Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2224] branches/stable/1_0/libsepol
|
From: <kma...@us...> - 2007-02-06 15:12:50
|
Revision: 2224
http://svn.sourceforge.net/selinux/?rev=2224&view=rev
Author: kmacmillan
Date: 2007-02-06 07:12:45 -0800 (Tue, 06 Feb 2007)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsepol: check for unmet requires on sensitivities and categories (Was: Re: core dump)
Date: Tue, 06 Feb 2007 08:06:36 -0500
On Tue, 2007-02-06 at 07:40 -0500, Stephen Smalley wrote:
> On Tue, 2007-02-06 at 04:12 +0200, Stefanos Harhalakis wrote:
> > I had this issue today:
> >
> > # semodule -i logging.pp
> > Segmentation fault (core dumped)
> >
> > I traced this a bit and it seems that this is because of libsepol.
> > The core dump is the result of lines 602:603 of link.c:
> >
> > (gdb) bt
> > #0 0xb7f732fd in sens_copy_callback (key=0x848c2a0 "s15", datum=0x848c290, data=0xbfde3854) at link.c:602
> > #1 0xb7f6f8a1 in hashtab_map (h=0x846cbf0, apply=0xb7f731d1 <sens_copy_callback>, args=0xbfde3854) at hashtab.c:214
> > #2 0xb7f75528 in copy_identifiers (state=0xbfde3854, src_symtab=0x843cc74, dest_decl=0x0) at link.c:1323
> > #3 0xb7f77c72 in link_modules (handle=0x804c710, b=0x80525b8, mods=0x863ce18, len=19, verbose=0) at link.c:2178
> > #4 0xb7f7a2c9 in sepol_link_packages (handle=0x804c710, base=0x8053060, modules=0x80543c8, num_modules=19, verbose=0) at module.c:302
> >
> > Where:
> >
> > (gdb) l
> > 597 state->cur_mod_name);
> > 598 return -SEPOL_LINK_NOTSUP;
> > 599 }
> > 600 }
> > 601
> > 602 state->cur->map[SYM_LEVELS][level->level->sens - 1] =
> > 603 base_level->level->sens;
> > 604
> > 605 return 0;
> > 606 }
> >
> > Because of:
> >
> > (gdb) p base_level
> > $1 = (level_datum_t *) 0x0
> >
> > The last 'if' checks for !base_level, but inside the 'if' block, only
> > !scope and scope->scope==SCOPE_DECL are checked.
> >
> > This core dump is caused by:
> >
> > (gdb) p scope->scope
> > $2 = 1
> >
> > Which is noted as:
> >
> > /* Required for this decl */
> > #define SCOPE_REQ 1
> >
> > in libsepol/include/sepol/policydb/policydb.h
> >
> > Hope this helps...
>
> Looks like your logging.pp policy module has a requires on sensitivity
> s15 but your base module doesn't declare it. Naturally, that should
> show up as an unfulfilled requirement rather than a seg fault.
Patch below for the stable branch.
Signed-off-by: Stephen Smalley <sd...@ty...>
Acked-by: Karl MacMillan <kma...@me...>
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/src/link.c
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2007-02-06 15:04:03 UTC (rev 2223)
+++ branches/stable/1_0/libsepol/ChangeLog 2007-02-06 15:12:45 UTC (rev 2224)
@@ -1,3 +1,6 @@
+ * Merged libsepol segfault fix from Stephen Smalley for when
+ sensitivities are required but not present in the base.
+
1.16.0 2007-01-18
* Updated version for stable branch.
Modified: branches/stable/1_0/libsepol/src/link.c
===================================================================
--- branches/stable/1_0/libsepol/src/link.c 2007-02-06 15:04:03 UTC (rev 2223)
+++ branches/stable/1_0/libsepol/src/link.c 2007-02-06 15:12:45 UTC (rev 2224)
@@ -597,6 +597,13 @@
state->cur_mod_name);
return -SEPOL_LINK_NOTSUP;
}
+ if (scope->scope == SCOPE_REQ) {
+ /* unmet requirement */
+ ERR(state->handle,
+ "%s: Sensitivity %s not declared by base.\n",
+ state->cur_mod_name, id);
+ return -SEPOL_LINK_NOTSUP;
+ }
}
state->cur->map[SYM_LEVELS][level->level->sens - 1] =
@@ -628,6 +635,13 @@
state->cur_mod_name);
return -SEPOL_LINK_NOTSUP;
}
+ if (scope->scope == SCOPE_REQ) {
+ /* unmet requirement */
+ ERR(state->handle,
+ "%s: Category %s not declared by base.\n",
+ state->cur_mod_name, id);
+ return -SEPOL_LINK_NOTSUP;
+ }
}
state->cur->map[SYM_CATS][cat->s.value - 1] = base_cat->s.value;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
