From patchwork Tue Feb  9 21:59:46 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Roberts, William C" <william.c.roberts@intel.com>
X-Patchwork-Id: 8265971
Return-Path: <selinux-bounces@tycho.nsa.gov>
X-Original-To: patchwork-selinux@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 28A81BEEE5
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue,  9 Feb 2016 22:05:09 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 54F862022A
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue,  9 Feb 2016 22:05:08 +0000 (UTC)
Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 362ED20220
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue,  9 Feb 2016 22:05:07 +0000 (UTC)
X-TM-IMSS-Message-ID: <9f1050b2000818f1@nsa.gov>
Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov
	([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id
	9f1050b2000818f1 ; Tue, 9 Feb 2016 17:02:55 -0500
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u19M3FVv032354;
	Tue, 9 Feb 2016 17:03:16 -0500
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u19Lxsbi102913 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Tue, 9 Feb 2016 16:59:54 -0500
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u19LxnWV030949;
	Tue, 9 Feb 2016 16:59:54 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1CeBAAYYbpW/yNjr8ZdGQEBAQEPAQEBAYRJiFyvDIQHhg0CggQBAQEBAQGFTQEBBCdSECAxVxmIG78wAQEBAQYCAR2IB4suBY4biF2NUIFbh2mFLQJEjXtihAVJAYhSAQEB
X-IPAS-Result: 
 A1CeBAAYYbpW/yNjr8ZdGQEBAQEPAQEBAYRJiFyvDIQHhg0CggQBAQEBAQGFTQEBBCdSECAxVxmIG78wAQEBAQYCAR2IB4suBY4biF2NUIFbh2mFLQJEjXtihAVJAYhSAQEB
X-IronPort-AV: E=Sophos;i="5.22,423,1449550800"; d="scan'208";a="5184556"
Received: from emvm-gh1-uea08.nsa.gov ([10.208.42.193])
	by goalie.tycho.ncsc.mil with ESMTP; 09 Feb 2016 16:59:51 -0500
X-TM-IMSS-Message-ID: <9f0d286a000817c0@nsa.gov>
Received: from fmsmga002-icc.fm.intel.com (fmsmga002-icc.fm.intel.com
	[198.175.99.35]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS
	SMTP
	Service 7.1) id 9f0d286a000817c0 ; Tue, 9 Feb 2016 16:59:29 -0500
Received: from fmsmga001-icc.fm.intel.com ([198.175.99.7])
	by fmsmga002-icc.fm.intel.com with ESMTP; 09 Feb 2016 13:59:51 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.22,423,1449561600"; d="scan'208";a="899648600"
Received: from rcavatur-mobl.amr.corp.intel.com (HELO
	wcrobert-MOBL1.amr.corp.intel.com) ([10.252.140.14])
	by fmsmga001.fm.intel.com with ESMTP; 09 Feb 2016 13:59:50 -0800
From: william.c.roberts@intel.com
To: selinux@tycho.nsa.gov
Subject: [PATCH] read_spec_entry: fail on non-ascii
Date: Tue,  9 Feb 2016 13:59:46 -0800
Message-Id: <1455055186-14474-2-git-send-email-william.c.roberts@intel.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1455055186-14474-1-git-send-email-william.c.roberts@intel.com>
References: <1455055186-14474-1-git-send-email-william.c.roberts@intel.com>
X-TM-AS-MML: disable
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: sds@tycho.nsa.gov
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: William Roberts <william.c.roberts@intel.com>

Inserting non-ascii characters into the following files:
 * file_contexts
 * property_contexts
 * service_contexts
can cause a failure on labeling but still result in a successful
build.

Hard error on non-ascii characters with:
<path>:  line 229 error due to: Non-ASCII characters found

Signed-off-by: William Roberts <william.c.roberts@intel.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
---
 libselinux/src/label_android_property.c | 15 +++++++++++++--
 libselinux/src/label_file.h             | 16 ++++++++++++++--
 libselinux/src/label_internal.h         |  2 +-
 libselinux/src/label_support.c          | 29 ++++++++++++++++++++++-------
 4 files changed, 50 insertions(+), 12 deletions(-)

diff --git a/libselinux/src/label_android_property.c b/libselinux/src/label_android_property.c
index fea1f8f..290b438 100644
--- a/libselinux/src/label_android_property.c
+++ b/libselinux/src/label_android_property.c
@@ -89,10 +89,21 @@ static int process_line(struct selabel_handle *rec,
 	struct saved_data *data = (struct saved_data *)rec->data;
 	spec_t *spec_arr = data->spec_arr;
 	unsigned int nspec = data->nspec;
+	const char *errbuf = NULL;
 
