diff --git a/backport-libsemanage-avoid-leak-on-realloc-failure.patch b/backport-libsemanage-avoid-leak-on-realloc-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..9c5e6bdebf5d608556333d0fff0eef552c1b39fb --- /dev/null +++ b/backport-libsemanage-avoid-leak-on-realloc-failure.patch @@ -0,0 +1,44 @@ +From 73f958b01aa15c55cd69f188b8a5ed44601ac406 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 11 Nov 2024 15:16:38 +0100 +Subject: [PATCH] libsemanage: avoid leak on realloc failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/73f958b01aa15c55cd69f188b8a5ed44601ac406 + +--- + src/direct_api.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/direct_api.c b/src/direct_api.c +index ed4343dc..288e491a 100644 +--- a/src/direct_api.c ++++ b/src/direct_api.c +@@ -599,12 +599,16 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int + while ((read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0) { + data_read_len += read_len; + if (data_read_len == max_len) { ++ char *tmp; ++ + max_len *= 2; +- data_read = realloc(data_read, max_len); +- if (data_read == NULL) { ++ tmp = realloc(data_read, max_len); ++ if (tmp == NULL) { + ERR(sh, "Failed to realloc, out of memory.\n"); ++ free(data_read); + return -1; + } ++ data_read = tmp; + } + } + +-- +2.33.0 + diff --git a/backport-libsemanage-check-closing-written-files.patch b/backport-libsemanage-check-closing-written-files.patch new file mode 100644 index 0000000000000000000000000000000000000000..8696de5d7609b9305f0f03c7bec2391c979059ae --- /dev/null +++ b/backport-libsemanage-check-closing-written-files.patch @@ -0,0 +1,168 @@ +From 2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 25 Nov 2024 12:18:36 +0100 +Subject: [PATCH] libsemanage: check closing written files +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Check that closing a file that has been written to is successful, to +avoid potential unsuccessful writes/syncs. + +Signed-off-by: Christian Göttsche + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/2cc2d1ed1fa78dfdb879f3c2a0b21fa23eeb2504 + +--- + src/database_file.c | 5 ++++- + src/direct_api.c | 15 +++++++++------ + src/genhomedircon.c | 3 ++- + src/semanage_store.c | 18 +++++++++++++----- + 4 files changed, 28 insertions(+), 13 deletions(-) + +diff --git a/src/database_file.c b/src/database_file.c +index 47814254..214dbe6c 100644 +--- a/src/database_file.c ++++ b/src/database_file.c +@@ -149,7 +149,10 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) + } + + dbase_llist_set_modified(&dbase->llist, 0); +- fclose(str); ++ if (fclose(str) != 0 && errno != EINTR) { ++ str = NULL; ++ goto err; ++ } + return STATUS_SUCCESS; + + err: +diff --git a/src/direct_api.c b/src/direct_api.c +index 0e7ef4da..87c7627d 100644 +--- a/src/direct_api.c ++++ b/src/direct_api.c +@@ -467,7 +467,10 @@ static int write_file(semanage_handle_t * sh, + close(out); + return -1; + } +- close(out); ++ if (close(out) == -1 && errno != EINTR) { ++ ERR(sh, "Error while closing %s.", filename); ++ return -1; ++ } + return 0; + } + +@@ -839,7 +842,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, + goto cleanup; + } + +- if (fclose(fp) != 0) { ++ if (fclose(fp) != 0 && errno != EINTR) { + ERR(sh, "Unable to close %s module ext file.", modinfo->name); + fp = NULL; + ret = -1; +@@ -1216,7 +1219,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + FILE *touch; + touch = fopen(path, "we"); + if (touch != NULL) { +- if (fclose(touch) != 0) { ++ if (fclose(touch) != 0 && errno != EINTR) { + ERR(sh, "Error attempting to create disable_dontaudit flag."); + goto cleanup; + } +@@ -1248,7 +1251,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + FILE *touch; + touch = fopen(path, "we"); + if (touch != NULL) { +- if (fclose(touch) != 0) { ++ if (fclose(touch) != 0 && errno != EINTR) { + ERR(sh, "Error attempting to create preserve_tunable flag."); + goto cleanup; + } +@@ -2120,7 +2123,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, + + ret = fclose(fp); + fp = NULL; +- if (ret != 0) { ++ if (ret != 0 && errno != EINTR) { + ERR(sh, + "Unable to close disabled file for module %s", + modkey->name); +@@ -2321,7 +2324,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, + free(tmp); + tmp = NULL; + +- if (fclose(fp) != 0) { ++ if (fclose(fp) != 0 && errno != EINTR) { + fp = NULL; + ERR(sh, + "Unable to close %s module lang ext file.", +diff --git a/src/genhomedircon.c b/src/genhomedircon.c +index 4949bc75..19543799 100644 +--- a/src/genhomedircon.c ++++ b/src/genhomedircon.c +@@ -1429,7 +1429,8 @@ int semanage_genhomedircon(semanage_handle_t * sh, + + done: + if (out != NULL) +- fclose(out); ++ if (fclose(out) != 0 && errno != EINTR) ++ retval = STATUS_ERR; + + while (s.fallback) + pop_user_entry(&(s.fallback)); +diff --git a/src/semanage_store.c b/src/semanage_store.c +index cdb495cb..e44efc16 100644 +--- a/src/semanage_store.c ++++ b/src/semanage_store.c +@@ -717,7 +717,7 @@ int semanage_copy_file(semanage_handle_t *sh, const char *src, const char *dst, + errsv = errno; + retval = -1; + } +- if (close(out) < 0) { ++ if (close(out) < 0 && errno != EINTR) { + errsv = errno; + retval = -1; + } +@@ -1536,9 +1536,11 @@ int semanage_split_fc(semanage_handle_t * sh) + if (file_con) + fclose(file_con); + if (fc >= 0) +- close(fc); ++ if (close(fc) == -1 && errno != EINTR) ++ retval = -1; + if (hd >= 0) +- close(hd); ++ if (close(hd) == -1 && errno != EINTR) ++ retval = -1; + + return retval; + +@@ -1732,7 +1734,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) + close(fd); + return -1; + } +- close(fd); ++ if (close(fd) == -1 && errno != EINTR) { ++ ERR(sh, "Error while closing commit number file %s.", ++ commit_filename); ++ return -1; ++ } + + /* sync changes in sandbox to filesystem */ + fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); +@@ -2157,7 +2163,9 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, + + cleanup: + if (outfile != NULL) { +- fclose(outfile); ++ if (fclose(outfile) != 0 && errno != EINTR) { ++ retval = STATUS_ERR; ++ } + } + umask(mask); + sepol_policy_file_free(pf); +-- +2.33.0 + diff --git a/backport-libsemanage-check-for-path-formatting-failures.patch b/backport-libsemanage-check-for-path-formatting-failures.patch new file mode 100644 index 0000000000000000000000000000000000000000..14e204e7ae6be43f87ac0ea52e75e648aa0bb329 --- /dev/null +++ b/backport-libsemanage-check-for-path-formatting-failures.patch @@ -0,0 +1,80 @@ +From 50f3cfd27b59f1a5efdf728827974ad02472c0b2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 11 Nov 2024 15:16:43 +0100 +Subject: [PATCH] libsemanage: check for path formatting failures +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/50f3cfd27b59f1a5efdf728827974ad02472c0b2 + +--- + src/semanage_store.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/src/semanage_store.c b/src/semanage_store.c +index 23b91ae2..2cd992eb 100644 +--- a/src/semanage_store.c ++++ b/src/semanage_store.c +@@ -798,7 +798,7 @@ static int semanage_copy_dir(const char *src, const char *dst) + * well. Returns 0 on success, -1 on error. */ + static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) + { +- int i, len = 0, retval = -1; ++ int i, len = 0, rc, retval = -1; + struct stat sb; + struct dirent **names = NULL; + char path[PATH_MAX], path2[PATH_MAX]; +@@ -822,13 +822,21 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) + } + + for (i = 0; i < len; i++) { +- snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name); ++ rc = snprintf(path, sizeof(path), "%s/%s", src, names[i]->d_name); ++ if (rc < 0 || (size_t)rc >= sizeof(path)) { ++ errno = EOVERFLOW; ++ goto cleanup; ++ } + /* stat() to see if this entry is a file or not since + * d_type isn't set properly on XFS */ + if (stat(path, &sb)) { + goto cleanup; + } +- snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name); ++ rc = snprintf(path2, sizeof(path2), "%s/%s", dst, names[i]->d_name); ++ if (rc < 0 || (size_t)rc >= sizeof(path2)) { ++ errno = EOVERFLOW; ++ goto cleanup; ++ } + if (S_ISDIR(sb.st_mode)) { + mask = umask(0077); + if (mkdir(path2, 0700) == -1 || +@@ -862,7 +870,7 @@ static int semanage_copy_dir_flags(const char *src, const char *dst, int flag) + int semanage_remove_directory(const char *path) + { + struct dirent **namelist = NULL; +- int num_entries, i; ++ int num_entries, i, rc; + if ((num_entries = scandir(path, &namelist, semanage_filename_select, + NULL)) == -1) { + return -1; +@@ -870,7 +878,11 @@ int semanage_remove_directory(const char *path) + for (i = 0; i < num_entries; i++) { + char s[PATH_MAX]; + struct stat buf; +- snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name); ++ rc = snprintf(s, sizeof(s), "%s/%s", path, namelist[i]->d_name); ++ if (rc < 0 || (size_t)rc >= sizeof(s)) { ++ errno = EOVERFLOW; ++ return -2; ++ } + if (stat(s, &buf) == -1) { + return -2; + } +-- +2.33.0 + diff --git a/backport-libsemanage-check-memory-allocations.patch b/backport-libsemanage-check-memory-allocations.patch new file mode 100644 index 0000000000000000000000000000000000000000..70f3f5d69541c1312acd36c9435aaf6443138fae --- /dev/null +++ b/backport-libsemanage-check-memory-allocations.patch @@ -0,0 +1,52 @@ +From 7a35e57c64faedbb11a880652604b36dd35afad1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 11 Nov 2024 15:16:30 +0100 +Subject: [PATCH] libsemanage: check memory allocations +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/7a35e57c64faedbb11a880652604b36dd35afad1 + +--- + src/conf-parse.y | 6 ++++++ + src/handle.c | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/src/conf-parse.y b/src/conf-parse.y +index 2b131eeb..b93080cd 100644 +--- a/src/conf-parse.y ++++ b/src/conf-parse.y +@@ -382,6 +382,12 @@ static int semanage_conf_init(semanage_conf_t * conf) + conf->save_previous = 0; + conf->save_linked = 0; + ++ if (!conf->store_path || ++ !conf->store_root_path || ++ !conf->compiler_directory_path) { ++ return -1; ++ } ++ + if ((conf->load_policy = + calloc(1, sizeof(*(current_conf->load_policy)))) == NULL) { + return -1; +diff --git a/src/handle.c b/src/handle.c +index d5baa614..f048f6d7 100644 +--- a/src/handle.c ++++ b/src/handle.c +@@ -45,6 +45,8 @@ int semanage_set_root(const char *root) + { + free(private_semanage_root); + private_semanage_root = strdup(root); ++ if (!private_semanage_root) ++ return -1; + return 0; + } + +-- +2.33.0 + diff --git a/backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch b/backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch new file mode 100644 index 0000000000000000000000000000000000000000..8a21c827d3c57e7ba25700c304388d81733af088 --- /dev/null +++ b/backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch @@ -0,0 +1,47 @@ +From 9b4eff9222b24d4b5f2784db281f4f53019263b0 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 25 Oct 2024 20:32:07 +0200 +Subject: [PATCH] libsemanage/direct_api: INTEGER_OVERFLOW read_len = read() + +The following statement is always true if read_len is unsigned: +(read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0 + +Fixes: + Error: INTEGER_OVERFLOW (CWE-190): [#def19] [important] + libsemanage-3.7/src/direct_api.c:598:2: tainted_data_return: Called function "read(fd, data_read + data_read_len, max_len - data_read_len)", and a possible return value may be less than zero. + libsemanage-3.7/src/direct_api.c:598:2: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow. + libsemanage-3.7/src/direct_api.c:599:3: overflow: The expression "data_read_len += read_len" is deemed underflowed because at least one of its arguments has underflowed. + libsemanage-3.7/src/direct_api.c:598:2: overflow: The expression "max_len - data_read_len" is deemed underflowed because at least one of its arguments has underflowed. + libsemanage-3.7/src/direct_api.c:598:2: overflow_sink: "max_len - data_read_len", which might have underflowed, is passed to "read(fd, data_read + data_read_len, max_len - data_read_len)". [Note: The source code implementation of the function has been overridden by a builtin model.] + \# 596| } + \# 597| + \# 598|-> while ((read_len = read(fd, data_read + data_read_len, max_len - data_read_len)) > 0) { + \# 599| data_read_len += read_len; + \# 600| if (data_read_len == max_len) { + +Signed-off-by: Vit Mojzis +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/9b4eff9222b24d4b5f2784db281f4f53019263b0 + +--- + src/direct_api.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/direct_api.c b/src/direct_api.c +index d740070d..7631c7bf 100644 +--- a/src/direct_api.c ++++ b/src/direct_api.c +@@ -582,7 +582,7 @@ cleanup: + static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int fd, char **out_data_read, size_t *out_read_len) + { + size_t max_len = initial_len; +- size_t read_len = 0; ++ ssize_t read_len = 0; + size_t data_read_len = 0; + char *data_read = NULL; + +-- +2.33.0 + diff --git a/backport-libsemanage-fix-asprintf-error-branch.patch b/backport-libsemanage-fix-asprintf-error-branch.patch new file mode 100644 index 0000000000000000000000000000000000000000..6ccf043b97da28eb89649ee3736bf048d4826f94 --- /dev/null +++ b/backport-libsemanage-fix-asprintf-error-branch.patch @@ -0,0 +1,40 @@ +From 44f1323941cd3053e2cd5cdd6995667feca5fb52 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 11 Nov 2024 15:16:37 +0100 +Subject: [PATCH] libsemanage: fix asprintf error branch +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The content of the first argument after a failure of asprintf(3) is +undefined and must not be used. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/44f1323941cd3053e2cd5cdd6995667feca5fb52 + +--- + src/boolean_record.