From patchwork Thu Aug 18 20:54:49 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Roberts, William C" X-Patchwork-Id: 9288633 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8E86E600CB for ; Thu, 18 Aug 2016 20:56:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 73E5028F25 for ; Thu, 18 Aug 2016 20:56:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6754828F2A; Thu, 18 Aug 2016 20:56:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 852B028F25 for ; Thu, 18 Aug 2016 20:56:17 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,541,1464652800"; d="scan'208";a="18591088" IronPort-PHdr: =?us-ascii?q?9a23=3AI/CuCRGELq/szl0OL44QTp1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ74pMWwAkXT6L1XgUPTWs2DsrQf2rOQ6fyrADFZqdbZ6TZZIcQKD0dEwe?= =?us-ascii?q?wt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEt?= =?us-ascii?q?fre9JIfegoyN2vyo/NWLOkMT1WP7O+85dUjv5UWJ749N0NMkcv5wgjLy4VJwM9?= =?us-ascii?q?xMwm1pIV/B1z3d3eyXuKBZziJLpvg6/NRBW6ipN44xTLhfESh0ezttvJ6jiAPH?= =?us-ascii?q?BTeryjNcFzxO00kAPw+Q9xz+X5HsogPmp+F932+cJsSwQrcqHXyg8KxiUgOyoD?= =?us-ascii?q?sWPD4+tmfMg4p/i7wf6Amsrhpz2YnVbMSRNeFiVr/MdtMdA2xaV4BeUDIFSpiw?= =?us-ascii?q?dKMTHuEBOqBetIC7qFwQ/jWkAgz5G+Lrzj5Bgzn9m7c92ek7DRru3Qo8EtZIu3?= =?us-ascii?q?PR/4a9D7sbTe3glPqA9j7Edf4DnG6l5Q=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2H+BwDJH7ZX/wHyM5BdGgEBAQGDJYFSpUKUHiCHeEwBAQE?= =?us-ascii?q?BAQEBAgECWyeCMgQDEYIVAgQBAiQTFCAOAwkBARcIIQgIAwEtFREHBwsFGASIE?= =?us-ascii?q?L1ZAQoBAQEjiCqGXxEBhXcFiCMHhXN1QYlxjx4CgWmIAgyFUEiPa1SCDwMcgWx?= =?us-ascii?q?OAYV2gTYBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 18 Aug 2016 20:56:14 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7IKta11015135; Thu, 18 Aug 2016 16:55:42 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7IKss1r005946 for ; Thu, 18 Aug 2016 16:54:54 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7IKsr4X015013; Thu, 18 Aug 2016 16:54:53 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BmBADJH7ZX/yNjr8ZdGgEBAQGDJYFStVuEDIYdAoFyTAEBAQEBAQECXoUGAgQnUhAgMVcHEogxvVkBAQEBAQEEAQEBASOIKoxoBYgjB4VzdUGJcY8eAoFpiA6FUEiPa1SCDwMcgWxOAYcsAQEB X-IPAS-Result: A1BmBADJH7ZX/yNjr8ZdGgEBAQGDJYFStVuEDIYdAoFyTAEBAQEBAQECXoUGAgQnUhAgMVcHEogxvVkBAQEBAQEEAQEBASOIKoxoBYgjB4VzdUGJcY8eAoFpiA6FUEiPa1SCDwMcgWxOAYcsAQEB X-IronPort-AV: E=Sophos;i="5.28,541,1464667200"; d="scan'208";a="5653257" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 18 Aug 2016 16:54:53 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AFk5gsx+Sr62By/9uRHKM819IXTAuvvDOBiVQ1KB8?= =?us-ascii?q?1+wcTK2v8tzYMVDF4r011RmSDNydsa4P0reP++C4ACpbsM7H6ChDOLV3FDY9wf?= =?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?= =?us-ascii?q?K6zPF5LIiIzvjqbpqsSVOVkD3WfkKfMqdVPt/F2X7pFXyaJZaY8JgiPTpXVJf+?= =?us-ascii?q?kEjUhJHnm02yjG28Gr4ZR4+D5Rsf9yv+RJUKH9YrhqBecAVGduGykP6cbqrRjO?= =?us-ascii?q?SxeUrjtZCz1O00kAPw+Q9xz+X5HsogPmp+F932+cJsSwQrcqHXyg8KxiUgOyoD?= =?us-ascii?q?sWPD4+tmfMg4p/i7wf6Amsrhpz2YnVbMSRNeFiVr/MdtMdA2xaV4BeUDIFSpiw?= =?us-ascii?q?dKMTHuEBOqBetIC7qFwQ/jWkAgz5G+Lrzj5Bgzn9m7c92ek7DRru3Qo8EtZIu3?= =?us-ascii?q?PR/4a9D7sbTe3glPqA9j7Edf4DnG6lsIU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0H8BwDJH7ZX/yNjr8ZdGgEBAQGDJYFSp?= =?us-ascii?q?UKQGYQMhh0CgXJMAQEBAQEBAQIBAlsngjIEARMBghQCBCdSECAxVwcSiDG9WQE?