From patchwork Fri Aug 19 15:51:28 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Roberts, William C" X-Patchwork-Id: 9290491 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AA436607FF for ; Fri, 19 Aug 2016 15:54:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 99BC3292D9 for ; Fri, 19 Aug 2016 15:54:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8E5E2293D0; Fri, 19 Aug 2016 15:54:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B2F5E292D9 for ; Fri, 19 Aug 2016 15:54:53 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,544,1464652800"; d="scan'208";a="18610410" IronPort-PHdr: =?us-ascii?q?9a23=3AC5L89R+h2vxyA/9uRHKM819IXTAuvvDOBiVQ1KB8?= =?us-ascii?q?0O0cTK2v8tzYMVDF4r011RmSDNydsawP2rCe8/i5HzdRudDZ6DFKWacPfidNsd?= =?us-ascii?q?8RkQ0kDZzNImzAB9muURYHGt9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3BPAZ4?= =?us-ascii?q?bt74BpTVx5zukbvjotuJPU4Z3nL9Oeo0d0Tu612J94E/ushLEu4J0BzHo39FKa?= =?us-ascii?q?x95FhDAhatpSv6/dq655V58i5d6LoL/s9EVrjmLexjFeQLRAk8NygJwOGj9Vya?= =?us-ascii?q?FUrcrkcbB34blhtOHhjt8ADxXpC3tDDz8OV6xm3SP9L9RKooAxy+/qxrT1nuky?= =?us-ascii?q?5BODkntCnMh8V2gLhcoR7kox1k36bIcYqVM7x4ZaqbctQEASJaUt15Sz1KAoT6?= =?us-ascii?q?aZAGSeUGI7V2tY748kQPqR+/DAzqD6X1zTVFnGPt9aw8z+klVwrB2V9zV+kSuW?= =?us-ascii?q?jZ+Y2mfJwZVvq4meyRlTg=3D?= X-IPAS-Result: =?us-ascii?q?A2EeBgCJKrdX/wHyM5BeGgEBAQGDJoFSpUWUHiCHZkwBAQE?= =?us-ascii?q?BAQEBAgECWyeCMgQDEYIVAgQBAiQTFCAOAwkBARcIIQgIAwEtFREHBwsFGASIE?= =?us-ascii?q?LpTAQoBAQEjiCuGXxEBhXcFiCuFc3aKM48eAoFpiAIMhVNIj21Ugg8DHIFsUAG?= =?us-ascii?q?FdoE2AQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 19 Aug 2016 15:54:46 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7JFsifB001473; Fri, 19 Aug 2016 11:54:45 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7JFpZeR025903 for ; Fri, 19 Aug 2016 11:51:35 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7JFpYx4001204; Fri, 19 Aug 2016 11:51:35 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B3BQCZKbdX/yNjr8ZeGgEBAQGDJoFStV6EDIYdAoFgTAEBAQEBAQECXoUGAgQnUhAgMVcHEogxulQBAQEBAQEEAQEBASOIK4xoBYgrhXN2ijOPHgKBaYgOhVNIj21Ugg8DHIFsHDQBhywBAQE X-IPAS-Result: A1B3BQCZKbdX/yNjr8ZeGgEBAQGDJoFStV6EDIYdAoFgTAEBAQEBAQECXoUGAgQnUhAgMVcHEogxulQBAQEBAQEEAQEBASOIK4xoBYgrhXN2ijOPHgKBaYgOhVNIj21Ugg8DHIFsHDQBhywBAQE X-IronPort-AV: E=Sophos;i="5.28,544,1464667200"; d="scan'208";a="5654981" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 19 Aug 2016 11:51:34 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3ADfgJiBHhoM6+ifYIZqw3w51GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ74o8iwAkXT6L1XgUPTWs2DsrQf2rOQ6f6rCDZIoc7Y9itTKNoUD15NoP?= =?us-ascii?q?5VtjRoONSCB0z/IayiRA0BN+MGamVY+WqmO1NeAsf0ag6aiHSz6TkPBke3blIt?= =?us-ascii?q?dazLE4Lfx/66y/q1s8WKJV4Z3XznP/gjdl329VyX7ZhOx9M6a+4Y8VjgmjNwYe?= =?us-ascii?q?NYxGdldxq4vi3XwYOOxqNl6DlaoPk79sRNAu3QdqU8SqFEXnx9azhmrOWijxTI?= =?us-ascii?q?TBOO630ASS1W10MQW0mWpC39C4z8tir8q/pVxDiRPcqwS6s9Hzul8eMjSgDjgT?= =?us-ascii?q?0bbRYl4WrXjYp2l6sdrxW/41RkzofSbJuSNfY7eqLGYfsGVGFBWYBXTCUHDYSi?= =?us-ascii?q?K8MUA/EpIfdTr467oUAH6xS5G1qCHuTqnyBJgnv31Kh82KI7FgvLxhA7N9MIrH?= =?us-ascii?q?nQ6t7yMfRBGdupxbXFmG2QJ8hd3i3wvc2RKkgs?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EdBgCJKrdX/yNjr8ZeGgEBAQGDJoFSp?= =?us-ascii?q?UWQGYQMhh0CgWBMAQEBAQEBAQIBAlsngjIEARMBghQCBCdSECAxVwcSiDG6UwE?