-	items = read_spec_entries(line_buf, 2, &prop, &context);
-	if (items <= 0)
+	items = read_spec_entries(line_buf, &errbuf, 2, &prop, &context);
+	if (items < 0) {
+		items = errno;
+		selinux_log(SELINUX_ERROR,
+			"%s:  line %u error due to: %s\n", path,
+			lineno, errbuf ?: strerror(errno));
+		errno = items;
+		return -1;
+	}
+
+	if (items == 0)
 		return items;
+
 	if (items != 2) {
 		selinux_log(SELINUX_ERROR,
 			    "%s:  line %u is missing fields\n", path,
diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h
index beb1fc2..72fed1f 100644
--- a/libselinux/src/label_file.h
+++ b/libselinux/src/label_file.h
@@ -1,6 +1,9 @@
 #ifndef _SELABEL_FILE_H_
 #define _SELABEL_FILE_H_
 
+#include <errno.h>
+#include <string.h>
+
 #include <sys/stat.h>
 
 #include "callbacks.h"
@@ -390,8 +393,17 @@ static inline int process_line(struct selabel_handle *rec,
 	unsigned int nspec = data->nspec;
 	const char *errbuf = NULL;
 
-	items = read_spec_entries(line_buf, 3, &regex, &type, &context);
-	if (items <= 0)
+	items = read_spec_entries(line_buf, &errbuf, 3, &regex, &type, &context);
+	if (items < 0) {
+		rc = errno;
+		selinux_log(SELINUX_ERROR,
+			"%s:  line %u error due to: %s\n", path,
+			lineno, errbuf ?: strerror(errno));
+		errno = rc;
+		return -1;
+	}
+
+	if (items == 0)
 		return items;
 
 	if (items < 2) {
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index cefa80b..aa48fff 100644
--- a/libselinux/src/label_internal.h
+++ b/libselinux/src/label_internal.h
@@ -140,6 +140,6 @@ compat_validate(struct selabel_handle *rec,
  * The read_spec_entries function may be used to
  * replace sscanf to read entries from spec files.
  */
-extern int read_spec_entries(char *line_buf, int num_args, ...);
+extern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...);
 
 #endif				/* _SELABEL_INTERNAL_H_ */
diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
index 324dc51..26f9ef1 100644
--- a/libselinux/src/label_support.c
+++ b/libselinux/src/label_support.c
@@ -10,14 +10,19 @@
 #include <string.h>
 #include <stdio.h>
 #include <errno.h>
+#include <errno.h>
 #include "label_internal.h"
 
 /*
- * The read_spec_entries and read_spec_entry functions may be used to
- * replace sscanf to read entries from spec files. The file and
- * property services now use these.
+ * Read an entry from a spec file (e.g. file_contexts)
+ * entry - Buffer to allocate for the entry.
+ * ptr - current location of the line to be processed.
+ * returns  - 0 on success and *entry is set to be a null
+ *            terminated value. On Error it returns -1 and
+ *            errno will be set.
+ *
  */
-static inline int read_spec_entry(char **entry, char **ptr, int *len)
+static inline int read_spec_entry(char **entry, char **ptr, int *len, const char **errbuf)
 {
 	*entry = NULL;
 	char *tmp_buf = NULL;
@@ -29,6 +34,11 @@ static inline int read_spec_entry(char **entry, char **ptr, int *len)
 	*len = 0;
 
 	while (!isspace(**ptr) && **ptr != '\0') {
+		if (!isascii(**ptr)) {
+			errno = EINVAL;
+			*errbuf = "Non-ASCII characters found";
+			return -1;
+		}
 		(*ptr)++;
 		(*len)++;
 	}
@@ -44,18 +54,23 @@ static inline int read_spec_entry(char **entry, char **ptr, int *len)
 
 /*
  * line_buf - Buffer containing the spec entries .
+ * errbuf   - Double pointer used for passing back specific error messages.
  * num_args - The number of spec parameter entries to process.
  * ...      - A 'char **spec_entry' for each parameter.
- * returns  - The number of items processed.
+ * returns  - The number of items processed. On error, it returns -1 with errno
+ *            set and may set errbuf to a specific error message.
  *
  * This function calls read_spec_entry() to do the actual string processing.
+ * As such, can return anything from that function as well.
  */
-int hidden read_spec_entries(char *line_buf, int num_args, ...)
+int hidden read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
 {
 	char **spec_entry, *buf_p;
 	int len, rc, items, entry_len = 0;
 	va_list ap;
 
+	*errbuf = NULL;
+
 	len = strlen(line_buf);
 	if (line_buf[len - 1] == '\n')
 		line_buf[len - 1] = '\0';
@@ -85,7 +100,7 @@ int hidden read_spec_entries(char *line_buf, int num_args, ...)
 			return items;
 		}
 
-		rc = read_spec_entry(spec_entry, &buf_p, &entry_len);
+		rc = read_spec_entry(spec_entry, &buf_p, &entry_len, errbuf);
 		if (rc < 0) {
 			va_end(ap);
 			return rc;