Re: [PATCH] Correctly detect unknown classes in sepol_string_to_security_class

2016-06-21 Thread Joshua Brindle 

Stephen Smalley wrote:

On 06/03/2016 11:17 AM, Joshua Brindle wrote:

Bail before running off the end of the class index

Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a
Signed-off-by: Joshua Brindle


Applied this one and then rewrote it to use hashtab_search().
Not sure why it wasn't that way in the first place.


Thank you, that was a much better fix that I should have noticed...




---
  libsepol/src/services.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index d64a8e8..665fcaa 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char 
*class_name,
char *class = NULL;
sepol_security_class_t id;

-   for (id = 1;; id++) {
+   for (id = 1; id<= policydb->p_classes.nprim; id++) {
class = policydb->p_class_val_to_name[id - 1];
if (class == NULL) {
ERR(NULL, "could not convert %s to class id", 
class_name);
@@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char 
*class_name,
return STATUS_SUCCESS;
}
}
+   ERR(NULL, "unrecognized class %s", class_name);
+   return -EINVAL;
  }

  /*





___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH] Correctly detect unknown classes in sepol_string_to_security_class

2016-06-20 Thread Stephen Smalley 
On 06/03/2016 11:17 AM, Joshua Brindle wrote:
> Bail before running off the end of the class index
> 
> Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a
> Signed-off-by: Joshua Brindle 

Applied this one and then rewrote it to use hashtab_search().
Not sure why it wasn't that way in the first place.

> ---
>  libsepol/src/services.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/libsepol/src/services.c b/libsepol/src/services.c
> index d64a8e8..665fcaa 100644
> --- a/libsepol/src/services.c
> +++ b/libsepol/src/services.c
> @@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char 
> *class_name,
>   char *class = NULL;
>   sepol_security_class_t id;
>  
> - for (id = 1;; id++) {
> + for (id = 1; id <= policydb->p_classes.nprim; id++) {
>   class = policydb->p_class_val_to_name[id - 1];
>   if (class == NULL) {
>   ERR(NULL, "could not convert %s to class id", 
> class_name);
> @@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char 
> *class_name,
>   return STATUS_SUCCESS;
>   }
>   }
> + ERR(NULL, "unrecognized class %s", class_name);
> + return -EINVAL;
>  }
>  
>  /*
> 

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH] Correctly detect unknown classes in sepol_string_to_security_class

2016-06-03 Thread Joshua Brindle 

Joshua Brindle wrote:

Bail before running off the end of the class index



This one correctly goes all the way to the end of the classes index, the 
last version did not.



Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a
Signed-off-by: Joshua Brindle
---
  libsepol/src/services.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index d64a8e8..665fcaa 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char 
*class_name,
char *class = NULL;
sepol_security_class_t id;

-   for (id = 1;; id++) {
+   for (id = 1; id<= policydb->p_classes.nprim; id++) {
class = policydb->p_class_val_to_name[id - 1];
if (class == NULL) {
ERR(NULL, "could not convert %s to class id", 
class_name);
@@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char 
*class_name,
return STATUS_SUCCESS;
}
}
+   ERR(NULL, "unrecognized class %s", class_name);
+   return -EINVAL;
  }

  /*


___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.