Attachment 377200 Details for Bug 508684 – patch cp segfault with selinux

[patch] patch cp segfault with selinux

coreutils-patch-cp-segfault-bug-508684.patch (text/plain), 4.54 KB, created by Sven Vermeulen (RETIRED) on 2014-05-18 19:02:04 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sven Vermeulen (RETIRED)

Created: 2014-05-18 19:02:04 UTC

Size: 4.54 KB

patch

obsolete

>From d718331e59afb35e56445f3a1597ed74a7f3a3e2 Mon Sep 17 00:00:00 2001
>From: Nicolas Iooss <nicolas.iooss@m4x.org>
>Date: Sat, 4 Jan 2014 03:03:51 +0000
>Subject: [PATCH 1/1] copy: fix a segfault in SELinux context copying code
>
>* src/selinux.c (restorecon_private): On ArchLinux the
>`fakeroot cp -a file1 file2` command segfaulted due
>to getfscreatecon() returning a NULL context.
>So map this to the sometimes ignored ENODATA error,
>rather than crashing.
>* tests/cp/no-ctx.sh: Add a new test case.
>* tests/local.mk: Reference the new test.
>* NEWS: Mention the fix.
>Fixes http://bugs.gnu.org/16335
>---
> NEWS               |    5 ++++
> src/selinux.c      |    5 ++++
> tests/cp/no-ctx.sh |   63 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> tests/local.mk     |    1 +
> 4 files changed, 74 insertions(+), 0 deletions(-)
> create mode 100755 tests/cp/no-ctx.sh
>
>diff --git a/NEWS b/NEWS
>index 3e1f9c6..699a7d3 100644
>--- a/NEWS
>+++ b/NEWS
>@@ -9,6 +9,11 @@ GNU coreutils NEWS                                    -*- outline -*-
>   the context of an existing directory to that of its last copied descendent.
>   [bug introduced in coreutils-8.22]
> 
>+  cp -a, mv, and install --preserve-context, no longer seg fault when running
>+  with SELinux enabled, when copying from file systems that return an error
>+  when reading the SELinux context for a file.
>+  [bug introduced in coreutils-8.22]
>+
> 
> * Noteworthy changes in release 8.22 (2013-12-13) [stable]
> 
>diff --git a/src/selinux.c b/src/selinux.c
>index cd38a81..016db16 100644
>--- a/src/selinux.c
>+++ b/src/selinux.c
>@@ -192,6 +192,11 @@ restorecon_private (char const *path, bool local)
>     {
>       if (getfscreatecon (&tcon) < 0)
>         return rc;
>+      if (!tcon)
>+        {
>+          errno = ENODATA;
>+          return rc;
>+        }
>       rc = lsetfilecon (path, tcon);
>       freecon (tcon);
>       return rc;
>diff --git a/tests/cp/no-ctx.sh b/tests/cp/no-ctx.sh
>new file mode 100755
>index 0000000..3b5eb82
>--- /dev/null
>+++ b/tests/cp/no-ctx.sh
>@@ -0,0 +1,63 @@
>+#!/bin/sh
>+# Ensure we handle file systems returning no SELinux context,
>+# which triggered a segmentation fault in coreutils-8.22.
>+# This test is skipped on systems that lack LD_PRELOAD support; that's fine.
>+# Similarly, on a system that lacks lgetfilecon altogether, skipping it is fine.
>+
>+# Copyright (C) 2014 Free Software Foundation, Inc.
>+
>+# This program is free software: you can redistribute it and/or modify
>+# it under the terms of the GNU General Public License as published by
>+# the Free Software Foundation, either version 3 of the License, or
>+# (at your option) any later version.
>+
>+# This program is distributed in the hope that it will be useful,
>+# but WITHOUT ANY WARRANTY; without even the implied warranty of
>+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>+# GNU General Public License for more details.
>+
>+# You should have received a copy of the GNU General Public License
>+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
>+
>+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
>+print_ver_ cp
>+require_gcc_shared_
>+
>+# Replace each getfilecon and lgetfilecon call with a call to these stubs.
>+cat > k.c <<'EOF' || framework_failure_
>+#include <stdio.h>
>+#include <selinux/selinux.h>
>+#include <errno.h>
>+
>+int getfilecon (const char *path, security_context_t *con)
>+{
>+  /* Leave a marker so we can identify if the function was intercepted.  */
>+  fclose(fopen("preloaded", "w"));
>+
>+  errno=ENODATA;
>+  return -1;
>+}
>+
>+int lgetfilecon (const char *path, security_context_t *con)
>+{ return getfilecon (path, con); }
>+EOF
>+
>+# Then compile/link it:
>+gcc_shared_ k.c k.so \
>+  || skip_ 'failed to build SELinux shared library'
>+
>+touch file_src
>+
>+# New file with SELinux context optionally included
>+LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1
>+
>+# Existing file with SELinux context optionally included
>+LD_PRELOAD=./k.so cp -a file_src file_dst || fail=1
>+
>+# ENODATA should give an immediate error when required to preserve ctx
>+# This is debatable, and maybe we should not fail when no context available?
>+LD_PRELOAD=./k.so cp --preserve=context file_src file_dst && fail=1
>+
>+test -e preloaded || skip_ 'LD_PRELOAD interception failed'
>+
>+Exit $fail
>diff --git a/tests/local.mk b/tests/local.mk
>index dc7341c..9d556f6 100644
>--- a/tests/local.mk
>+++ b/tests/local.mk
>@@ -161,6 +161,7 @@ all_tests =					\
>   tests/rm/ext3-perf.sh				\
>   tests/rm/cycle.sh				\
>   tests/cp/link-heap.sh				\
>+  tests/cp/no-ctx.sh				\
>   tests/misc/tty-eof.pl				\
>   tests/tail-2/inotify-hash-abuse.sh		\
>   tests/tail-2/inotify-hash-abuse2.sh		\
>-- 
>1.7.2.5
>

Actions: View | Diff

Attachments on bug 508684: 375672 | 375674 | 375676 | 377200