From patchwork Fri Mar 14 13:17:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 14016880 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDBD91FE470 for ; Fri, 14 Mar 2025 13:17:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958279; cv=none; b=GYb4ngkqhOYagss0zA7ujMSzbOHu/+SsMWR38JlFl/hjhS/PBmIKhmR41iqN2048BRaVbaaiBi3rCPigHD5oNxRJ9kGhCDEB4ReF9yD5KRgB8FjXziTDEt3MNzVLFnOYOllkcQZKfTphcoW+oxlPJfjJ/hQGtITrcpH11gwHpB8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958279; c=relaxed/simple; bh=8Hfhx2JUKrPhHF9vHW43Vvc57gwq/r7NMIp3YKIgezk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ROtomGOOTotk4q5eTZn8NwvlkGAgtOv6z68PE441dbHKLSgiXvGTI8OGnz1k+6Yl9ZD8dlbeAOmKjWgvWM9LORi6B7/xZD7X407IEt/dCLoz54GqDJyh7teHOp2khSEKvLrmR41f4BOeMbyT0W6jYfVlh2M7TwvCC9+jLyncMK0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=XIP+QdRI; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="XIP+QdRI" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1741958276; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=szv4YABbw/t+AMOe0EiF0RtQgjdHHBMeww+FDjrFywY=; b=XIP+QdRIVf0C6CKzMmsUuFJqjoqAldERViDkCG7+oZT+joV4eiUA7sLPAzzSjii8Ja2jDl y8qWj5Rn2gEUEq9wj9bUZYbRSuyskojje3MFY//wr2Npbc9jfwjo1tOm45/Apuv9vd+WuN hUhoi3dIgAmP84lKIUyV3OT+aY80EbvOpA6AtInoA5+KfQFrQFgotBgeeGTmrunROiUsn+ /83mTEAzVNOGZm/3xp9d5e2ILHkS5ZDRRYYKAGDlYPvG/t7aSKU6/cfNJoKIUanYHtsBO9 c5TJeTzihTU0C6i3m2N0II+qPwCqiRTAW40J5vg7zl1BH4uchry4W2ucAWeNOg== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v3 1/4] libselinux: constify global strings Date: Fri, 14 Mar 2025 14:17:51 +0100 Message-ID: <20250314131751.28289-4-cgoettsche@seltendoof.de> In-Reply-To: <20250314131751.28289-1-cgoettsche@seltendoof.de> References: <20250314131751.28289-1-cgoettsche@seltendoof.de> Reply-To: =?utf-8?q?Christian_G=C3=B6ttsche?= Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Declare the read-only encode table const. Drop the only once used global variable selinux_rootpath. Signed-off-by: Christian Göttsche --- libselinux/src/compute_create.c | 2 +- libselinux/src/selinux_config.c | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c index d19baa0b..ff8553bc 100644 --- a/libselinux/src/compute_create.c +++ b/libselinux/src/compute_create.c @@ -33,7 +33,7 @@ static int object_name_encode(const char *objname, char *buffer, size_t buflen) return -1; buffer[offset++] = '+'; } else { - static const char *table = "0123456789ABCDEF"; + static const char *const table = "0123456789ABCDEF"; int l = (code & 0x0f); int h = (code & 0xf0) >> 4; diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c index 1d8cfb71..75db14ba 100644 --- a/libselinux/src/selinux_config.c +++ b/libselinux/src/selinux_config.c @@ -153,7 +153,6 @@ static int setpolicytype(const char *type) } static char *selinux_policyroot = NULL; -static const char *selinux_rootpath = SELINUXDIR; static void init_selinux_config(void) { @@ -312,7 +311,7 @@ int selinux_set_policy_root(const char *path) const char *selinux_path(void) { - return selinux_rootpath; + return SELINUXDIR; } From patchwork Fri Mar 14 13:17:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 14016878 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A99F2E3389 for ; Fri, 14 Mar 2025 13:17:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958278; cv=none; b=hkFiSp5MvHYzMtZNvbWgNv7cGL0CX4+kWHSRRuOFskmAfKdkrJ0olBStbV4kDM8cd1ess0Y+4qG+GjCC6HbKhnOFjKjQTT7Swp8vaJQws65NMShHQ1HxK0KormAUGpX4OpAD+MfD6c0O3o/WNkCq+B2u4nL1G+cNpFt2K21y9yg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958278; c=relaxed/simple; bh=q7rRAqqlQeW7LG80Ex07bSt1LbfFDJe+LlpSTGvSWT0=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=YgVuVCsRhsmv0v0LFTwzvbhiDGZmU7p2Y5UM6WCr1agL1nx0jezFGgqUr7u4aU48OHhjANxjGK6e6uQ9oy5p63CkrbbyAayrK+1rWqYYso1MwG4V3sKcd7QfjLVKx6mx/L8ZeNdmXR4zRe2VWn5ck5/lAmRdpuUEGKn55sqFYLw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=dk89Pxer; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="dk89Pxer" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1741958274; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8dqm5HG3yNURV3/qzDFZrPN99picnYmF3QeLKHxGZpQ=; b=dk89PxerS0/jR3LL779OO5O4CH1E1TmNFMY3ygbWJDNZIeoeuHHp6u+dJiSGtQGEsVV1bu