diff options
author | William Roberts <william.c.roberts@intel.com> | 2016-02-02 13:46:55 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2016-02-09 12:25:47 -0800 |
commit | 640db2f86f237868d038b2fedc05aad154b5fe43 (patch) | |
tree | b36a2938b94778a6104086139673de837ba7da99 | |
parent | 1482b5b41e36734625a445e58d22a021edf57ffd (diff) | |
download | libselinux-640db2f86f237868d038b2fedc05aad154b5fe43.tar.gz |
read_spec_entry: fail on non-ascii
Inserting non-ascii characters into the following files:
* file_contexts
* property_contexts
* service_contexts
can cause a failure on labeling but still result in a successful
build.
Hard error on non-ascii characters with:
<path>: line 229 error due to: Non-ASCII characters found
Signed-off-by: William Roberts <william.c.roberts@intel.com>
(cherry picked from commit de7b594ace8c4b5343885dcec401bee0977ad7b5)
Change-Id: I3ae442e4673490f1815f3cae4eed494a8d68d1dc
-rw-r--r-- | src/label_android_property.c | 15 | ||||
-rw-r--r-- | src/label_file.h | 16 | ||||
-rw-r--r-- | src/label_internal.h | 2 | ||||
-rw-r--r-- | src/label_support.c | 29 |
4 files changed, 52 insertions, 10 deletions
diff --git a/src/label_android_property.c b/src/label_android_property.c index d7ab4ba..887e32c 100644 --- a/src/label_android_property.c +++ b/src/label_android_property.c @@ -89,10 +89,21 @@ static int process_line(struct selabel_handle *rec, struct saved_data *data = (struct saved_data *)rec->data; spec_t *spec_arr = data->spec_arr; unsigned int nspec = data->nspec; + const char *errbuf = NULL; - items = read_spec_entries(line_buf, 2, &prop, &context); - if (items <= 0) + items = read_spec_entries(line_buf, &errbuf, 2, &prop, &context); + if (items < 0) { + items = errno; + selinux_log(SELINUX_ERROR, + "%s: line %u error due to: %s\n", path, + lineno, errbuf ?: strerror(errno)); + errno = items; + return -1; + } + + if (items == 0) return items; + if (items != 2) { selinux_log(SELINUX_ERROR, "%s: line %u is missing fields\n", path, diff --git a/src/label_file.h b/src/label_file.h index 035315d..901a3d9 100644 --- a/src/label_file.h +++ b/src/label_file.h @@ -1,6 +1,9 @@ #ifndef _SELABEL_FILE_H_ #define _SELABEL_FILE_H_ +#include <errno.h> +#include <string.h> + #include <sys/stat.h> #include "callbacks.h" @@ -390,8 +393,17 @@ static inline int process_line(struct selabel_handle *rec, unsigned int nspec = data->nspec; const char *errbuf = NULL; - items = read_spec_entries(line_buf, 3, ®ex, &type, &context); - if (items <= 0) + items = read_spec_entries(line_buf, &errbuf, 3, ®ex, &type, &context); + if (items < 0) { + rc = errno; + selinux_log(SELINUX_ERROR, + "%s: line %u error due to: %s\n", path, + lineno, errbuf ?: strerror(errno)); + errno = rc; + return -1; + } + + if (items == 0) return items; if (items < 2) { diff --git a/src/label_internal.h b/src/label_internal.h index 0e13833..455d948 100644 --- a/src/label_internal.h +++ b/src/label_internal.h @@ -88,6 +88,6 @@ selabel_validate(struct selabel_handle *rec, * The read_spec_entries function may be used to * replace sscanf to read entries from spec files. */ -extern int read_spec_entries(char *line_buf, int num_args, ...); +extern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...); #endif /* _SELABEL_INTERNAL_H_ */ diff --git a/src/label_support.c b/src/label_support.c index b3ab8ab..e226d51 100644 --- a/src/label_support.c +++ b/src/label_support.c @@ -8,6 +8,7 @@ #include <stdarg.h> #include <ctype.h> #include <string.h> +#include <errno.h> #include "label_internal.h" /* @@ -16,8 +17,16 @@ * property services now use these. */ -/* Read an entry from a spec file (e.g. file_contexts) */ -static inline int read_spec_entry(char **entry, char **ptr, int *len) +/* + * Read an entry from a spec file (e.g. file_contexts) + * entry - Buffer to allocate for the entry. + * ptr - current location of the line to be processed. + * returns - 0 on success and *entry is set to be a null + * terminated value. On Error it returns -1 and + errno will be set. + * + */ +static inline int read_spec_entry(char **entry, char **ptr, int *len, const char **errbuf) { *entry = NULL; char *tmp_buf = NULL; @@ -29,6 +38,11 @@ static inline int read_spec_entry(char **entry, char **ptr, int *len) *len = 0; while (!isspace(**ptr) && **ptr != '\0') { + if (!isascii(**ptr)) { + errno = EINVAL; + *errbuf = "Non-ASCII characters found"; + return -1; + } (*ptr)++; (*len)++; } @@ -44,18 +58,23 @@ static inline int read_spec_entry(char **entry, char **ptr, int *len) /* * line_buf - Buffer containing the spec entries . + * errbuf - Double pointer used for passing back specific error messages. * num_args - The number of spec parameter entries to process. * ... - A 'char **spec_entry' for each parameter. - * returns - The number of items processed. + * returns - The number of items processed. On error, it returns -1 with errno + * set and may set errbuf to a specific error message. * * This function calls read_spec_entry() to do the actual string processing. + * As such, can return anything from that function as well. */ -int hidden read_spec_entries(char *line_buf, int num_args, ...) +int hidden read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...) { char **spec_entry, *buf_p; int len, rc, items, entry_len = 0; va_list ap; + *errbuf = NULL; + len = strlen(line_buf); if (line_buf[len - 1] == '\n') line_buf[len - 1] = '\0'; @@ -85,7 +104,7 @@ int hidden read_spec_entries(char *line_buf, int num_args, ...) return items; } - rc = read_spec_entry(spec_entry, &buf_p, &entry_len); + rc = read_spec_entry(spec_entry, &buf_p, &entry_len, errbuf); if (rc < 0) { va_end(ap); return rc; |