = stack_pop(stack);
val1 = stack_pop(stack);
- fmt_str = "(%s %s %s)";
+ sep = " ";
}
if (val1 == NULL || val2 == NULL) {
@@ -1334,10 +1334,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
goto exit;
}
- // although we always supply val2 and there isn't always a 2nd
- // value, it should only be used when there are actually two values
- // in the format strings
- rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
+ rlen = snprintf(new_val, len, "(%s %s%s%s)", op, val1, sep, val2);
if (rlen < 0 || rlen >= len) {
log_err("Failed to generate conditional expression");
rc = -1;
@@ -1711,7 +1708,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
char *val2 = NULL;
uint32_t num_params;
const char *op;
- const char *fmt_str;
+ const char *sep;
const char *attr1;
const char *attr2;
char *names = NULL;
@@ -1849,11 +1846,11 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
rc = -1;
goto exit;
}
- fmt_str = "(%s %s)";
+ sep = "";
} else {
val2 = stack_pop(stack);
val1 = stack_pop(stack);
- fmt_str = "(%s %s %s)";
+ sep = " ";
}
if (val1 == NULL || val2 == NULL) {
@@ -1875,10 +1872,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
goto exit;
}
- // although we always supply val2 and there isn't always a 2nd
- // value, it should only be used when there are actually two values
- // in the format strings
- rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
+ rlen = snprintf(new_val, len, "(%s %s%s%s)", op, val1, sep, val2);
if (rlen < 0 || rlen >= len) {
log_err("Failed to generate constraint expression");
rc = -1;
--
2.33.1
next prev parent reply other threads:[~2021-11-12 15:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-12 15:41 [PATCH 01/12] checkpolicy: use correct unsigned format specifiers Christian Göttsche
2021-11-12 15:41 ` Christian Göttsche [this message]
2021-11-12 15:41 ` [PATCH 03/12] policycoreutils: use string literal as format strings Christian Göttsche
2021-11-12 15:41 ` [PATCH 04/12] Enable extra global compiler warnings Christian Göttsche
2021-11-12 15:41 ` [PATCH 05/12] checkpolicy: ignore possible string truncation Christian Göttsche
2021-11-12 15:41 ` [PATCH 06/12] policycoreutils: mark local functions static Christian Göttsche
2021-11-12 15:41 ` [PATCH 07/12] sandbox: " Christian Göttsche
2021-11-12 15:41 ` [PATCH 08/12] python: " Christian Göttsche
2021-11-12 15:41 ` [PATCH 09/12] mcstrans: avoid missing prototypes Christian Göttsche
2021-11-12 15:41 ` [PATCH 10/12] libsemanage: mark local functions static Christian Göttsche
2021-11-12 15:42 ` [PATCH 11/12] libsemanage: include paired header for prototypes Christian Göttsche
2021-11-12 15:42 ` [PATCH 12/12] libsemanage: add extern prototype for legacy function Christian Göttsche
2021-11-15 21:48 ` [PATCH 01/12] checkpolicy: use correct unsigned format specifiers James Carter
2021-11-18 16:17 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211112154201.78217-2-cgzones@googlemail.com \
--to=cgzones@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.