selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Nicolas Iooss <nicolas.iooss@m4x.org>
To: selinux@vger.kernel.org
Subject: [PATCH 3/6] libsepol/cil: constify some strings
Date: Wed, 30 Dec 2020 11:07:43 +0100	[thread overview]
Message-ID: <20201230100746.2549568-3-nicolas.iooss@m4x.org> (raw)
In-Reply-To: <20201230100746.2549568-1-nicolas.iooss@m4x.org>

Function cil_add_file() copies its input into a newly-allocated buffer,
and does not modify "name". State these properties in the types of
parameters by adding "const" qualifiers.

This enables using LibFuzzer directly on cil_add_file(), without a
warning about discarding "const" qualifier:

    fuzz-secilc.c: In function ‘LLVMFuzzerTestOneInput’:
    fuzz-secilc.c:57:31: warning: passing argument 3 of ‘cil_add_file’
    discards ‘const’ qualifier from pointer target type
    [-Wdiscarded-qualifiers]
       57 |  if (cil_add_file(db, "fuzz", data, size) != SEPOL_OK)
          |                               ^~~~
    In file included from fuzz-secilc.c:26:
    /usr/include/sepol/cil/cil.h:45:57: note: expected ‘char *’ but
    argument is of type ‘const uint8_t *’ {aka ‘const unsigned char *’}
       45 | extern int cil_add_file(cil_db_t *db, char *name, char *data, size_t size);
          |                                                   ~~~~~~^~~~

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/cil/include/cil/cil.h | 4 ++--
 libsepol/cil/src/cil.c         | 2 +-
 libsepol/cil/src/cil_log.c     | 6 +++---
 libsepol/cil/src/cil_parser.c  | 2 +-
 libsepol/cil/src/cil_parser.h  | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/libsepol/cil/include/cil/cil.h b/libsepol/cil/include/cil/cil.h
index f8cfc3be5015..e6f4503eb33a 100644
--- a/libsepol/cil/include/cil/cil.h
+++ b/libsepol/cil/include/cil/cil.h
@@ -42,7 +42,7 @@ typedef struct cil_db cil_db_t;
 extern void cil_db_init(cil_db_t **db);
 extern void cil_db_destroy(cil_db_t **db);
 
-extern int cil_add_file(cil_db_t *db, char *name, char *data, size_t size);
+extern int cil_add_file(cil_db_t *db, const char *name, const char *data, size_t size);
 
 extern int cil_compile(cil_db_t *db);
 extern int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db);
@@ -67,7 +67,7 @@ enum cil_log_level {
 	CIL_INFO
 };
 extern void cil_set_log_level(enum cil_log_level lvl);
-extern void cil_set_log_handler(void (*handler)(int lvl, char *msg));
+extern void cil_set_log_handler(void (*handler)(int lvl, const char *msg));
 
 #ifdef __GNUC__
 __attribute__ ((format(printf, 2, 3)))
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
index bb7f06d5c4b3..99c8e288912c 100644
--- a/libsepol/cil/src/cil.c
+++ b/libsepol/cil/src/cil.c
@@ -500,7 +500,7 @@ void cil_root_destroy(struct cil_root *root)
 	free(root);
 }
 
-int cil_add_file(cil_db_t *db, char *name, char *data, size_t size)
+int cil_add_file(cil_db_t *db, const char *name, const char *data, size_t size)
 {
 	char *buffer = NULL;
 	int rc;
diff --git a/libsepol/cil/src/cil_log.c b/libsepol/cil/src/cil_log.c
index b222b155120a..a8e4d2e94a78 100644
--- a/libsepol/cil/src/cil_log.c
+++ b/libsepol/cil/src/cil_log.c
@@ -37,14 +37,14 @@
 
 static enum cil_log_level cil_log_level = CIL_ERR;
 
-void cil_default_log_handler(__attribute__((unused)) int lvl, char *msg)
+void cil_default_log_handler(__attribute__((unused)) int lvl, const char *msg)
 {
 	fprintf(stderr, "%s", msg);
 }
 
-void (*cil_log_handler)(int lvl, char *msg) = &cil_default_log_handler;
+void (*cil_log_handler)(int lvl, const char *msg) = &cil_default_log_handler;
 
-void cil_set_log_handler(void (*handler)(int lvl, char *msg))
+void cil_set_log_handler(void (*handler)(int lvl, const char *msg))
 {
 	cil_log_handler = handler;
 }
diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c
index a8af1dce2c4b..b62043b95806 100644
--- a/libsepol/cil/src/cil_parser.c
+++ b/libsepol/cil/src/cil_parser.c
@@ -196,7 +196,7 @@ static void add_cil_path(struct cil_tree_node **current, char *path)
 	insert_node(node, *current);
 }
 
-int cil_parser(char *_path, char *buffer, uint32_t size, struct cil_tree **parse_tree)
+int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree **parse_tree)
 {
 
 	int paren_count = 0;
diff --git a/libsepol/cil/src/cil_parser.h b/libsepol/cil/src/cil_parser.h
index 02ecb784e95c..1cec63944fdf 100644
--- a/libsepol/cil/src/cil_parser.h
+++ b/libsepol/cil/src/cil_parser.h
@@ -32,6 +32,6 @@
 
 #include "cil_tree.h"
 
-int cil_parser(char *path, char *buffer, uint32_t size, struct cil_tree **parse_tree);
+int cil_parser(const char *path, char *buffer, uint32_t size, struct cil_tree **parse_tree);
 
 #endif /* CIL_PARSER_H_ */
-- 
2.29.2


  parent reply	other threads:[~2020-12-30 10:08 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-30 10:07 [PATCH 1/6] libsepol: do not decode out-of-bound rolebounds Nicolas Iooss
2020-12-30 10:07 ` [PATCH 2/6] libsepol: ensure that hashtab_search is not called with a NULL key Nicolas Iooss
2021-01-04 16:31   ` James Carter
2021-01-06  8:12     ` Nicolas Iooss
2020-12-30 10:07 ` Nicolas Iooss [this message]
2021-01-04 16:33   ` [PATCH 3/6] libsepol/cil: constify some strings James Carter
2021-01-05 16:07     ` James Carter
2020-12-30 10:07 ` [PATCH 4/6] libsepol/cil: fix NULL pointer dereference when parsing an improper integer Nicolas Iooss
2020-12-31 15:04   ` William Roberts
2021-01-02 11:13     ` Nicolas Iooss
2021-01-03 18:32       ` William Roberts
2021-01-04 16:43   ` James Carter
2021-01-05 12:51     ` William Roberts
2020-12-30 10:07 ` [PATCH 5/6] libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit Nicolas Iooss
2021-01-04 18:17   ` James Carter
2021-01-05 16:08     ` James Carter
2020-12-30 10:07 ` [PATCH 6/6] libsepol/cil: destroy perm_datums when __cil_resolve_perms fails Nicolas Iooss
2020-12-31 15:05   ` William Roberts
2021-01-04 18:18   ` James Carter
2021-01-05 16:08     ` James Carter
2021-01-04 15:48 ` [PATCH 1/6] libsepol: do not decode out-of-bound rolebounds James Carter
2021-01-04 15:51   ` James Carter
2021-01-06  8:05     ` Nicolas Iooss

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201230100746.2549568-3-nicolas.iooss@m4x.org \
    --to=nicolas.iooss@m4x.org \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).