diff --git a/backport-semodule-avoid-toctou-on-output-module.patch b/backport-semodule-avoid-toctou-on-output-module.patch new file mode 100644 index 0000000000000000000000000000000000000000..ee4779396b0f2ac4393fec1ea1543a66a5fa1fab --- /dev/null +++ b/backport-semodule-avoid-toctou-on-output-module.patch @@ -0,0 +1,48 @@ +From 6d02b2fa29954e239721907e1fce238f25ea4f2f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Fri, 20 May 2022 15:19:52 +0200 +Subject: [PATCH] semodule: avoid toctou on output module +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not check for file existence and open afterwards, open with the +exclusive flag (supported in Glibc and musl 0.9.6 and also standardized +in C11). + +Found by GitHub CodeQL. + +Signed-off-by: Christian Göttsche +Acked-by: Nicolas Iooss +--- + policycoreutils/semodule/semodule.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c +index 1ed8e690..48bc28dd 100644 +--- a/policycoreutils/semodule/semodule.c ++++ b/policycoreutils/semodule/semodule.c +@@ -550,15 +550,12 @@ int main(int argc, char *argv[]) + goto cleanup_extract; + } + +- if (access(output_path, F_OK) == 0) { +- fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext); +- result = -1; +- goto cleanup_extract; +- } +- +- output_fd = fopen(output_path, "w"); ++ output_fd = fopen(output_path, "wx"); + if (output_fd == NULL) { +- fprintf(stderr, "%s: Unable to open %s\n", argv[0], output_path); ++ if (errno == EEXIST) ++ fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext); ++ else ++ fprintf(stderr, "%s: Unable to open %s: %s\n", argv[0], output_path, strerror(errno)); + result = -1; + goto cleanup_extract; + } +-- +2.12.3 + diff --git a/policycoreutils.spec b/policycoreutils.spec index 41263428af916caaf6f848554772b78c2a890023..c6d8bbe8e5d0927812768d9aaaa12151e9397d32 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -21,6 +21,7 @@ Patch3: backport-newrole-ensure-password-memory-erasure.patch Patch4: backport-semodule_package-Close-leaking-fd.patch Patch5: backport-python-Split-semanage-import-into-two-transactions.patch Patch6: backport-python-audit2allow-close-file-stream-on-error.patch +Patch7: backport-semodule-avoid-toctou-on-output-module.patch BuildRequires: gcc BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3 libcap-devel audit-libs-devel gettext @@ -261,6 +262,9 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \ %{_mandir}/* %changelog +* Thu Dec 1 2022 wanghuizhao - 3.3-3 +- backport patches from upstream + * Tue Nov 15 2022 shenxiangwei - 3.3-3 - backport patches from upstream