--- libselinux-1.21.10/src/query_user_context.c.ud	2005-02-17 11:22:46.000000000 -0800

+++ libselinux-1.21.10/src/query_user_context.c	2005-02-20 12:04:50.001377520 -0800

@@ -23,7 +23,8 @@

     {

         printf ("Enter number of choice: ");

         fflush (stdin);

-        fgets (response, sizeof (response), stdin);

+        if (fgets (response, sizeof (response), stdin) == NULL)

+		continue;

         fflush (stdin);

         choice = strtol (response, NULL, 10);

     }

@@ -50,7 +51,8 @@

     if (list[1]) {

             printf ("Do you want to choose a different one? [n]");

             fflush (stdin);

-            fgets (response, sizeof (response), stdin);

+            if (fgets (response, sizeof (response), stdin) == NULL)

+		return -1;

             fflush (stdin);

             if ((response[0] == 'y') || (response[0] == 'Y'))

@@ -86,9 +88,11 @@

     {

         printf ("\tEnter %s ", fieldstr);

         fflush (stdin);

-        fgets (newfield, newfieldlen, stdin);

+        if (fgets (newfield, newfieldlen, stdin) == NULL)

+	    continue;

         fflush (stdin);

-        newfield[strlen(newfield)-1] = '\0';

+	if (newfield[strlen(newfield)-1] == '\n')

+	    newfield[strlen(newfield)-1] = '\0';

         if (strlen(newfield) == 0)  

         {

@@ -137,8 +141,8 @@

     while (!done)

     {

         printf ("Would you like to enter a security context? [y]");

-        fgets (response, sizeof(response), stdin);

-        if ((response[0] == 'n') || (response[0] == 'N')) {

+        if (fgets (response, sizeof(response), stdin) == NULL

+            || (response[0] == 'n') || (response[0] == 'N')) {

             context_free(new_context);

             return -1;

 	}

--- libselinux-1.21.10/src/matchpathcon.c.ud	2005-02-17 11:22:46.000000000 -0800

+++ libselinux-1.21.10/src/matchpathcon.c	2005-02-20 12:19:39.883094936 -0800

@@ -4,6 +4,7 @@

 #include <string.h>

 #include "selinux_internal.h"

 #include <stdio.h>

+#include <stdio_ext.h>

 #include <stdlib.h>

 #include <ctype.h>

 #include <errno.h>

@@ -401,11 +402,8 @@

 	char *regex, *type, *context;

 	char *anchored_regex;

 	len = strlen(line_buf);

-	if (line_buf[len - 1] != '\n') {

-		myprintf("%s:  line %d is too long, would be truncated, skipping\n", path, lineno); 

-		return 0;

-	}

-	line_buf[len - 1] = 0;

+	if (line_buf[len - 1] == '\n')

+		line_buf[len - 1] = 0;

 	buf_p = line_buf;

 	while (isspace(*buf_p))

 		buf_p++;

@@ -522,7 +520,8 @@

 	FILE *homedirfp;

 	char local_path[PATH_MAX + 1];

 	char homedir_path[PATH_MAX + 1];

-	char line_buf[BUFSIZ + 1];

+	char *line_buf = NULL;

+	size_t line_len = 0;

 	unsigned int lineno, pass, i, j, maxnspec;

 	spec_t *spec_copy;

 	int status=-1;

@@ -532,12 +531,17 @@

 		path = selinux_file_context_path();

 	if ((fp = fopen(path, "r")) == NULL)

 		return -1;

+	__fsetlocking(fp, FSETLOCKING_BYCALLER);

 	snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs", path);

 	homedirfp = fopen(homedir_path, "r");

+	if (homedirfp != NULL)

+		__fsetlocking(homedirfp, FSETLOCKING_BYCALLER);

 	snprintf(local_path, sizeof(local_path), "%s.local", path);

 	localfp = fopen(local_path, "r");

+	if (localfp != NULL)

+		__fsetlocking(localfp, FSETLOCKING_BYCALLER);

 	/* 

 	 * Perform two passes over the specification file.

@@ -551,19 +555,19 @@

 	for (pass = 0; pass < 2; pass++) {

 		lineno = 0;

 		nspec = 0;

-		while (fgets_unlocked(line_buf, sizeof line_buf, fp) && nspec < maxnspec) {

+		while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {

 			if (process_line(path, line_buf, pass, ++lineno) != 0)

 				goto finish;

 		}

 		if (homedirfp) 

-			while (fgets_unlocked(line_buf, sizeof line_buf, homedirfp) && nspec < maxnspec) {

+			while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {

 				if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)

 					goto finish;

 			}

 		if (localfp) 

-			while (fgets_unlocked(line_buf, sizeof line_buf, localfp) && nspec < maxnspec) {

+			while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {

 				if (process_line(local_path, line_buf, pass, ++lineno) != 0)

 					goto finish;

 			}

@@ -583,6 +587,7 @@

 			if (localfp) rewind(localfp);

 		}

 	}

+	free(line_buf);

 	/* Move exact pathname specifications to the end. */

 	spec_copy = malloc(sizeof(spec_t) * nspec);

--- libselinux-1.21.10/utils/setsebool.c.ud	2005-02-17 11:22:47.000000000 -0800

+++ libselinux-1.21.10/utils/setsebool.c	2005-02-20 12:04:50.001377520 -0800

@@ -122,6 +122,7 @@

 	if (permanent) {

 		char **names;

 		const char *bool_file;

+		char *tmp_bool_file;

 		int rc, len, fd, j;

 		rc = security_get_boolean_names(&names, &len;;

@@ -143,8 +144,9 @@

 		/* Open file */

 		bool_file = selinux_booleans_path();

-		fd = open(bool_file, O_CREAT | O_TRUNC | O_WRONLY, 

-							S_IRUSR | S_IWUSR);

+		tmp_bool_file = (char *) alloca (strlen(bool_file) + 8);

+		strcpy(stpcpy(tmp_bool_file, bool_file), ".XXXXXX");

+		fd = mkstemp(tmp_bool_file);

 		if (fd < 0) {

 			fprintf(stderr, 

 				"Error creating boolean file %s\n", 

@@ -157,13 +159,25 @@

 		/* Walk the list in pending memory, writing each to the file */

 		for (j=0; j

 			char val_str[72];

+			int len;

 			int pending = security_get_boolean_pending(names[j]);

-			snprintf(val_str, sizeof(val_str), "%s=%d\n", 

+			len = snprintf(val_str, sizeof(val_str), "%s=%d\n", 

 							names[j], pending);

-			write(fd, val_str, strlen(val_str));

+			if (write(fd, val_str, len) != len) {

+			close_remove_fail:

+				close(fd);

+			remove_fail:

+				unlink(tmp_bool_file);

+				rollback(list, start, i);

+				return 8;

+			}

 		}

+		if (fchmod(fd, S_IRUSR | S_IWUSR) != 0)

+			goto close_remove_fail;

 		close(fd);

+		if (rename(tmp_bool_file, bool_file) != 0)

+			goto remove_fail;

 		syslog(LOG_NOTICE, "%s has been updated.", bool_file);

 	}