= =?us-ascii?q?BAQEBAQQBAQEBASKIKoxoBYgjB4VzdUGJcY8eAoFpiA6FUEiPa1SCDwMcgWxOA?= =?us-ascii?q?YcsAQEB?= X-IPAS-Result: =?us-ascii?q?A0H8BwDJH7ZX/yNjr8ZdGgEBAQGDJYFSpUKQGYQMhh0CgXJ?= =?us-ascii?q?MAQEBAQEBAQIBAlsngjIEARMBghQCBCdSECAxVwcSiDG9WQEBAQEBAQQBAQEBA?= =?us-ascii?q?SKIKoxoBYgjB4VzdUGJcY8eAoFpiA6FUEiPa1SCDwMcgWxOAYcsAQEB?= X-IronPort-AV: E=Sophos;i="5.28,541,1464652800"; d="scan'208";a="18591050" Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP; 18 Aug 2016 20:54:52 +0000 Received: from fmsmga001-icc.fm.intel.com ([198.175.99.7]) by fmsmga002-icc.fm.intel.com with ESMTP; 18 Aug 2016 13:54:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.28,541,1464678000"; d="scan'208"; a="1027946318" Received: from lsonntax-mobl1.amr.corp.intel.com (HELO wcrobert-MOBL1.amr.corp.intel.com) ([10.254.185.46]) by fmsmga001.fm.intel.com with ESMTP; 18 Aug 2016 13:54:51 -0700 From: william.c.roberts@intel.com To: selinux@tycho.nsa.gov, jwcart2@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov Subject: [PATCH 2/2] libsepol: port str_read from kernel Date: Thu, 18 Aug 2016 13:54:49 -0700 Message-Id: <1471553689-14551-2-git-send-email-william.c.roberts@intel.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1471553689-14551-1-git-send-email-william.c.roberts@intel.com> References: <1471553689-14551-1-git-send-email-william.c.roberts@intel.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: William Roberts Rather than duplicating the following sequence: 1. Read len from file 2. alloc up space based on 1 3. read the contents into the buffer from 2 4. null terminate the buffer from 2 Use the str_read() function that is in the kernel, which collapses steps 2 and 4. This not only reduces redundant code, but also has the side-affect of providing a central check on zero_or_saturated lengths from step 1 when generating string values. Signed-off-by: William Roberts --- libsepol/src/conditional.c | 9 +------ libsepol/src/module.c | 66 ++++++++++++++++++++++------------------------ libsepol/src/policydb.c | 10 +------ libsepol/src/private.h | 1 + libsepol/src/services.c | 33 +++++++++++++++++++++++ 5 files changed, 68 insertions(+), 51 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index 8680eb2..e1bc961 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -589,15 +589,8 @@ int cond_read_bool(policydb_t * p, goto err; len = le32_to_cpu(buf[2]); - if (zero_or_saturated(len)) + if (str_read(&key, fp, len)) goto err; - key = malloc(len + 1); - if (!key) - goto err; - rc = next_entry(key, fp, len); - if (rc < 0) - goto err; - key[len] = 0; if (p->policy_type != POLICY_KERN && p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) { diff --git a/libsepol/src/module.c b/libsepol/src/module.c index f25df95..a9d7c54 100644 --- a/libsepol/src/module.c +++ b/libsepol/src/module.c @@ -793,26 +793,26 @@ int sepol_module_package_info(struct sepol_policy_file *spf, int *type, i); goto cleanup; } + len = le32_to_cpu(buf[0]); - if (zero_or_saturated(len)) { - ERR(file->handle, - "invalid module name length: 0x%"PRIx32, - len); - goto cleanup; - } - *name = malloc(len + 1); - if (!