diff --git a/backport-setfiles-avoid-unsigned-integer-underflow.patch b/backport-setfiles-avoid-unsigned-integer-underflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..bf2c14d1a520be74f7239ed14736a3df5dcdd502 --- /dev/null +++ b/backport-setfiles-avoid-unsigned-integer-underflow.patch @@ -0,0 +1,53 @@ +From fc2e9318d0a1b2ec331f6af25e70358f130d003b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 19 Dec 2023 17:09:33 +0100 +Subject: [PATCH] setfiles: avoid unsigned integer underflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While well-defined unsigned integer underflow might signal a logic +mistake or processing of unchecked user input. Please Clang's undefined +behavior sanitizer: + +restore.c:91:37: runtime error: unsigned integer overflow: 1 - 2 cannot +be represented in type 'unsigned long' + +Signed-off-by: Christian Göttsche +Acked-by: James Carter +--- + policycoreutils/setfiles/restore.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c +index 9d688c6..612cc21 100644 +--- a/policycoreutils/setfiles/restore.c ++++ b/policycoreutils/setfiles/restore.c +@@ -75,8 +75,8 @@ void restore_finish(void) + int process_glob(char *name, struct restore_opts *opts) + { + glob_t globbuf; +- size_t i = 0; +- int len, rc, errors; ++ size_t i, len; ++ int rc, errors; + + memset(&globbuf, 0, sizeof(globbuf)); + +@@ -86,10 +86,10 @@ int process_glob(char *name, struct restore_opts *opts) + return errors; + + for (i = 0; i < globbuf.gl_pathc; i++) { +- len = strlen(globbuf.gl_pathv[i]) - 2; +- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0) ++ len = strlen(globbuf.gl_pathv[i]); ++ if (len > 2 && strcmp(&globbuf.gl_pathv[i][len - 2], "/.") == 0) + continue; +- if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) ++ if (len > 3 && strcmp(&globbuf.gl_pathv[i][len - 3], "/..") == 0) + continue; + rc = selinux_restorecon(globbuf.gl_pathv[i], + opts->restorecon_flags); +-- +2.33.0 + diff --git a/policycoreutils.spec b/policycoreutils.spec index 0593d084c7fb62b2cd1b02013ae518c1f76d1f89..03081d7227f8d416aea10364c01a56d0bd0c40df 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -3,7 +3,7 @@ Name: policycoreutils Version: 3.3 -Release: 10 +Release: 11 Summary: Policy core utilities of selinux License: GPLv2 URL: https://github.com/SELinuxProject @@ -36,6 +36,7 @@ Patch6016: restorecond-remove-dependency-of-glib2.patch Patch6017: backport-newrole-silence-compiler-warnings.patch Patch6018: backport-newrole-use-DJB2a-string-hash-function.patch Patch6019: backport-python-Harden-more-tools-against-rogue-modules.patch +Patch6020: backport-setfiles-avoid-unsigned-integer-underflow.patch BuildRequires: gcc BuildRequires: pam-devel libsepol-static >= 3.3 libsemanage-static >= 3.3 libselinux-devel >= 3.3 libcap-devel audit-libs-devel gettext @@ -276,6 +277,9 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \ %{_mandir}/* %changelog +* Wed Mar 20 2024 yixiangzhike -3.3-11 +- backport patch from upstream to avoid unsigned integer underflow + * Wed Jan 31 2024 zhangruifang -3.3-10 - backport patches from upstream