master

分支 (28)

标签 (22)

管理

管理

master

openEuler-25.03

openEuler-24.03-LTS-SP1

openEuler-24.03-LTS-Next

openEuler-24.03-LTS-SP2

openEuler-22.03-LTS-SP4

openEuler-24.03-LTS

openEuler-22.03-LTS-SP3

openEuler-24.09

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP1

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS

openEuler-23.09

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP4

openEuler-20.03-LTS-SP1

openEuler-23.03

openEuler-22.09

openEuler-22.03-LTS-LoongArch

openEuler-25.03-release

openEuler-24.03-LTS-SP1-release

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

libselinux
/
backport-libselinux-utils-selabel_dig...

From 994b9b205e36f3cc849b75f075e057686f3f9cd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 13 Mar 2024 12:10:23 +0100
Subject: [PATCH] libselinux/utils/selabel_digest: avoid buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In case the specfiles have very long paths or there are too many abort
instead of writing past the stack buffer.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 utils/selabel_digest.c | 45 ++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/utils/selabel_digest.c b/utils/selabel_digest.c
index db0d443a..64051070 100644
--- a/utils/selabel_digest.c
+++ b/utils/selabel_digest.c
@@ -66,7 +66,7 @@ int main(int argc, char **argv)

 	char cmd_buf[4096];
 	char *cmd_ptr;
-	char *sha1_buf;
+	char *sha1_buf = NULL;

 	struct selabel_handle *hnd;
 	struct selinux_opt selabel_option[] = {
@@ -167,23 +167,50 @@ int main(int argc, char **argv)
 	printf("calculated using the following specfile(s):\n");

 	if (specfiles) {
-		cmd_ptr = &cmd_buf[0];
-		sprintf(cmd_ptr, "/usr/bin/cat ");
-		cmd_ptr = &cmd_buf[0] + strlen(cmd_buf);
+		size_t cmd_rem = sizeof(cmd_buf);
+		int ret;
+
+		if (validate) {
+			cmd_ptr = &cmd_buf[0];
+			ret = snprintf(cmd_ptr, cmd_rem, "/usr/bin/cat ");
+			if (ret < 0 || (size_t)ret >= cmd_rem) {
+				fprintf(stderr, "Could not format validate command\n");
+				rc = -1;
+				goto err;
+			}
+			cmd_ptr += ret;
+			cmd_rem -= ret;
+		}

 		for (i = 0; i < num_specfiles; i++) {
-			sprintf(cmd_ptr, "%s ", specfiles[i]);
-			cmd_ptr += strlen(specfiles[i]) + 1;
+			if (validate) {
+				ret = snprintf(cmd_ptr, cmd_rem, "%s ", specfiles[i]);
+				if (ret < 0 || (size_t)ret >= cmd_rem) {
+					fprintf(stderr, "Could not format validate command\n");
+					rc = -1;
+					goto err;
+				}
+				cmd_ptr += ret;
+				cmd_rem -= ret;
+			}
+
 			printf("%s\n", specfiles[i]);
 		}
-		sprintf(cmd_ptr, "| /usr/bin/openssl dgst -sha1 -hex");

-		if (validate)
+		if (validate) {
+			ret = snprintf(cmd_ptr, cmd_rem, "| /usr/bin/openssl dgst -sha1 -hex");
+			if (ret < 0 || (size_t)ret >= cmd_rem) {
+				fprintf(stderr, "Could not format validate command\n");
+				rc = -1;
+				goto err;
+			}
+
 			rc = run_check_digest(cmd_buf, sha1_buf);
+		}
 	}

-	free(sha1_buf);
 err:
+	free(sha1_buf);
 	selabel_close(hnd);
 	return rc;
 }
--
2.33.0