[Selinux-commits] SF.net SVN: selinux: [2075] trunk/libsepol

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2075
          http://svn.sourceforge.net/selinux/?rev=2075&view=rev
Author:   madmethod
Date:     2006-10-31 10:37:56 -0800 (Tue, 31 Oct 2006)

Log Message:
-----------
Author: Karl MacMillan
Email: kma...@me...
Subject: RE: [PATCH] libsepol users in non-mls policy bugfix
Date: Mon, 30 Oct 2006 13:56:47 -0500

On Mon, 2006-10-30 at 13:31 -0500, Joshua Brindle wrote:
> > From: Karl MacMillan [mailto:kma...@me...] 
> > 
> > This patch looks ok, but shouldn't we also stop the segfault 
> > in mls_level_convert? The use of assert there looks like it 
> > is catching what should be a runtime error that should cause 
> > an error message rather than bailing.
> > 
> > Otherwise:
> 
> Yea, I tried thinking of a more elegant way to do it and couldn't come
> up with anything, any suggestions?
> 

You can put the check in mls_level_convert.

> Clearly those assertions only apply to the MLS case, and we caught a
> plain bug because of them, I think they are not user errors.
> 

Yea - I forgot how all of those assertions are used in the link code.
The alternative is below (with some cleanup up error handling that makes
it look larger). Honestly, I don't care which patch.

Karl

Acked-By: Joshua Brindle <jbr...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>

Modified Paths:
--------------
    trunk/libsepol/ChangeLog
    trunk/libsepol/VERSION
    trunk/libsepol/src/link.c

Modified: trunk/libsepol/ChangeLog
===================================================================

--- trunk/libsepol/ChangeLog	2006-10-24 16:09:54 UTC (rev 2074)
+++ trunk/libsepol/ChangeLog	2006-10-31 18:37:56 UTC (rev 2075)
@@ -1,3 +1,7 @@
+1.15.2 2006-10-31
+	* Merged fix from Karl MacMillan for a segfault when linking
+	  non-MLS modules with users in them.
+
 1.15.1 2006-10-24
 	* Merged fix for version comparison that was preventing range
 	  transition rules from being written for a version 5 base policy

Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION	2006-10-24 16:09:54 UTC (rev 2074)
+++ trunk/libsepol/VERSION	2006-10-31 18:37:56 UTC (rev 2075)
@@ -1 +1 @@
-1.15.1
+1.15.2

Modified: trunk/libsepol/src/link.c
===================================================================
--- trunk/libsepol/src/link.c	2006-10-24 16:09:54 UTC (rev 2074)
+++ trunk/libsepol/src/link.c	2006-10-31 18:37:56 UTC (rev 2075)
@@ -827,19 +827,24 @@
 	return -1;
 }
 
-static int mls_level_convert(mls_semantic_level_t * src,
-			     mls_semantic_level_t * dst, policy_module_t * mod)
+static int mls_level_convert(mls_semantic_level_t * src, mls_semantic_level_t * dst,
+			     policy_module_t * mod, link_state_t * state)
 {
 	mls_semantic_cat_t *src_cat, *new_cat;
 
+	if (!mod->policy->mls)
+		return 0;
+
 	assert(mod->map[SYM_LEVELS][src->sens - 1]);
 	dst->sens = mod->map[SYM_LEVELS][src->sens - 1];
 
 	for (src_cat = src->cat; src_cat; src_cat = src_cat->next) {
 		new_cat =
 		    (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
-		if (!new_cat)
+		if (!new_cat) {
+			ERR(state->handle, "Out of memory");
 			return -1;
+		}
 		mls_semantic_cat_init(new_cat);
 
 		new_cat->next = dst->cat;
@@ -854,13 +859,16 @@
 	return 0;
 }
 
-static int mls_range_convert(mls_semantic_range_t * src,
-			     mls_semantic_range_t * dst, policy_module_t * mod)
+static int mls_range_convert(mls_semantic_range_t * src, mls_semantic_range_t * dst,
+			     policy_module_t * mod, link_state_t * state)
 {
-	if (mls_level_convert(&src->level[0], &dst->level[0], mod))
-		return -1;
-	if (mls_level_convert(&src->level[1], &dst->level[1], mod))
-		return -1;
+	int ret;
+	ret = mls_level_convert(&src->level[0], &dst->level[0], mod, state);
+	if (ret)
+		return ret;
+	ret = mls_level_convert(&src->level[1], &dst->level[1], mod, state);
+	if (ret)
+		return ret;
 	return 0;
 }
 
@@ -994,10 +1002,10 @@
 		goto cleanup;
 	}
 
-	if (mls_range_convert(&user->range, &new_user->range, mod))
+	if (mls_range_convert(&user->range, &new_user->range, mod, state))
 		goto cleanup;
 
-	if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod))
+	if (mls_level_convert(&user->dfltlevel, &new_user->dfltlevel, mod, state))
 		goto cleanup;
 
 	return 0;
@@ -1224,7 +1232,7 @@
 			}
 		}
 
-		if (mls_range_convert(&rule->trange, &new_rule->trange, mod))
+		if (mls_range_convert(&rule->trange, &new_rule->trange, mod, state))
 			goto cleanup;
 	}
 	return 0;


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


