selinux: fix a wrong check condition of strcmp()

Message ID	tencent_D6BF2948237359EE0A47338567B88512D106@qq.com (mailing list archive)
State	Rejected
Delegated to:	Paul Moore
Headers	show Return-Path: <selinux-owner@kernel.org> Message-ID: <tencent_D6BF2948237359EE0A47338567B88512D106@qq.com> From: xkernel.wang@foxmail.com To: paul@paul-moore.com, stephen.smalley.work@gmail.com, eparis@parisplace.org Cc: selinux@vger.kernel.org, linux-kernel@vger.kernel.org, Xiaoke Wang <xkernel.wang@foxmail.com> Subject: [PATCH] selinux: fix a wrong check condition of strcmp() Date: Tue, 14 Dec 2021 17:34:43 +0800 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	selinux: fix a wrong check condition of strcmp() \| expand selinux: fix a wrong check condition of strcmp()

Message ID

tencent_D6BF2948237359EE0A47338567B88512D106@qq.com (mailing list archive)

State

Rejected

Delegated to:

Paul Moore

Headers

Message-ID: <tencent_D6BF2948237359EE0A47338567B88512D106@qq.com>
From: xkernel.wang@foxmail.com
To: paul@paul-moore.com, stephen.smalley.work@gmail.com,
        eparis@parisplace.org
Cc: selinux@vger.kernel.org, linux-kernel@vger.kernel.org,
        Xiaoke Wang <xkernel.wang@foxmail.com>
Subject: [PATCH] selinux: fix a wrong check condition of strcmp()
Date: Tue, 14 Dec 2021 17:34:43 +0800
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

selinux: fix a wrong check condition of strcmp() | expand

Commit Message

Xiaoke Wang Dec. 14, 2021, 9:34 a.m. UTC

From: Xiaoke Wang <xkernel.wang@foxmail.com>

strcmp() will return 0 when two strings(s1, s2 for example) are equal.
And if a negative number means s1 < s2. Here seems should use == 0 as
the condition. Otherwise, the value of genfs->fstype can not be
guaranteed.

Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
---
 security/selinux/ss/services.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--

Comments

Stephen Smalley Dec. 14, 2021, 4:14 p.m. UTC | #1

On Tue, Dec 14, 2021 at 4:34 AM <xkernel.wang@foxmail.com> wrote:
>
> From: Xiaoke Wang <xkernel.wang@foxmail.com>
>
> strcmp() will return 0 when two strings(s1, s2 for example) are equal.
> And if a negative number means s1 < s2. Here seems should use == 0 as
> the condition. Otherwise, the value of genfs->fstype can not be
> guaranteed.
>
> Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>

NAK. Look more closely at the code that follows, and understand that
the list is ordered to avoid needing to traverse all of it.

> ---
>  security/selinux/ss/services.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 759d878..c9f6c3a 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2883,7 +2883,7 @@ static inline int __security_genfs_sid(struct selinux_policy *policy,
>
>         for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
>                 cmp = strcmp(fstype, genfs->fstype);
> -               if (cmp <= 0)
> +               if (cmp == 0)
>                         break;
>         }
>
> --

Xiaoke Wang Dec. 14, 2021, 4:48 p.m. UTC | #2

On Wed, Dec 15, 2021 00:14 AM, Stephen Smalley wrote:
> NAK. Look more closely at the code that follows, and understand that
> the list is ordered to avoid needing to traverse all of it.

I am very sorry that I didn't realize that is a sorted list. I read policydb.c
and understand what you comment now. 
Apologize again for disturbing you, and I will read the context as carefully
as possible in the future......

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 759d878..c9f6c3a 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2883,7 +2883,7 @@  static inline int __security_genfs_sid(struct selinux_policy *policy,
 
 	for (genfs = policydb->genfs; genfs; genfs = genfs->next) {
 		cmp = strcmp(fstype, genfs->fstype);
-		if (cmp <= 0)
+		if (cmp == 0)
 			break;
 	}

selinux: fix a wrong check condition of strcmp()

Commit Message

Comments

Patch