= =?us-ascii?q?BAQEBAQQBAQEBASKIK4xoBYgrhXN2ijOPHgKBaYgOhVNIj21Ugg8DHIFsHDQBh?= =?us-ascii?q?ywBAQE?= X-IPAS-Result: =?us-ascii?q?A0EdBgCJKrdX/yNjr8ZeGgEBAQGDJoFSpUWQGYQMhh0CgWB?= =?us-ascii?q?MAQEBAQEBAQIBAlsngjIEARMBghQCBCdSECAxVwcSiDG6UwEBAQEBAQQBAQEBA?= =?us-ascii?q?SKIK4xoBYgrhXN2ijOPHgKBaYgOhVNIj21Ugg8DHIFsHDQBhywBAQE?= X-IronPort-AV: E=Sophos;i="5.28,544,1464652800"; d="scan'208";a="18610305" Received: from fmsmga002-icc.fm.intel.com ([198.175.99.35]) by emsm-gh1-uea11.nsa.gov with ESMTP; 19 Aug 2016 15:51:32 +0000 Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga002-icc.fm.intel.com with ESMTP; 19 Aug 2016 08:51:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos; i="5.28,544,1464678000"; d="scan'208"; a="1017417733" Received: from rskumar-mobl.amr.corp.intel.com (HELO wcrobert-MOBL1.amr.corp.intel.com) ([10.254.189.104]) by orsmga001.jf.intel.com with ESMTP; 19 Aug 2016 08:51:30 -0700 From: william.c.roberts@intel.com To: selinux@tycho.nsa.gov, jwcart2@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov Subject: [PATCH v2 2/2] libsepol: port str_read from kernel Date: Fri, 19 Aug 2016 08:51:28 -0700 Message-Id: <1471621888-18694-2-git-send-email-william.c.roberts@intel.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1471621888-18694-1-git-send-email-william.c.roberts@intel.com> References: <1471621888-18694-1-git-send-email-william.c.roberts@intel.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: William Roberts Rather than duplicating the following sequence: 1. Read len from file 2. alloc up space based on 1 3. read the contents into the buffer from 2 4. null terminate the buffer from 2 Use the str_read() function that is in the kernel, which collapses steps 2 and 4. This not only reduces redundant code, but also has the side-affect of providing a central check on zero_or_saturated lengths from step 1 when generating string values. Signed-off-by: William Roberts --- libsepol/src/conditional.c | 9 +-------- libsepol/src/module.c | 40 ++++++---------------------------------- libsepol/src/policydb.c | 10 +--------- libsepol/src/private.h | 1 + libsepol/src/services.c | 39 ++++++++++++++++++++++++++++++++++++++- 5 files changed, 47 insertions(+), 52 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index 8680eb2..e1bc961 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -589,15 +589,8 @@ int cond_read_bool(policydb_t * p, goto err; len = le32_to_cpu(buf[2]); - if (zero_or_saturated(len)) + if (str_read(&key, fp, len)) goto err; - key = malloc(len + 1); - if (!key) - goto err; - rc = next_entry(key, fp, len); - if (rc < 0) - goto err; - key[len] = 0; if (p->policy_type != POLICY_KERN && p->policyvers >= MOD_POLICYDB_VERSION_TUNABLE_SEP) { diff --git a/libsepol/src/module.c b/libsepol/src/module.c index f25df95..1c2bece 100644 --- a/libsepol/src/module.c +++ b/libsepol/src/module.c @@ -793,26 +793,13 @@ int sepol_module_package_info(struct sepol_policy_file *spf, int *type, i); goto cleanup; } + len = le32_to_cpu(buf[0]); - if (zero_or_saturated(len)) { - ERR(file->handle, - "invalid module name length: 0x%"PRIx32, - len); - goto cleanup; - } - *name = malloc(len + 1); - if (!