|
|
74de835 |
From 9e4480b921bb50f59b064e842362b26b87e36bbd Mon Sep 17 00:00:00 2001
|
|
|
74de835 |
From: Chris PeBenito <chpebeni@linux.microsoft.com>
|
|
|
74de835 |
Date: Mon, 24 Aug 2020 09:44:16 -0400
|
|
|
74de835 |
Subject: [PATCH] libselinux: Remove trailing slash on selabel_file lookups.
|
|
|
74de835 |
|
|
|
74de835 |
Having a trailing slash on a file lookup, e.g. "/some/path/", can
|
|
|
74de835 |
cause a different result, for example, when file contexts are written to have
|
|
|
74de835 |
the directory have a different label than the contents. This is inconsistent
|
|
|
74de835 |
with normal Linux behaviors where trailing slashes are ignored.
|
|
|
74de835 |
|
|
|
74de835 |
Many callers already strip the trailing slash before the lookup or users
|
|
|
74de835 |
revise the file contexts to work around this. This fixes it comprehensively.
|
|
|
74de835 |
|
|
|
74de835 |
v2: fix length issues
|
|
|
74de835 |
|
|
|
74de835 |
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
|
|
|
74de835 |
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
|
|
|
74de835 |
---
|
|
|
74de835 |
libselinux/src/label_file.c | 22 ++++++++++++++++++++++
|
|
|
74de835 |
1 file changed, 22 insertions(+)
|
|
|
74de835 |
|
|
|
74de835 |
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
|
|
|
74de835 |
index 412904d14c06..6eeeea68aea4 100644
|
|
|
74de835 |
--- a/libselinux/src/label_file.c
|
|
|
74de835 |
+++ b/libselinux/src/label_file.c
|
|
|
74de835 |
@@ -854,6 +854,7 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
|
|
|
74de835 |
struct saved_data *data = (struct saved_data *)rec->data;
|
|
|
74de835 |
struct spec *spec_arr = data->spec_arr;
|
|
|
74de835 |
int i, rc, file_stem;
|
|
|
74de835 |
+ size_t len;
|
|
|
74de835 |
mode_t mode = (mode_t)type;
|
|
|
74de835 |
char *clean_key = NULL;
|
|
|
74de835 |
const char *prev_slash, *next_slash;
|
|
|
74de835 |
@@ -894,6 +895,27 @@ static const struct spec **lookup_all(struct selabel_handle *rec,
|
|
|
74de835 |
key = clean_key;
|
|
|
74de835 |
}
|
|
|
74de835 |
|
|
|
74de835 |
+ /* remove trailing slash */
|
|
|
74de835 |
+ len = strlen(key);
|
|
|
74de835 |
+ if (len == 0) {
|
|
|
74de835 |
+ errno = EINVAL;
|
|
|
74de835 |
+ goto finish;
|
|
|
74de835 |
+ }
|
|
|
74de835 |
+
|
|
|
74de835 |
+ if (key[len - 1] == '/') {
|
|
|
74de835 |
+ /* reuse clean_key from above if available */
|
|
|
74de835 |
+ if (!clean_key) {
|
|
|
74de835 |
+ clean_key = (char *) malloc(len);
|
|
|
74de835 |
+ if (!clean_key)
|
|
|
74de835 |
+ goto finish;
|
|
|
74de835 |
+
|
|
|
74de835 |
+ strncpy(clean_key, key, len - 1);
|
|
|
74de835 |
+ }
|
|
|
74de835 |
+
|
|
|
74de835 |
+ clean_key[len - 1] = '\0';
|
|
|
74de835 |
+ key = clean_key;
|
|
|
74de835 |
+ }
|
|
|
74de835 |
+
|
|
|
74de835 |
sub = selabel_sub_key(data, key);
|
|
|
74de835 |
if (sub)
|
|
|
74de835 |
key = sub;
|
|
|
74de835 |
--
|
|
|
74de835 |
2.29.0
|
|
|
74de835 |
|