*name) { - ERR(file->handle, "out of memory"); - goto cleanup; - } - rc = next_entry(*name, file, len); - if (rc < 0) { - ERR(file->handle, - "cannot get module name string (at section %u)", - i); + if (str_read(name, file, len)) { + switch(rc) { + case EINVAL: + ERR(file->handle, + "invalid module name length: 0x%"PRIx32, + len); + break; + case ENOMEM: + ERR(file->handle, "out of memory"); + break; + default: + ERR(file->handle, + "cannot get module name string (at section %u)", + i); + } goto cleanup; } - (*name)[len] = '\0'; + rc = next_entry(buf, file, sizeof(uint32_t)); if (rc < 0) { ERR(file->handle, @@ -821,25 +821,23 @@ int sepol_module_package_info(struct sepol_policy_file *spf, int *type, goto cleanup; } len = le32_to_cpu(buf[0]); - if (zero_or_saturated(len)) { - ERR(file->handle, - "invalid module version length: 0x%"PRIx32, - len); - goto cleanup; - } - *version = malloc(len + 1); - if (!*version) { - ERR(file->handle, "out of memory"); - goto cleanup; - } - rc = next_entry(*version, file, len); - if (rc < 0) { - ERR(file->handle, - "cannot get module version string (at section %u)", - i); + if (str_read(version, file, len)) { + switch(rc) { + case EINVAL: + ERR(file->handle, + "invalid module name length: 0x%"PRIx32, + len); + break; + case ENOMEM: + ERR(file->handle, "out of memory"); + break; + default: + ERR(file->handle, + "cannot get module version string (at section %u)", + i); + } goto cleanup; } - (*version)[len] = '\0'; seen |= SEEN_MOD; break; default: diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 5f888d3..cdb3cde 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -1911,19 +1911,11 @@ static int perm_read(policydb_t * p goto bad; len = le32_to_cpu(buf[0]); - if (zero_or_saturated(len)) + if(str_read(&key, fp, len)) goto bad; perdatum->s.value = le32_to_cpu(buf[1]); - key = malloc(len + 1); - if (!key) - goto bad; - rc = next_entry(key, fp, len); - if (rc < 0) - goto bad; - key[len] = 0; - if (hashtab_insert(h, key, perdatum)) goto bad; diff --git a/libsepol/src/private.h b/libsepol/src/private.h index 0beb4d4..b884c23 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -65,3 +65,4 @@ extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version, extern int next_entry(void *buf, struct policy_file *fp, size_t bytes) hidden; extern size_t put_entry(const void *ptr, size_t size, size_t n, struct policy_file *fp) hidden; +extern int str_read(char **strp, struct policy_file *fp, size_t len) hidden; diff --git a/libsepol/src/services.c b/libsepol/src/services.c index d2b80b4..f61f692 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -1679,6 +1679,39 @@ size_t hidden put_entry(const void *ptr, size_t size, size_t n, } /* + * Reads a string and null terminates it from the policy file. + * This is a port of str_read from the SE Linux kernel code. + * + * It returns: + * 0 - Success + * EINVAL - len is no good + * ENOMEM - allocation failed + * or any error possible from next_entry(). + */ +int hidden str_read(char **strp, struct policy_file *fp, size_t len) +{ + int rc; + char *str; + + if (zero_or_saturated(len)) + return EINVAL; + + str = malloc(len + 1); + if (!str) + return ENOMEM; + + /* it's expected the caller should free the str */ + *strp = str; + + rc = next_entry(str, fp, len); + if (rc) + return rc; + + str[len] = '\0'; + return 0; +} + +/* * Read a new set of configuration data from * a policy database binary representation file. *