[PATCH] mcstrans: bug fix for mixed raw and translated level
Xavier Toth
txtoth at gmail.com
Wed Jul 14 15:14:23 UTC 2010
Fix for bug reported to selinux list (
http://www.nsa.gov/research/selinux/list-archive/1001/31388.shtml).
Fixes the handling of cases where the sensitivity level of the context
contains a mix of raw and
translated levels (ex. s0-SystemHigh or SystemLow-s15:c0.c1023).
---
mcstrans.c | 87
+++++++++++++++++++++++++++++++++++++------------------------
1 file changed, 54 insertions(+), 33 deletions(-)
--- mcstrans-0.3.1/src/mcstrans.c 2009-02-16 13:01:15.000000000 -0600
+++ mcstrans-0.3.1/src/mcstrans.c.mixed-range 2010-07-12
16:54:08.921270080 -0500
@@ -1228,6 +1228,13 @@ trans_context(const security_context_t i
ltrans = compute_trans_from_raw(lrange, domain);
if (ltrans)
add_cache(domain, lrange, ltrans);
+ else {
+ ltrans = strdup(lrange);
+ if (! ltrans) {
+ log_error("strdup failed %s", strerror(errno));
+ exit(1);
+ }
+ }
}
utrans = find_in_hashtable(urange, domain,
domain->raw_to_trans);
@@ -1235,24 +1242,30 @@ trans_context(const security_context_t i
utrans = compute_trans_from_raw(urange, domain);
if (utrans)
add_cache(domain, urange, utrans);
+ else {
+ utrans = strdup(urange);
+ if (! utrans) {
+ log_error("strdup failed %s", strerror(errno));
+ exit(1);
+ }
+ }
}
- if (ltrans && utrans) {
- if (strcmp(ltrans, utrans) == 0) {
- if (asprintf(&trans, "%s", ltrans) < 0) {
- log_error("asprintf failed %s", strerror(errno));
- exit(1);
- }
- } else {
- if (asprintf(&trans, "%s-%s", ltrans, utrans) < 0) {
- log_error("asprintf failed %s", strerror(errno));
- exit(1);
- }
+ if (strcmp(ltrans, utrans) == 0) {
+ if (asprintf(&trans, "%s", ltrans) < 0) {
+ log_error("asprintf failed %s", strerror(errno));
+ exit(1);
+ }
+ } else {
+ if (asprintf(&trans, "%s-%s", ltrans, utrans) < 0) {
+ log_error("asprintf failed %s", strerror(errno));
+ exit(1);
}
- free(ltrans);
- free(utrans);
- break;
}
+ free(ltrans);
+ free(utrans);
+ *dashp = '-';
+ break;
}
if (dashp)
*dashp = '-';
@@ -1333,6 +1346,12 @@ untrans_context(const security_context_t
if (canonical)
free(canonical);
add_cache(domain, lraw, lrange);
+ } else {
+ lraw = strdup(lrange);
+ if (! lraw) {
+ log_error("strdup failed %s", strerror(errno));
+ exit(1);
+ }
}
}
@@ -1349,32 +1368,34 @@ untrans_context(const security_context_t
if (canonical)
free(canonical);
add_cache(domain, uraw, urange);
+ } else {
+ uraw = strdup(urange);
+ if (! uraw) {
+ log_error("strdup failed %s", strerror(errno));
+ exit(1);
+ }
}
}
- if (lraw && uraw) {
- if (strcmp(lraw, uraw) == 0) {
- if (asprintf(&raw, "%s", lraw) < 0) {
- log_error("asprintf failed %s", strerror(errno));
- exit(1);
- }
- } else {
- if (asprintf(&raw, "%s-%s", lraw, uraw) < 0) {
- log_error("asprintf failed %s", strerror(errno));
- exit(1);
- }
+ if (strcmp(lraw, uraw) == 0) {
+ if (asprintf(&raw, "%s", lraw) < 0) {
+ log_error("asprintf failed %s", strerror(errno));
+ exit(1);
+ }
+ } else {
+ if (asprintf(&raw, "%s-%s", lraw, uraw) < 0) {
+ log_error("asprintf failed %s", strerror(errno));
+ exit(1);
}
- free(lraw);
- free(uraw);
- break;
- }
- if (lraw)
- free(lraw);
- if (uraw)
- free(uraw);
+ }
+ free(lraw);
+ free(uraw);
*dashp = '-';
+ break;
}
+ if (dashp)
+ *dashp = '-';
}
if (raw) {
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100714/dacf91ae/attachment.html
More information about the selinux
mailing list