[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

Jason Zaman Wed, 05 Oct 2016 09:45:02 -0700

commit:     6f24947db6463e9a29b11a164ea538c7477de268
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 16:28:56 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 16:43:02 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f24947d


sys-libs/libselinux: fix selinux_restorecon realpath logic

Package-Manager: portage-2.3.0

 ...nux-selinux_restorecon-fix-realpath-logic.patch | 76 ++++++++++++++++++++++
 ...2.6_rc1.ebuild => libselinux-2.6_rc1-r1.ebuild} |  1 +
 2 files changed, 77 insertions(+)

diff --git 
a/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
 
b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
new file mode 100644
index 00000000..3a0d7fb
--- /dev/null
+++ 
b/sys-libs/libselinux/files/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch
@@ -0,0 +1,76 @@
+From aa0c824bb2eeb8960ba02133faade72c837ea951 Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <[email protected]>
+Date: Wed, 5 Oct 2016 10:45:35 -0400
+Subject: [PATCH] libselinux: selinux_restorecon: fix realpath logic
+
+The realpath logic in selinux_restorecon() was taken from the
+Android libselinux fork.  However, bionic dirname() and basename()
+do not modify their argument and therefore are safe to call on a
+const string.  POSIX dirname() and basename() can modify their argument.
+There is a GNU basename() that does not modify its argument, but not
+for dirname().
+For portability, create copies of the original pathname for each call
+and keep them around until finished using the result.
+
+Fixes "restorecon -r goes up the tree?" bug reported by Jason Zaman.
+
+Reported-by: Jason Zaman <[email protected]>
+Signed-off-by: Stephen Smalley <[email protected]>
+---
+ libselinux/src/selinux_restorecon.c | 26 +++++++++++++++++++++-----
+ 1 file changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/libselinux/src/selinux_restorecon.c 
b/libselinux/src/selinux_restorecon.c
+index 0945138..e38d1d0 100644
+--- libselinux/src/selinux_restorecon.c
++++ libselinux/src/selinux_restorecon.c
+@@ -797,25 +797,41 @@ int selinux_restorecon(const char *pathname_orig,
+        * realpath of containing dir, then appending last component name.
+        */
+       if (flags.userealpath) {
+-              pathbname = basename((char *)pathname_orig);
++              char *basename_cpy = strdup(pathname_orig);
++              if (!basename_cpy)
++                      goto realpatherr;
++              pathbname = basename(basename_cpy);
+               if (!strcmp(pathbname, "/") || !strcmp(pathbname, ".") ||
+                                           !strcmp(pathbname, "..")) {
+                       pathname = realpath(pathname_orig, NULL);
+-                      if (!pathname)
++                      if (!pathname) {
++                              free(basename_cpy);
+                               goto realpatherr;
++                      }
+               } else {
+-                      pathdname = dirname((char *)pathname_orig);
++                      char *dirname_cpy = strdup(pathname_orig);
++                      if (!dirname_cpy) {
++                              free(basename_cpy);
++                              goto realpatherr;
++                      }
++                      pathdname = dirname(dirname_cpy);
+                       pathdnamer = realpath(pathdname, NULL);
+-                      if (!pathdnamer)
++                      free(dirname_cpy);
++                      if (!pathdnamer) {
++                              free(basename_cpy);
+                               goto realpatherr;
++                      }
+                       if (!strcmp(pathdnamer, "/"))
+                               error = asprintf(&pathname, "/%s", pathbname);
+                       else
+                               error = asprintf(&pathname, "%s/%s",
+                                                   pathdnamer, pathbname);
+-                      if (error < 0)
++                      if (error < 0) {
++                              free(basename_cpy);
+                               goto oom;
++                      }
+               }
++              free(basename_cpy);
+       } else {
+               pathname = strdup(pathname_orig);
+               if (!pathname)
+-- 
+2.7.3
+

diff --git a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild 
b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
similarity index 97%
rename from sys-libs/libselinux/libselinux-2.6_rc1.ebuild
rename to sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
index 84092cb..fe8c78b 100644
--- a/sys-libs/libselinux/libselinux-2.6_rc1.ebuild
+++ b/sys-libs/libselinux/libselinux-2.6_rc1-r1.ebuild
@@ -47,6 +47,7 @@ DEPEND="${RDEPEND}
 src_prepare() {
        if [[ ${PV} != 9999 ]] ; then
                # If needed for live builds, place them in /etc/portage/patches
+               eapply 
"${FILESDIR}/libselinux-2.6-0001-libselinux-selinux_restorecon-fix-realpath-logic.patch"
                eapply 
"${FILESDIR}/libselinux-2.6-0005-use-ruby-include-with-rubylibver.patch"
                eapply 
"${FILESDIR}/libselinux-2.6-0007-build-related-fixes-bug-500674.patch"
        fi

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libselinux/files/, sys-libs/libselinux/

Reply via email to