<br>Fix for bug reported to selinux list (<a href="http://www.nsa.gov/research/selinux/list-archive/1001/31388.shtml">http://www.nsa.gov/research/selinux/list-archive/1001/31388.shtml</a>). <br>Fixes the handling of cases where the sensitivity level of the context contains a mix of raw and <br>
translated levels (ex. s0-SystemHigh or SystemLow-s15:c0.c1023).<br>---<br><br> mcstrans.c | 87 +++++++++++++++++++++++++++++++++++++------------------------<br> 1 file changed, 54 insertions(+), 33 deletions(-)<br><br>
--- mcstrans-0.3.1/src/mcstrans.c 2009-02-16 13:01:15.000000000 -0600<br>+++ mcstrans-0.3.1/src/mcstrans.c.mixed-range 2010-07-12 16:54:08.921270080 -0500<br>@@ -1228,6 +1228,13 @@ trans_context(const security_context_t i<br>
ltrans = compute_trans_from_raw(lrange, domain);<br> if (ltrans)<br> add_cache(domain, lrange, ltrans);<br>+ else {<br>+ ltrans = strdup(lrange);<br>
+ if (! ltrans) {<br>+ log_error("strdup failed %s", strerror(errno));<br>+ exit(1);<br>+ }<br>+ }<br> }<br>
<br> utrans = find_in_hashtable(urange, domain, domain->raw_to_trans);<br>@@ -1235,24 +1242,30 @@ trans_context(const security_context_t i<br> utrans = compute_trans_from_raw(urange, domain);<br>
if (utrans)<br> add_cache(domain, urange, utrans);<br>+ else {<br>+ utrans = strdup(urange);<br>+ if (! utrans) {<br>+ log_error("strdup failed %s", strerror(errno));<br>
+ exit(1);<br>+ }<br>+ }<br> }<br> <br>- if (ltrans && utrans) {<br>- if (strcmp(ltrans, utrans) == 0) {<br>- if (asprintf(&trans, "%s", ltrans) < 0) {<br>
- log_error("asprintf failed %s", strerror(errno));<br>- exit(1);<br>- }<br>- } else {<br>- if (asprintf(&trans, "%s-%s", ltrans, utrans) < 0) {<br>
- log_error("asprintf failed %s", strerror(errno));<br>- exit(1);<br>- }<br>+ if (strcmp(ltrans, utrans) == 0) {<br>+ if (asprintf(&trans, "%s", ltrans) < 0) {<br>
+ log_error("asprintf failed %s", strerror(errno));<br>+ exit(1);<br>+ }<br>+ } else {<br>+ if (asprintf(&trans, "%s-%s", ltrans, utrans) < 0) {<br>
+ log_error("asprintf failed %s", strerror(errno));<br>+ exit(1);<br> }<br>- free(ltrans);<br>- free(utrans);<br>- break;<br>
}<br>+ free(ltrans);<br>+ free(utrans);<br>+ *dashp = '-';<br>+ break;<br> }<br> if (dashp)<br> *dashp = '-';<br>@@ -1333,6 +1346,12 @@ untrans_context(const security_context_t<br>
if (canonical)<br> free(canonical);<br> add_cache(domain, lraw, lrange);<br>+ } else {<br>+ lraw = strdup(lrange);<br>+ if (! lraw) {<br>
+ log_error("strdup failed %s", strerror(errno));<br>+ exit(1);<br>+ }<br> }<br> }<br> <br>@@ -1349,32 +1368,34 @@ untrans_context(const security_context_t<br>
if (canonical)<br> free(canonical);<br> add_cache(domain, uraw, urange);<br>+ } else {<br>+ uraw = strdup(urange);<br>+ if (! uraw) {<br>
+ log_error("strdup failed %s", strerror(errno));<br>+ exit(1);<br>+ }<br> }<br> }<br> <br> <br>- if (lraw && uraw) {<br>
- if (strcmp(lraw, uraw) == 0) {<br>- if (asprintf(&raw, "%s", lraw) < 0) {<br>- log_error("asprintf failed %s", strerror(errno));<br>- exit(1);<br>
- }<br>- } else {<br>- if (asprintf(&raw, "%s-%s", lraw, uraw) < 0) {<br>- log_error("asprintf failed %s", strerror(errno));<br>
- exit(1);<br>- }<br>+ if (strcmp(lraw, uraw) == 0) {<br>+ if (asprintf(&raw, "%s", lraw) < 0) {<br>+ log_error("asprintf failed %s", strerror(errno));<br>
+ exit(1);<br>+ }<br>+ } else {<br>+ if (asprintf(&raw, "%s-%s", lraw, uraw) < 0) {<br>+ log_error("asprintf failed %s", strerror(errno));<br>
+ exit(1);<br> }<br>- free(lraw);<br>- free(uraw);<br>- break;<br>- }<br>- if (lraw)<br>- free(lraw);<br>
- if (uraw)<br>- free(uraw);<br>+ }<br>+ free(lraw);<br>+ free(uraw);<br> *dashp = '-';<br>+ break;<br> }<br>+ if (dashp)<br>
+ *dashp = '-';<br> }<br> <br> if (raw) {<br><br>