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/boolean_record.c b/src/boolean_record.c +index 40dc6545..7878b04d 100644 +--- a/src/boolean_record.c ++++ b/src/boolean_record.c +@@ -107,8 +107,10 @@ int semanage_bool_set_name(semanage_handle_t * handle, + end++; + *end = '\0'; + rc = asprintf(&newroot, "%s%s%s", prefix, olddir, storename); +- if (rc < 0) ++ if (rc < 0) { ++ newroot = NULL; + goto out; ++ } + + if (strcmp(oldroot, newroot)) { + rc = selinux_set_policy_root(newroot); +-- +2.33.0 + diff --git a/backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch b/backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch new file mode 100644 index 0000000000000000000000000000000000000000..447aae8fe5685d9ae4f1bf3c29f792d58f406aa6 --- /dev/null +++ b/backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch @@ -0,0 +1,73 @@ +From 61856379a15a7ed311a7bc55178407d53e553d3a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 11 Nov 2024 15:16:41 +0100 +Subject: [PATCH] libsemanage: free ibdev names in + semanage_ibendport_validate_local() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/61856379a15a7ed311a7bc55178407d53e553d3a + +--- + src/ibendports_local.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/ibendports_local.c b/src/ibendports_local.c +index e696fdca..feebfa63 100644 +--- a/src/ibendports_local.c ++++ b/src/ibendports_local.c +@@ -80,8 +80,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle) + semanage_ibendport_t **ibendports = NULL; + unsigned int nibendports = 0; + unsigned int i = 0, j = 0; +- char *ibdev_name; +- char *ibdev_name2; ++ char *ibdev_name = NULL; ++ char *ibdev_name2 = NULL; + int port; + int port2; + +@@ -97,6 +97,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle) + while (i < nibendports) { + int stop = 0; + ++ free(ibdev_name); ++ ibdev_name = NULL; + if (STATUS_SUCCESS != + semanage_ibendport_get_ibdev_name(handle, + ibendports[i], +@@ -114,6 +116,8 @@ int semanage_ibendport_validate_local(semanage_handle_t *handle) + if (j == nibendports - 1) + goto next; + j++; ++ free(ibdev_name2); ++ ibdev_name2 = NULL; + if (STATUS_SUCCESS != + semanage_ibendport_get_ibdev_name(handle, + ibendports[j], +@@ -136,6 +140,8 @@ next: + j = i; + } + ++ free(ibdev_name); ++ free(ibdev_name2); + for (i = 0; i < nibendports; i++) + semanage_ibendport_free(ibendports[i]); + free(ibendports); +@@ -145,6 +151,8 @@ err: + ERR(handle, "could not complete ibendports validity check"); + + invalid: ++ free(ibdev_name); ++ free(ibdev_name2); + for (i = 0; i < nibendports; i++) + semanage_ibendport_free(ibendports[i]); + free(ibendports); +-- +2.33.0 + diff --git a/backport-libsemanage-free-resources-on-failed-connect-attempt.patch b/backport-libsemanage-free-resources-on-failed-connect-attempt.patch new file mode 100644 index 0000000000000000000000000000000000000000..9e40f57c208bb168530efef43430e87c435a9a72 --- /dev/null +++ b/backport-libsemanage-free-resources-on-failed-connect-attempt.patch @@ -0,0 +1,115 @@ +From e6d03452223c2404b9cfd04855ac8fca556e409d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 11 Nov 2024 15:16:32 +0100 +Subject: [PATCH] libsemanage: free resources on failed connect attempt +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In case connecting to the semanage database fails, free all already +allocated resources. + +Signed-off-by: Christian Göttsche +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/e6d03452223c2404b9cfd04855ac8fca556e409d + +--- + src/database_activedb.c | 3 +++ + src/database_file.c | 3 +++ + src/database_join.c | 3 +++ + src/database_policydb.c | 2 +- + src/direct_api.c | 1 + + src/handle.c | 5 ++--- + 6 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/src/database_activedb.c b/src/database_activedb.c +index fa6b6105..e0369963 100644 +--- a/src/database_activedb.c ++++ b/src/database_activedb.c +@@ -139,6 +139,9 @@ int dbase_activedb_init(semanage_handle_t * handle, + void dbase_activedb_release(dbase_activedb_t * dbase) + { + ++ if (!dbase) ++ return; ++ + dbase_llist_drop_cache(&dbase->llist); + free(dbase); + } +diff --git a/src/database_file.c b/src/database_file.c +index a7773fb5..09b32f8f 100644 +--- a/src/database_file.c ++++ b/src/database_file.c +@@ -191,6 +191,9 @@ int dbase_file_init(semanage_handle_t * handle, + void dbase_file_release(dbase_file_t * dbase) + { + ++ if (!dbase) ++ return; ++ + dbase_llist_drop_cache(&dbase->llist); + free(dbase); + } +diff --git a/src/database_join.c b/src/database_join.c +index 2a2008e8..bf260952 100644 +--- a/src/database_join.c ++++ b/src/database_join.c +@@ -271,6 +271,9 @@ int dbase_join_init(semanage_handle_t * handle, + void dbase_join_release(dbase_join_t * dbase) + { + ++ if (!dbase) ++ return; ++ + dbase_llist_drop_cache(&dbase->llist); + free(dbase); + } +diff --git a/src/database_policydb.c b/src/database_policydb.c +index 95418365..54b82958 100644 +--- a/src/database_policydb.c ++++ b/src/database_policydb.c +@@ -44,7 +44,7 @@ struct dbase_policydb { + static void dbase_policydb_drop_cache(dbase_policydb_t * dbase) + { + +- if (dbase->cache_serial >= 0) { ++ if (dbase && dbase->cache_serial >= 0) { + sepol_policydb_free(dbase->policydb); + dbase->cache_serial = -1; + dbase->modified = 0; +diff --git a/src/direct_api.c b/src/direct_api.c +index 8f8dc0da..ed4343dc 100644 +--- a/src/direct_api.c ++++ b/src/direct_api.c +@@ -321,6 +321,7 @@ int semanage_direct_connect(semanage_handle_t * sh) + + err: + ERR(sh, "could not establish direct connection"); ++ (void) semanage_direct_disconnect(sh); + return STATUS_ERR; + } + +diff --git a/src/handle.c b/src/handle.c +index f048f6d7..9bb84546 100644 +--- a/src/handle.c ++++ b/src/handle.c +@@ -361,12 +361,11 @@ int semanage_access_check(semanage_handle_t * sh) + + int semanage_disconnect(semanage_handle_t * sh) + { +- assert(sh != NULL && sh->funcs != NULL +- && sh->funcs->disconnect != NULL); ++ assert(sh != NULL); + if (!sh->is_connected) { + return 0; + } +- if (sh->funcs->disconnect(sh) < 0) { ++ if (sh->funcs && sh->funcs->disconnect(sh) < 0) { + return -1; + } + sh->is_in_transaction = 0; +-- +2.33.0 + diff --git a/backport-libsemanage-handle-cil_set_handle_unknown-failure.patch b/backport-libsemanage-handle-cil_set_handle_unknown-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..7054ea37b4358b9782420f96c1a177d218b15270 --- /dev/null +++ b/backport-libsemanage-handle-cil_set_handle_unknown-failure.patch @@ -0,0 +1,35 @@ +From 419a76e65693affcf89746fe9b9ad20c62e541bb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 25 Nov 2024 12:18:33 +0100 +Subject: [PATCH] libsemanage: handle cil_set_handle_unknown() failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Christian Göttsche + +Conflict:Context adaptation +Reference:https://github.com/SELinuxProject/selinux/commit/419a76e65693affcf89746fe9b9ad20c62e541bb + +--- + src/direct_api.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/direct_api.c b/src/direct_api.c +index 85876676..a271a576 100644 +--- a/src/direct_api.c ++++ b/src/direct_api.c +@@ -1417,7 +1417,9 @@ rebuild: + cil_set_policy_version(cildb, sh->conf->policyvers); + + if (sh->conf->handle_unknown != -1) { +- cil_set_handle_unknown(cildb, sh->conf->handle_unknown); ++ retval = cil_set_handle_unknown(cildb, sh->conf->handle_unknown); ++ if (retval < 0) ++ goto cleanup; + } + + retval = semanage_load_files(sh, cildb, mod_filenames, num_modinfos); +-- +2.33.0 + diff --git a/backport-libsemanage-open-lock_file-with-O_RDWR.patch b/backport-libsemanage-open-lock_file-with-O_RDWR.patch new file mode 100644 index 0000000000000000000000000000000000000000..b5ed7f05d9574978f10c89b77a0a8bc05541f63a --- /dev/null +++ b/backport-libsemanage-open-lock_file-with-O_RDWR.patch @@ -0,0 +1,55 @@ +From 267d4f9bf5bce81eaaf2192ea297db0fadc173b9 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 11 Nov 2024 13:32:50 +0100 +Subject: [PATCH] libsemanage: open lock_file with O_RDWR + +man 2 flock: + Since Linux 2.6.12, NFS clients support flock() locks by emulating + them as fcntl(2) byte-range locks on the entire file. This means + that fcntl(2) and flock() locks do interact with one another + over NFS. It also means that in order to place an exclusive lock, + the file must be opened for writing. + +Fixes: + # semanage fcontext -d -e /home /tmp/testdir + libsemanage.semanage_get_lock: Error obtaining direct transaction lock at /var/lib/selinux/targeted/semanage.trans.LOCK. (Bad file descriptor). + OSError: Bad file descriptor + +Signed-off-by: Petr Lautrbach +Acked-by: James Carter + +Conflict:NA +Reference:https://github.com/SELinuxProject/selinux/commit/267d4f9bf5bce81eaaf2192ea297db0fadc173b9 + +--- + src/semanage_store.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/src/semanage_store.c b/src/semanage_store.c +index 0ac2e5b2..c26f5667 100644 +--- a/src/semanage_store.c ++++ b/src/semanage_store.c +@@ -1899,14 +1899,12 @@ static int semanage_get_lock(semanage_handle_t * sh, + struct timeval origtime, curtime; + int got_lock = 0; + +- if ((fd = open(lock_file, O_RDONLY)) == -1) { +- if ((fd = +- open(lock_file, O_RDWR | O_CREAT | O_TRUNC, +- S_IRUSR | S_IWUSR)) == -1) { +- ERR(sh, "Could not open direct %s at %s.", lock_name, +- lock_file); +- return -1; +- } ++ if ((fd = ++ open(lock_file, O_RDWR | O_CREAT | O_TRUNC, ++ S_IRUSR | S_IWUSR)) == -1) { ++ ERR(sh, "Could not open direct %s at %s.", lock_name, ++ lock_file); ++ return -1; + } + if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) { + ERR(sh, "Could not set close-on-exec for %s at %s.", lock_name, +-- +2.33.0 + diff --git a/backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch b/backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch new file mode 100644 index 0000000000000000000000000000000000000000..468479d3884fa666fa0388fcedb51274d02fd3a9 --- /dev/null +++ b/backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch @@ -0,0 +1,340 @@ +From f1eb41d1061b0aafce406ac6e2352de149d4e641 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 25 Nov 2024 12:18:32 +0100 +Subject: [PATCH] libsemanage: set O_CLOEXEC flag for file descriptors +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Close internal managed file descriptors in case of an concurrent execve. + +Also avoid leaking file descriptors in get_shell_list(). + +Signed-off-by: Christian Göttsche + +Conflict:There is no compressed_file and semanage_setfiles() function +Reference:https://github.com/SELinuxProject/selinux/commit/f1eb41d1061b0aafce406ac6e2352de149d4e641 + +--- + src/conf-parse.y | 2 +- + src/database_file.c | 2 +- + src/database_policydb.c | 2 +- + src/direct_api.c | 20 ++++++++++---------- + src/genhomedircon.c | 8 +++++--- + src/parse_utils.c | 2 +- + src/semanage_store.c | 26 +++++++++++++------------- + src/utilities.c | 2 +- + 8 files changed, 33 insertions(+), 31 deletions(-) + +diff --git a/src/conf-parse.y b/src/conf-parse.y +index d6481359..b2b84892 100644 +--- a/src/conf-parse.y ++++ b/src/conf-parse.y +@@ -468,7 +468,7 @@ semanage_conf_t *semanage_conf_parse(const char *config_filename) + if (semanage_conf_init(current_conf) == -1) { + goto cleanup; + } +- if ((semanage_in = fopen(config_filename, "r")) == NULL) { ++ if ((semanage_in = fopen(config_filename, "re")) == NULL) { + /* configuration file does not exist or could not be + * read. THIS IS NOT AN ERROR. just rely on the + * defaults. */ +diff --git a/src/database_file.c b/src/database_file.c +index 42e308d5..a54c5aee 100644 +--- a/src/database_file.c ++++ b/src/database_file.c +@@ -127,7 +127,7 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase) + fname = dbase->path[handle->is_in_transaction]; + + mask = umask(0077); +- str = fopen(fname, "w"); ++ str = fopen(fname, "we"); + umask(mask); + if (!str) { + ERR(handle, "could not open %s for writing: %s", +diff --git a/src/database_policydb.c b/src/database_policydb.c +index da64a3ad..62467d15 100644 +--- a/src/database_policydb.c ++++ b/src/database_policydb.c +@@ -111,7 +111,7 @@ static int dbase_policydb_cache(semanage_handle_t * handle, + + /* Try opening file + * ENOENT is not fatal - we just create an empty policydb */ +- fp = fopen(fname, "rb"); ++ fp = fopen(fname, "rbe"); + if (fp == NULL && errno != ENOENT) { + ERR(handle, "could not open %s for reading: %s", + fname, strerror(errno)); +diff --git a/src/direct_api.c b/src/direct_api.c +index d5299796..85876676 100644 +--- a/src/direct_api.c ++++ b/src/direct_api.c +@@ -594,7 +594,7 @@ static ssize_t map_file(semanage_handle_t *sh, const char *path, char **data, + int fd = -1; + FILE *file = NULL; + +- fd = open(path, O_RDONLY); ++ fd = open(path, O_RDONLY | O_CLOEXEC); + if (fd == -1) { + ERR(sh, "Unable to open %s\n", path); + return -1; +@@ -643,7 +643,7 @@ static int write_file(semanage_handle_t * sh, + int out; + + if ((out = +- open(filename, O_WRONLY | O_CREAT | O_TRUNC, ++ open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, + S_IRUSR | S_IWUSR)) == -1) { + ERR(sh, "Could not open %s for writing.", filename); + return -1; +@@ -830,17 +830,17 @@ static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data, + */ + sigaction(SIGPIPE, &new_signal, &old_signal); + +- retval = pipe(input_fd); ++ retval = pipe2(input_fd, O_CLOEXEC); + if (retval == -1) { + ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno)); + goto cleanup; + } +- retval = pipe(output_fd); ++ retval = pipe2(output_fd, O_CLOEXEC); + if (retval == -1) { + ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno)); + goto cleanup; + } +- retval = pipe(err_fd); ++ retval = pipe2(err_fd, O_CLOEXEC); + if (retval == -1) { + ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno)); + goto cleanup; +@@ -1012,7 +1012,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh, + goto cleanup; + } + +- fp = fopen(fn, "w"); ++ fp = fopen(fn, "we"); + if (fp == NULL) { + ERR(sh, "Unable to open %s module ext file.", modinfo->name); + ret = -1; +@@ -1266,7 +1266,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + } + if (sepol_get_disable_dontaudit(sh->sepolh) == 1) { + FILE *touch; +- touch = fopen(path, "w"); ++ touch = fopen(path, "we"); + if (touch != NULL) { + if (fclose(touch) != 0) { + ERR(sh, "Error attempting to create disable_dontaudit flag."); +@@ -1298,7 +1298,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) + + if (sepol_get_preserve_tunables(sh->sepolh) == 1) { + FILE *touch; +- touch = fopen(path, "w"); ++ touch = fopen(path, "we"); + if (touch != NULL) { + if (fclose(touch) != 0) { + ERR(sh, "Error attempting to create preserve_tunable flag."); +@@ -2142,7 +2142,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh, + switch (enabled) { + case 0: /* disable the module */ + mask = umask(0077); +- fp = fopen(fn, "w"); ++ fp = fopen(fn, "we"); + umask(mask); + + if (fp == NULL) { +@@ -2329,7 +2329,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh, + goto cleanup; + } + +- fp = fopen(fn, "r"); ++ fp = fopen(fn, "re"); + + if (fp == NULL) { + ERR(sh, +diff --git a/src/genhomedircon.c b/src/genhomedircon.c +index fd2f8a89..53673645 100644 +--- a/src/genhomedircon.c ++++ b/src/genhomedircon.c +@@ -218,7 +218,7 @@ static semanage_list_t *get_shell_list(void) + size_t buff_len = 0; + ssize_t len; + +- shells = fopen(PATH_SHELLS_FILE, "r"); ++ shells = fopen(PATH_SHELLS_FILE, "re"); + if (!shells) + return default_shell_list(); + while ((len = getline(&temp, &buff_len, shells)) > 0) { +@@ -227,11 +227,13 @@ static semanage_list_t *get_shell_list(void) + if (semanage_list_push(&list, temp)) { + free(temp); + semanage_list_destroy(&list); ++ fclose(shells); + return default_shell_list(); + } + } + } + free(temp); ++ fclose(shells); + + return list; + } +@@ -503,7 +505,7 @@ static semanage_list_t *make_template(genhomedircon_settings_t * s, + FILE *template_file = NULL; + semanage_list_t *template_data = NULL; + +- template_file = fopen(s->homedir_template_path, "r"); ++ template_file = fopen(s->homedir_template_path, "re"); + if (!template_file) + return NULL; + template_data = semanage_slurp_file_filter(template_file, pred); +@@ -1413,7 +1415,7 @@ int semanage_genhomedircon(semanage_handle_t * sh, + s.h_semanage = sh; + s.policydb = policydb; + +- if (!(out = fopen(s.fcfilepath, "w"))) { ++ if (!(out = fopen(s.fcfilepath, "we"))) { + /* couldn't open output file */ + ERR(sh, "Could not open the file_context file for writing"); + retval = STATUS_ERR; +diff --git a/src/parse_utils.c b/src/parse_utils.c +index 2f33f629..d1d6e930 100644 +--- a/src/parse_utils.c ++++ b/src/parse_utils.c +@@ -45,7 +45,7 @@ void parse_release(parse_info_t * info) + int parse_open(semanage_handle_t * handle, parse_info_t * info) + { + +- info->file_stream = fopen(info->filename, "r"); ++ info->file_stream = fopen(info->filename, "re"); + if (!info->file_stream && (errno != ENOENT)) { + ERR(handle, "could not open file %s: %s", + info->filename, strerror(errno)); +diff --git a/src/semanage_store.c b/src/semanage_store.c +index 5cd2d219..d75aab68 100644 +--- a/src/semanage_store.c ++++ b/src/semanage_store.c +@@ -624,7 +624,7 @@ int semanage_create_store(semanage_handle_t * sh, int create) + if (stat(path, &sb) == -1) { + if (errno == ENOENT && create) { + mask = umask(0077); +- if ((fd = creat(path, S_IRUSR | S_IWUSR)) == -1) { ++ if ((fd = open(path, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR)) == -1) { + umask(mask); + ERR(sh, "Could not create lock file at %s.", + path); +@@ -723,7 +723,7 @@ int semanage_copy_file(const char *src, const char *dst, mode_t mode, + if (n < 0 || n >= PATH_MAX) + return -1; + +- if ((in = open(src, O_RDONLY)) == -1) { ++ if ((in = open(src, O_RDONLY | O_CLOEXEC)) == -1) { + return -1; + } + +@@ -731,7 +731,7 @@ int semanage_copy_file(const char *src, const char *dst, mode_t mode, + mode = S_IRUSR | S_IWUSR; + + mask = umask(0); +- if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC, mode)) == -1) { ++ if ((out = open(tmp, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, mode)) == -1) { + umask(mask); + errsv = errno; + close(in); +@@ -1524,7 +1524,7 @@ int semanage_split_fc(semanage_handle_t * sh) + char buf[PATH_MAX] = { 0 }; + + /* I use fopen here instead of open so that I can use fgets which only reads a single line */ +- file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "r"); ++ file_con = fopen(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL), "re"); + if (!file_con) { + ERR(sh, "Could not open %s for reading.", + semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)); +@@ -1532,14 +1532,14 @@ int semanage_split_fc(semanage_handle_t * sh) + } + + fc = open(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC), +- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); ++ O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); + if (fc < 0) { + ERR(sh, "Could not open %s for writing.", + semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC)); + goto cleanup; + } + hd = open(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL), +- O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); ++ O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, S_IRUSR | S_IWUSR); + if (hd < 0) { + ERR(sh, "Could not open %s for writing.", + semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL)); +@@ -1751,7 +1751,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) + memset(write_buf, 0, sizeof(write_buf)); + snprintf(write_buf, sizeof(write_buf), "%d", commit_number); + if ((fd = +- open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC, ++ open(commit_filename, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, + S_IRUSR | S_IWUSR)) == -1) { + ERR(sh, "Could not open commit number file %s for writing.", + commit_filename); +@@ -1767,7 +1767,7 @@ static int semanage_commit_sandbox(semanage_handle_t * sh) + close(fd); + + /* sync changes in sandbox to filesystem */ +- fd = open(sandbox, O_DIRECTORY); ++ fd = open(sandbox, O_DIRECTORY | O_CLOEXEC); + if (fd == -1) { + ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno); + return -1; +@@ -1901,7 +1901,7 @@ static int semanage_get_lock(semanage_handle_t * sh, + int got_lock = 0; + + if ((fd = +- open(lock_file, O_RDWR | O_CREAT | O_TRUNC, ++ open(lock_file, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, + S_IRUSR | S_IWUSR)) == -1) { + ERR(sh, "Could not open direct %s at %s.", lock_name, + lock_file); +@@ -2045,7 +2045,7 @@ int semanage_direct_get_serial(semanage_handle_t * sh) + semanage_path(SEMANAGE_ACTIVE, SEMANAGE_COMMIT_NUM_FILE); + } + +- if ((fd = open(commit_filename, O_RDONLY)) == -1) { ++ if ((fd = open(commit_filename, O_RDONLY | O_CLOEXEC)) == -1) { + if (errno == ENOENT) { + /* the commit number file does not exist yet, + * so assume that the number is 0 */ +@@ -2158,7 +2158,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in, + semanage_path(SEMANAGE_ACTIVE, file)) == NULL) { + goto cleanup; + } +- if ((infile = fopen(kernel_filename, "r")) == NULL) { ++ if ((infile = fopen(kernel_filename, "re")) == NULL) { + ERR(sh, "Could not open kernel policy %s for reading.", + kernel_filename); + goto cleanup; +@@ -2201,7 +2201,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out, + semanage_path(SEMANAGE_TMP, file)) == NULL) { + goto cleanup; + } +- if ((outfile = fopen(kernel_filename, "wb")) == NULL) { ++ if ((outfile = fopen(kernel_filename, "wbe")) == NULL) { + ERR(sh, "Could not open kernel policy %s for writing.", + kernel_filename); + goto cleanup; +diff --git a/src/utilities.c b/src/utilities.c +index 77b948fa..70b5b677 100644 +--- a/src/utilities.c ++++ b/src/utilities.c +@@ -38,7 +38,7 @@ char *semanage_findval(const char *file, const char *var, const char *delim) + assert(file); + assert(var); + +- if ((fd = fopen(file, "r")) == NULL) ++ if ((fd = fopen(file, "re")) == NULL) + return NULL; + + while (getline(&buff, &buff_len, fd) > 0) { +-- +2.33.0 + diff --git a/libsemanage.spec b/libsemanage.spec index 9c993bc617ac9e03afbab39db2882a20ad37bbf6..0d861fe76617260adc6832830e49370b6209690f 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -3,7 +3,7 @@ Name: libsemanage Version: 3.3 -Release: 5 +Release: 6 License: LGPLv2+ Summary: SELinux binary policy manipulation library URL: https://github.com/SELinuxProject/selinux/wiki @@ -16,6 +16,17 @@ Patch6002: backport-libsemanage-Fall-back-to-semanage_copy_dir-when-rena.patch Patch6003: backport-libsemanage-Fix-USE_AFTER_FREE-CWE-672-in-semanage_direct_get_module_info.patch Patch6004: backport-libsemanage-avoid-double-fclose.patch Patch6005: backport-libsemanage-fix-memory-leak-in-semanage_user_roles.patch +Patch6006: backport-libsemanage-direct_api-INTEGER_OVERFLOW-read_len-rea.patch +Patch6007: backport-libsemanage-open-lock_file-with-O_RDWR.patch +Patch6008: backport-libsemanage-check-memory-allocations.patch +Patch6009: backport-libsemanage-free-resources-on-failed-connect-attempt.patch +Patch6010: backport-libsemanage-fix-asprintf-error-branch.patch +Patch6011: backport-libsemanage-avoid-leak-on-realloc-failure.patch +Patch6012: backport-libsemanage-free-ibdev-names-in-semanage_ibendport_v.patch +Patch6013: backport-libsemanage-check-for-path-formatting-failures.patch +Patch6014: backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch +Patch6015: backport-libsemanage-check-closing-written-files.patch +Patch6016: backport-libsemanage-handle-cil_set_handle_unknown-failure.patch Patch9000: fix-test-failure-with-secilc.patch @@ -112,6 +123,9 @@ make test %changelog +* Fri Mar 14 2025 hugel - 3.3-6 +- backport patches from upstream + * Tue Jun 13 2023 zhangguangzhi - 3.3-5 - backport patches from upstream