*name) { - ERR(file->handle, "out of memory"); - goto cleanup; - } - rc = next_entry(*name, file, len); - if (rc < 0) { - ERR(file->handle, - "cannot get module name string (at section %u)", - i); + if (str_read(name, file, len)) { + ERR(file->handle, "%s", strerror(errno)); goto cleanup; } - (*name)[len] = '\0'; + rc = next_entry(buf, file, sizeof(uint32_t)); if (rc < 0) { ERR(file->handle, @@ -821,25 +808,10 @@ int sepol_module_package_info(struct sepol_policy_file *spf, int *type, goto cleanup; } len = le32_to_cpu(buf[0]); - if (zero_or_saturated(len)) { - ERR(file->handle, - "invalid module version length: 0x%"PRIx32, - len); - goto cleanup; - } - *version = malloc(len + 1); - if (!*version) { - ERR(file->handle, "out of memory"); - goto cleanup; - } - rc = next_entry(*version, file, len); - if (rc < 0) { - ERR(file->handle, - "cannot get module version string (at section %u)", - i); + if (str_read(version, file, len)) { + ERR(file->handle, "%s", strerror(errno)); goto cleanup; } - (*version)[len] = '\0'; seen |= SEEN_MOD; break; default: diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 5f888d3..cdb3cde 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -1911,19 +1911,11 @@ static int perm_read(policydb_t * p goto bad; len = le32_to_cpu(buf[0]); - if (zero_or_saturated(len)) + if(str_read(&key, fp, len)) goto bad; perdatum->s.value = le32_to_cpu(buf[1]); - key = malloc(len + 1); - if (!key) - goto bad; - rc = next_entry(key, fp, len); - if (rc < 0) - goto bad; - key[len] = 0; - if (hashtab_insert(h, key, perdatum)) goto bad; diff --git a/libsepol/src/private.h b/libsepol/src/private.h index 0beb4d4..b884c23 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -65,3 +65,4 @@ extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version, extern int next_entry(void *buf, struct policy_file *fp, size_t bytes) hidden; extern size_t put_entry(const void *ptr, size_t size, size_t n, struct policy_file *fp) hidden; +extern int str_read(char **strp, struct policy_file *fp, size_t len) hidden; diff --git a/libsepol/src/services.c b/libsepol/src/services.c index d2b80b4..068759d 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -1639,13 +1639,16 @@ int hidden next_entry(void *buf, struct policy_file *fp, size_t bytes) return -1; break; case PF_USE_MEMORY: - if (bytes > fp->len) + if (bytes > fp->len) { + errno = EOVERFLOW; return -1; + } memcpy(buf, fp->data, bytes); fp->data += bytes; fp->len -= bytes; break; default: + errno = EINVAL; return -1; } return 0; @@ -1679,6 +1682,40 @@ size_t hidden put_entry(const void *ptr, size_t size, size_t n, } /* + * Reads a string and null terminates it from the policy file. + * This is a port of str_read from the SE Linux kernel code. + * + * It returns: + * 0 - Success + * -1 - Failure with errno set + */ +int hidden str_read(char **strp, struct policy_file *fp, size_t len) +{ + int rc; + char *str; + + if (zero_or_saturated(len)) { + errno = EINVAL; + return -1; + } + + str = malloc(len + 1); + if (!str) + return -1; + + /* it's expected the caller should free the str */ + *strp = str; + + /* next_entry sets errno */ + rc = next_entry(str, fp, len); + if (rc) + return rc; + + str[len] = '\0'; + return 0; +} + +/* * Read a new set of configuration data from * a policy database binary representation file. *