* [PATCH 1/1] libselinux: ensure that digest_len is not zero
@ 2019-08-05 21:13 Nicolas Iooss
2019-09-01 17:51 ` Nicolas Iooss
0 siblings, 1 reply; 2+ messages in thread
From: Nicolas Iooss @ 2019-08-05 21:13 UTC (permalink / raw)
To: selinux
In add_xattr_entry(), if selabel_get_digests_all_partial_matches()
returns with digest_len = 0, the code gets executed as:
sha1_buf = malloc(digest_len * 2 + 1); /* Allocate 1 byte */
/* ... */
for (i = 0; i < digest_len; i++) /* Do not do anything */
sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]);
/* ... */
new_entry->digest = strdup(sha1_buf); /* use of uninitiliazed content */
This is reported by some static code analyzers, even though in practise
digest_len should never be zero, and the call to sprintf() ensures that
the content of sha1_buf is initialized and terminated by '\0'.
Make sure to never call strdup() on an uninitialized string by verifying
that digest_len != 0.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libselinux/src/selinux_restorecon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 1be453f3b494..028d8924235f 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -309,7 +309,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
&calculated_digest,
&xattr_digest, &digest_len);
- if (!xattr_digest) {
+ if (!xattr_digest || !digest_len) {
free(calculated_digest);
return 1;
}
--
2.22.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 1/1] libselinux: ensure that digest_len is not zero
2019-08-05 21:13 [PATCH 1/1] libselinux: ensure that digest_len is not zero Nicolas Iooss
@ 2019-09-01 17:51 ` Nicolas Iooss
0 siblings, 0 replies; 2+ messages in thread
From: Nicolas Iooss @ 2019-09-01 17:51 UTC (permalink / raw)
To: SElinux list
On Mon, Aug 5, 2019 at 11:13 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> In add_xattr_entry(), if selabel_get_digests_all_partial_matches()
> returns with digest_len = 0, the code gets executed as:
>
> sha1_buf = malloc(digest_len * 2 + 1); /* Allocate 1 byte */
>
> /* ... */
>
> for (i = 0; i < digest_len; i++) /* Do not do anything */
> sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]);
>
> /* ... */
>
> new_entry->digest = strdup(sha1_buf); /* use of uninitiliazed content */
>
> This is reported by some static code analyzers, even though in practise
> digest_len should never be zero, and the call to sprintf() ensures that
> the content of sha1_buf is initialized and terminated by '\0'.
>
> Make sure to never call strdup() on an uninitialized string by verifying
> that digest_len != 0.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Merged.
> ---
> libselinux/src/selinux_restorecon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
> index 1be453f3b494..028d8924235f 100644
> --- a/libselinux/src/selinux_restorecon.c
> +++ b/libselinux/src/selinux_restorecon.c
> @@ -309,7 +309,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
> &calculated_digest,
> &xattr_digest, &digest_len);
>
> - if (!xattr_digest) {
> + if (!xattr_digest || !digest_len) {
> free(calculated_digest);
> return 1;
> }
> --
> 2.22.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-01 17:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-05 21:13 [PATCH 1/1] libselinux: ensure that digest_len is not zero Nicolas Iooss
2019-09-01 17:51 ` Nicolas Iooss
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).