vtBFlAgXanbmMKdWjAOvDFTopSwrXEYhzEcbuAvTcPPLXMYAlhU8IbMfjOsegacowkujus kbWUjiKew271Vw/TOyfzCy9B5ASirNeflFLwY15WN8b806wk5s/OypUAwABjUmJvTp5vPe h+/CdTFH+KvWxtHQ2zvrZAWl8EjOsDeT7yoml3sLne6YtUrdMQP9oG/frlOEahddKalEc0 8+RcQfb64f4DDju5OyHrlEMzQSaxbqjNrI3kF9escvGYx3RPeEG2QHKWroyywQ== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v3 2/4] libselinux: use local instead of global error buffer Date: Fri, 14 Mar 2025 14:17:48 +0100 Message-ID: <20250314131751.28289-1-cgoettsche@seltendoof.de> Reply-To: =?utf-8?q?Christian_G=C3=B6ttsche?= Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Use a function local, and thus thread-safe, buffer for error messages instead of a shared global one. Signed-off-by: Christian Göttsche --- v2: check for valid error buffer in compile_regex() --- libselinux/src/label_file.c | 4 ++-- libselinux/src/label_file.h | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 56e20949..85d42ff2 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -1662,7 +1662,7 @@ static struct lookup_result *lookup_check_node(struct spec_node *node, const cha for (uint32_t i = n->regex_specs_num; i > 0; i--) { /* search in reverse order */ struct regex_spec *rspec = &n->regex_specs[i - 1]; - const char *errbuf = NULL; + char errbuf[256]; int rc; if (child_regex_match && @@ -1673,7 +1673,7 @@ static struct lookup_result *lookup_check_node(struct spec_node *node, const cha if (file_kind != LABEL_FILE_KIND_ALL && rspec->file_kind != LABEL_FILE_KIND_ALL && file_kind != rspec->file_kind) continue; - if (compile_regex(rspec, &errbuf) < 0) { + if (compile_regex(rspec, errbuf, sizeof(errbuf)) < 0) { COMPAT_LOG(SELINUX_ERROR, "Failed to compile regular expression '%s': %s\n", rspec->regex_str, errbuf); goto fail; diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h index 60ebbb47..470e2385 100644 --- a/libselinux/src/label_file.h +++ b/libselinux/src/label_file.h @@ -388,16 +388,22 @@ static inline void sort_specs(struct saved_data *data) sort_spec_node(data->root, NULL); } -static inline int compile_regex(struct regex_spec *spec, const char **errbuf) +static inline int compile_regex(struct regex_spec *spec, char *errbuf, size_t errbuf_size) { const char *reg_buf; char *anchored_regex, *cp; struct regex_error_data error_data; - static char regex_error_format_buffer[256]; size_t len; int rc; bool regex_compiled; + if (!errbuf || errbuf_size == 0) { + errno = EINVAL; + return -1; + } + + *errbuf = '\0'; + /* We really want pthread_once() here, but since its * init_routine does not take a parameter, it's not possible * to use, so we generate the same effect with atomics and a @@ -435,9 +441,8 @@ static inline int compile_regex(struct regex_spec *spec, const char **errbuf) len = strlen(reg_buf); cp = anchored_regex = malloc(len + 3); if (!anchored_regex) { - if (errbuf) - *errbuf = "out of memory"; __pthread_mutex_unlock(&spec->regex_lock); + snprintf(errbuf, errbuf_size, "out of memory"); return -1; } @@ -452,12 +457,7 @@ static inline int compile_regex(struct regex_spec *spec, const char **errbuf) rc = regex_prepare_data(&spec->regex, anchored_regex, &error_data); free(anchored_regex); if (rc < 0) { - if (errbuf) { - regex_format_error(&error_data, - regex_error_format_buffer, - sizeof(regex_error_format_buffer)); - *errbuf = ®ex_error_format_buffer[0]; - } + regex_format_error(&error_data, errbuf, errbuf_size); __pthread_mutex_unlock(&spec->regex_lock); errno = EINVAL; return -1; @@ -624,9 +624,9 @@ static int insert_spec(const struct selabel_handle *rec, struct saved_data *data data->num_specs++; if (rec->validating) { - const char *errbuf = NULL; + char errbuf[256]; - if (compile_regex(&node->regex_specs[id], &errbuf)) { + if (compile_regex(&node->regex_specs[id], errbuf, sizeof(errbuf))) { COMPAT_LOG(SELINUX_ERROR, "%s: line %u has invalid regex %s: %s\n", path, lineno, regex, errbuf); From patchwork Fri Mar 14 13:17:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 14016879 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B5751FA272 for ; Fri, 14 Mar 2025 13:17:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958279; cv=none; b=fgT/HJR9xLaBlogI+ra1tZ6qgeffCrm1m/98IFjUOiS0B6oF3LwE0j3LtCvhv5bQuneWATmifzv4vmOCcxZMIqGvrXBbVGoc2ZCCUDSsob4jyRJO2R+hJDqaVLJo1Rpg7zNCFLKM/tl7sBakHH5sxrSKtY9UXpU4eSF1w662sfw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958279; c=relaxed/simple; bh=6mJtMCynq3/qFJfbuwBFmL6N1mZMD0UPGwHP82/HUQY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kaXKXAWoZzXh8pSo3MXTidRKBqNIvm9nPNQ0kp6Nk7dZ0ViZTavsMt8UrZEJJbY5wcbnmfgvJIf0teV2iVHoI5jxVueVjFnHpaHpkw8FPABOcYwi6XRU0NMuv6tiCmr7egUgIYxFFvgtyZd620YUoHXu3ie5AthXN0RedLoSv3w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=E6mDOeoe; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="E6mDOeoe" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1741958275; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=W8dcfVRtMjJubp4rsFUjaEOXQkYrlFHgM6nWfwVWiio=; b=E6mDOeoeOX6XxHcCLGBW17gdHf+8VAJ7VLAcuAuQvHKLoTTmjGQgYN/viLhim4wFhdkPlw NVc5WKE+PnzfLs68pSi8k9NrSXCccX6Z5VoVm5KMYi7+ZSD0+E/0v2FIKxT07EcE5TOE26 pgN9QDcT4zIdO0ncEVDw+3xRXPvbYJmdx6RdP03HfO9/EWOeATpJsk6eXp9Zz9caCLs690 nZNVCNiZ6b6gfX/SfIm0tu9U1IvXW7kPHP6HoSYhrSDREvDPsWyKjz6vb0Jn8EmOKu4iGK cJMCfBtVju5EZKjIZvgyT8zZTgfG7jpnH3TvkC56B4Xh79GvMv9Ql6ZP9OqJ+Q== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v3 3/4] libselinux: initialize regex arch string in a thread safe way Date: Fri, 14 Mar 2025 14:17:49 +0100 Message-ID: <20250314131751.28289-2-cgoettsche@seltendoof.de> In-Reply-To: <20250314131751.28289-1-cgoettsche@seltendoof.de> References: <20250314131751.28289-1-cgoettsche@seltendoof.de> Reply-To: =?utf-8?q?Christian_G=C3=B6ttsche?= Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Synchronize the initialization of the regex architecture string. Signed-off-by: Christian Göttsche --- libselinux/src/regex.c | 46 ++++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c index 182c8c89..976f00d4 100644 --- a/libselinux/src/regex.c +++ b/libselinux/src/regex.c @@ -30,32 +30,38 @@ #endif #ifdef USE_PCRE2 -char const *regex_arch_string(void) +static pthread_once_t once = PTHREAD_ONCE_INIT; +static char arch_string_buffer[32]; + +static void regex_arch_string_init(void) { - static char arch_string_buffer[32]; - static char const *arch_string = ""; - char const *endianness = NULL; + char const *endianness; int rc; - if (arch_string[0] == '\0') { - if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) - endianness = "el"; - else if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) - endianness = "eb"; + if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) + endianness = "el"; + else if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) + endianness = "eb"; + else { + arch_string_buffer[0] = '\0'; + return; + } - if (!endianness) - return NULL; + rc = snprintf(arch_string_buffer, sizeof(arch_string_buffer), + "%zu-%zu-%s", sizeof(void *), + sizeof(REGEX_ARCH_SIZE_T), + endianness); + if (rc < 0 || (size_t)rc >= sizeof(arch_string_buffer)) { + arch_string_buffer[0] = '\0'; + return; + } +} - rc = snprintf(arch_string_buffer, sizeof(arch_string_buffer), - "%zu-%zu-%s", sizeof(void *), - sizeof(REGEX_ARCH_SIZE_T), - endianness); - if (rc < 0) - abort(); +const char *regex_arch_string(void) +{ + __selinux_once(once, regex_arch_string_init); - arch_string = &arch_string_buffer[0]; - } - return arch_string; + return arch_string_buffer[0] != '\0' ? arch_string_buffer : NULL; } struct regex_data { From patchwork Fri Mar 14 13:17:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 14016881 Received: from server02.seltendoof.de (server02.seltendoof.de [168.119.48.