回合上游社区补丁

回合社区补丁<table ><tr><td colSpan="1" rowSpan="1">软件包</td><td colSpan="1" rowSpan="1">CommitId</td><td colSpan="1" rowSpan="1">描述</td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">1609b9fdfddc1f6baa1b38b57018b16af9c5471a</td><td colSpan="1" rowSpan="1">libselinux: restore: use fixed sized integer for hash index The hash mask is set to 2^16 - 1, which does not fit into a signed 16 bit integer. Use uint32_t to be on the safe side. Also use size_t for counting in debug function. Signed-off-by: Christian Göttsche Acked-by: Jason Zaman </td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">4c47f92758df0ad266e8306bbec7b2798a4be3ea</td><td colSpan="1" rowSpan="1">libselinux:add check for malloc Add return check for regex_data_create() to avoid NULL reference of regex_data (gdb) bt #0 0x00007fbde5caec14 in pthread_mutex_init () from /usr/lib64/libc.so.6 #1 0x00007fbde5e3a489 in regex_data_create () at regex.c:260 #2 0x00007fbde5e3a4af in regex_prepare_data (regex=regex@entry=0x7fbde4613770, pattern_string=pattern_string@entry=0x563c6799a820 ^/home$, errordata=errordata@entry=0x7ffeb83fa950) at regex.c:76 #3 0x00007fbde5e32fe6 in compile_regex (errbuf=0x0, spec=0x7fbde4613748) at label_file.h:407 #4 lookup_all (key=0x563c679974e5 /var/log/kadmind.log, type=, partial=partial@entry=false, match_count=match_count@entry=0x0, rec=, rec=) at label_file.c:949 #5 0x00007fbde5e33350 in lookup (rec=, key=, type=) at label_file.c:1092 #6 0x00007fbde5e31878 in selabel_lookup_common (rec=0x563c67998cc0, translating=1, key=, type=) at label.c:167 Signed-off-by: Jie Lu Acked-by: James Carter </td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">001af27a6d32e5b3d1f7410f0007687d7e3c07f5</td><td colSpan="1" rowSpan="1">libselinux: fix some memory issues in db_init 1. check the return of strdup to avoid a potential NULL reference. 2. make sure line_buf is freed. Signed-off-by: Jie Lu Acked-by: James Carter </td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">d31280c26e066d68c3061fc24f5951829f641e81</td><td colSpan="1" rowSpan="1">libselinux: filter arguments with path separators Boolean names, taken by security_get_boolean_pending(3), security_get_boolean_active(3) and security_set_boolean(3), as well as user names, taken by security_get_initial_context(3), are used in path constructions. Ensure they do not contain path separators to avoid unwanted path traversal. Signed-off-by: Christian Göttsche Acked-by: James Carter </td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">d97c34efa5b95d8ec7c0445aa4f87eacf980bab6</td><td colSpan="1" rowSpan="1">libselinux: bail out on path truncations Bail out if computed paths based on user input are being truncated, to avoid wrong files to be opened. Signed-off-by: Christian Göttsche Acked-by: James Carter </td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">42f7f2fdcf1a38b6018933132ea6a35dc41bdeff</td><td colSpan="1" rowSpan="1">libselinux: fix memory leaks on the audit2why module init Signed-off-by: Jie Lu Acked-by: James Carter </td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">f56a72ac9e86ddfbefedc41080f33fb06639f96b</td><td colSpan="1" rowSpan="1">libselinux: ignore invalid class name lookup selinux_check_access relies on string_to_security_class to resolve the class index from its char* argument. There is no input validation done on the string provided. It is possible to supply an argument containing trailing backslashes (i.e., sock_file//////) so that the paths built in discover_class get truncated. The processing will then reference the same permission file multiple time (e.g., perms/watch_reads will be truncated to perms/watch). This will leak the memory allocated when strdup&#x27;ing the permission name. The discover_class_cache will end up in an invalid state (but not corrupted). Ensure that the class provided does not contain any path separator. Signed-off-by: Thiébaud Weksteen Acked-by: James Carter </td></tr><tr><td colSpan="1" rowSpan="1">libselinux</td><td colSpan="1" rowSpan="1">2f71384f233aa544cf0cf50be7e83c7762ad1c15</td><td colSpan="1" rowSpan="1">libselinux: Ignore missing directories when -i is used Currently -i only ignores a file whose parent directory exists. Start also ignoring paths with missing components. Fixes: # restorecon -i -v -R /var/log/missingdir/missingfile; echo $? 255 restorecon: SELinux: Could not get canonical path for /var/log/missingdir/missingfile restorecon: No such file or directory. Signed-off-by: Vit Mojzis Acked-by: James Carter </td></tr></table>

src-openEuler/libselinux
关闭

内容风险标识

评论 (2)

src-openEuler/libselinux关闭 .gitee-modal { width: 500px !important; }

内容风险标识