Bug 130360 - policycoreutils sestatus programming bugs
policycoreutils sestatus programming bugs
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-19 12:55 EDT by Steve Grubb
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-31 11:29:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch that fixes the problems listed. (1.09 KB, patch)
2004-08-19 12:56 EDT, Steve Grubb
no flags Details | Diff

  None (edit)
Description Steve Grubb 2004-08-19 12:55:20 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
sestatus has a couple of programming bugs. The first is that the
comparison is too short between command and buf. The author appeared
to be concerned about going past the end of the buffer for command,
but shouldn't be. The problem is that what if command is "doo" and
entry is "doodoo"? It will think they are the same because the
comparison is too short.

atoi is a deprecated function and should not be used in application
that are important.

And most importantly, buf_len was not being decremented leading to an
out of bounds access later at the memcpy.

I do not know who the upstream author(s) is. Please feel free to
coordinate this patch with them. I see NSA, Gentoo, etc. but no
address of where to report bugs.

Version-Release number of selected component (if applicable):
policycoreutils-1.15.5-1

How reproducible:
Didn't try

Steps to Reproduce:
1. Found during code review

Additional info:
Comment 1 Steve Grubb 2004-08-19 12:56:51 EDT
Created attachment 102884 [details]
Patch that fixes the problems listed.
Comment 2 Daniel Walsh 2004-08-25 16:10:11 EDT
Modified your patch a little and applied to 
policycoreutils-1.17.3-4
Comment 3 Steve Grubb 2004-08-31 09:40:56 EDT
Thanks Dan. Have you passed the patch to the upstream author?
Comment 4 Daniel Walsh 2004-08-31 11:25:40 EDT
I passed it on to Smalley, whose package contains it.  Not sure if the
original author is doing anything with it now.

Dan
Comment 5 Steve Grubb 2004-08-31 11:29:17 EDT
OK. Thanks.

Note You need to log in before you can comment on or make changes to this bug.