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDB751FDE3A for ; Fri, 14 Mar 2025 13:17:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=168.119.48.163 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958279; cv=none; b=rJyiw6zpokLe5e3Q/j481zW07BIOP0z/exgliFkBqaYebiLolOP1jmIeFInTa8R2WsWAh2EKMnLwI/8fwoXr+lF2q8YKyK1h6/YnLMvtzcqGV6PhiFUr0HuVsx6EOpke4f8RShosXwq38mtDDG1O6eRt7JN1uIfwUmuSvgrUIxI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741958279; c=relaxed/simple; bh=WTSpHsHwq0U8lrbK8pBiEXnUWMqR1OPpzcMABcfh44s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nkowqgOq23zf0o3r1LvKdtqaO89lVLgtre/nwENEsXRlG7oUGvJ1PgS0uZoVBGzk5+2Pb7nDsGpamrtVFc6qOzONh+zf3Lytr+nxEeMZyThUf5XYQOyJDQRqKVbn2P+iA21J6xIf2NT5HP+sbmSjyVvakoVYFE4z0a2yaz/2jvQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de; spf=pass smtp.mailfrom=seltendoof.de; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b=ib5+hjPU; arc=none smtp.client-ip=168.119.48.163 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=seltendoof.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=seltendoof.de header.i=@seltendoof.de header.b="ib5+hjPU" From: =?utf-8?q?Christian_G=C3=B6ttsche?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seltendoof.de; s=2023072701; t=1741958276; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5UogqeOpLKixeY+Le536mRgOEghwgJLh/9gxL7hK4CI=; b=ib5+hjPU+FBJfSmPxfR/U6hUzeJz5XeBeet7ifQY51naQdjSjwERRXGbRvZHL8VX3zSNvr imaEN1EMx6qFsw4bhiQhiEmak56D/OecvwCt+nvUGKhVl3X/8NHTItbT87h7ArZpRKqUkj wCNOx+9NyZ5Du55U9jEp6gtp47T7CyoemwE68g23W9epf7wQqJL9nbufvTg4GPabrvKlkv uVvM2gnVk9h5r5AgtOl3rnmVG6Equ5oIb9GDtcjGnLrg478qN4MC7/nglsQZpJuus4DhD4 XWTeodYL6cXGdTJ9pFirJHKebB1kbl42j3/4IpukqnH2VhOeCl2UZSm6K0wT3A== To: selinux@vger.kernel.org Cc: =?utf-8?q?Christian_G=C3=B6ttsche?= Subject: [PATCH v3 4/4] libselinux: limit fcontext regex path length Date: Fri, 14 Mar 2025 14:17:50 +0100 Message-ID: <20250314131751.28289-3-cgoettsche@seltendoof.de> In-Reply-To: <20250314131751.28289-1-cgoettsche@seltendoof.de> References: <20250314131751.28289-1-cgoettsche@seltendoof.de> Reply-To: =?utf-8?q?Christian_G=C3=B6ttsche?= Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Christian Göttsche Limit the length of regular expression paths in fcontext source definitions to reduce the worst case regex compilation time for abnormal inputs. Reported-by: oss-fuzz (issue 393203212) Signed-off-by: Christian Göttsche --- v3: add in-line comment --- libselinux/src/label_file.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h index 470e2385..67db78e5 100644 --- a/libselinux/src/label_file.h +++ b/libselinux/src/label_file.h @@ -439,6 +439,14 @@ static inline int compile_regex(struct regex_spec *spec, char *errbuf, size_t er reg_buf = spec->regex_str; /* Anchor the regular expression. */ len = strlen(reg_buf); + /* Use a sufficient large upper bound for regular expression lengths + * to limit the compilation time on malformed inputs. */ + if (len >= 4096) { + __pthread_mutex_unlock(&spec->regex_lock); + snprintf(errbuf, errbuf_size, "regex of length %zu too long", len); + errno = EINVAL; + return -1; + } cp = anchored_regex = malloc(len + 3); if (!anchored_regex) { __pthread_mutex_unlock(&spec->regex_lock);