--- libselinux-1.21.10/src/query_user_context.c.ud	2005-02-17 11:22:46.000000000 -0800
+++ libselinux-1.21.10/src/query_user_context.c	2005-02-20 12:04:50.001377520 -0800
@@ -23,7 +23,8 @@
     {
         printf ("Enter number of choice: ");
         fflush (stdin);
-        fgets (response, sizeof (response), stdin);
+        if (fgets (response, sizeof (response), stdin) == NULL)
+		continue;
         fflush (stdin);
         choice = strtol (response, NULL, 10);
     }
@@ -50,7 +51,8 @@
     if (list[1]) {
             printf ("Do you want to choose a different one? [n]");
             fflush (stdin);
-            fgets (response, sizeof (response), stdin);
+            if (fgets (response, sizeof (response), stdin) == NULL)
+		return -1;
             fflush (stdin);
 
             if ((response[0] == 'y') || (response[0] == 'Y'))
@@ -86,9 +88,11 @@
     {
         printf ("\tEnter %s ", fieldstr);
         fflush (stdin);
-        fgets (newfield, newfieldlen, stdin);
+        if (fgets (newfield, newfieldlen, stdin) == NULL)
+	    continue;
         fflush (stdin);
-        newfield[strlen(newfield)-1] = '\0';
+	if (newfield[strlen(newfield)-1] == '\n')
+	    newfield[strlen(newfield)-1] = '\0';
  
         if (strlen(newfield) == 0)  
         {
@@ -137,8 +141,8 @@
     while (!done)
     {
         printf ("Would you like to enter a security context? [y]");
-        fgets (response, sizeof(response), stdin);
-        if ((response[0] == 'n') || (response[0] == 'N')) {
+        if (fgets (response, sizeof(response), stdin) == NULL
+            || (response[0] == 'n') || (response[0] == 'N')) {
             context_free(new_context);
             return -1;
 	}
--- libselinux-1.21.10/src/matchpathcon.c.ud	2005-02-17 11:22:46.000000000 -0800
+++ libselinux-1.21.10/src/matchpathcon.c	2005-02-20 12:19:39.883094936 -0800
@@ -4,6 +4,7 @@
 #include <string.h>
 #include "selinux_internal.h"
 #include <stdio.h>
+#include <stdio_ext.h>
 #include <stdlib.h>
 #include <ctype.h>
 #include <errno.h>
@@ -401,11 +402,8 @@
 	char *regex, *type, *context;
 	char *anchored_regex;
 	len = strlen(line_buf);
-	if (line_buf[len - 1] != '\n') {
-		myprintf("%s:  line %d is too long, would be truncated, skipping\n", path, lineno); 
-		return 0;
-	}
-	line_buf[len - 1] = 0;
+	if (line_buf[len - 1] == '\n')
+		line_buf[len - 1] = 0;
 	buf_p = line_buf;
 	while (isspace(*buf_p))
 		buf_p++;
@@ -522,7 +520,8 @@
 	FILE *homedirfp;
 	char local_path[PATH_MAX + 1];
 	char homedir_path[PATH_MAX + 1];
-	char line_buf[BUFSIZ + 1];
+	char *line_buf = NULL;
+	size_t line_len = 0;
 	unsigned int lineno, pass, i, j, maxnspec;
 	spec_t *spec_copy;
 	int status=-1;
@@ -532,12 +531,17 @@
 		path = selinux_file_context_path();
 	if ((fp = fopen(path, "r")) == NULL)
 		return -1;
+	__fsetlocking(fp, FSETLOCKING_BYCALLER);
 
 	snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs", path);
 	homedirfp = fopen(homedir_path, "r");
+	if (homedirfp != NULL)
+		__fsetlocking(homedirfp, FSETLOCKING_BYCALLER);
 
 	snprintf(local_path, sizeof(local_path), "%s.local", path);
 	localfp = fopen(local_path, "r");
+	if (localfp != NULL)
+		__fsetlocking(localfp, FSETLOCKING_BYCALLER);
 
 	/* 
 	 * Perform two passes over the specification file.
@@ -551,19 +555,19 @@
 	for (pass = 0; pass < 2; pass++) {
 		lineno = 0;
 		nspec = 0;
-		while (fgets_unlocked(line_buf, sizeof line_buf, fp) && nspec < maxnspec) {
+		while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {
 			if (process_line(path, line_buf, pass, ++lineno) != 0)
 				goto finish;
 		}
 		if (homedirfp) 
-			while (fgets_unlocked(line_buf, sizeof line_buf, homedirfp) && nspec < maxnspec) {
+			while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {
 				if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)
 					goto finish;
 			}
 
 
 		if (localfp) 
-			while (fgets_unlocked(line_buf, sizeof line_buf, localfp) && nspec < maxnspec) {
+			while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {
 				if (process_line(local_path, line_buf, pass, ++lineno) != 0)
 					goto finish;
 			}
@@ -583,6 +587,7 @@
 			if (localfp) rewind(localfp);
 		}
 	}
+	free(line_buf);
 
 	/* Move exact pathname specifications to the end. */
 	spec_copy = malloc(sizeof(spec_t) * nspec);
--- libselinux-1.21.10/utils/setsebool.c.ud	2005-02-17 11:22:47.000000000 -0800
+++ libselinux-1.21.10/utils/setsebool.c	2005-02-20 12:04:50.001377520 -0800
@@ -122,6 +122,7 @@
 	if (permanent) {
 		char **names;
 		const char *bool_file;
+		char *tmp_bool_file;
 		int rc, len, fd, j;
 
 		rc = security_get_boolean_names(&names, &len);
@@ -143,8 +144,9 @@
 
 		/* Open file */
 		bool_file = selinux_booleans_path();
-		fd = open(bool_file, O_CREAT | O_TRUNC | O_WRONLY, 
-							S_IRUSR | S_IWUSR);
+		tmp_bool_file = (char *) alloca (strlen(bool_file) + 8);
+		strcpy(stpcpy(tmp_bool_file, bool_file), ".XXXXXX");
+		fd = mkstemp(tmp_bool_file);
 		if (fd < 0) {
 			fprintf(stderr, 
 				"Error creating boolean file %s\n", 
@@ -157,13 +159,25 @@
 		/* Walk the list in pending memory, writing each to the file */
 		for (j=0; j<len; j++) {
 			char val_str[72];
+			int len;
 			int pending = security_get_boolean_pending(names[j]);
-			snprintf(val_str, sizeof(val_str), "%s=%d\n", 
+			len = snprintf(val_str, sizeof(val_str), "%s=%d\n", 
 							names[j], pending);
-			write(fd, val_str, strlen(val_str));
+			if (write(fd, val_str, len) != len) {
+			close_remove_fail:
+				close(fd);
+			remove_fail:
+				unlink(tmp_bool_file);
+				rollback(list, start, i);
+				return 8;
+			}
 		}
 
+		if (fchmod(fd, S_IRUSR | S_IWUSR) != 0)
+			goto close_remove_fail;
 		close(fd);
+		if (rename(tmp_bool_file, bool_file) != 0)
+			goto remove_fail;
 		syslog(LOG_NOTICE, "%s has been updated.", bool_file);
 	}