Bug 130360 - policycoreutils sestatus programming bugs
Summary: policycoreutils sestatus programming bugs
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-08-19 16:55 UTC by Steve Grubb
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-31 15:29:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch that fixes the problems listed. (1.09 KB, patch)
2004-08-19 16:56 UTC, Steve Grubb
no flags Details | Diff

Description Steve Grubb 2004-08-19 16:55:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
sestatus has a couple of programming bugs. The first is that the
comparison is too short between command and buf. The author appeared
to be concerned about going past the end of the buffer for command,
but shouldn't be. The problem is that what if command is "doo" and
entry is "doodoo"? It will think they are the same because the
comparison is too short.

atoi is a deprecated function and should not be used in application
that are important.

And most importantly, buf_len was not being decremented leading to an
out of bounds access later at the memcpy.

I do not know who the upstream author(s) is. Please feel free to
coordinate this patch with them. I see NSA, Gentoo, etc. but no
address of where to report bugs.

Version-Release number of selected component (if applicable):
policycoreutils-1.15.5-1

How reproducible:
Didn't try

Steps to Reproduce:
1. Found during code review

Additional info:

Comment 1 Steve Grubb 2004-08-19 16:56:51 UTC
Created attachment 102884 [details]
Patch that fixes the problems listed.

Comment 2 Daniel Walsh 2004-08-25 20:10:11 UTC
Modified your patch a little and applied to 
policycoreutils-1.17.3-4


Comment 3 Steve Grubb 2004-08-31 13:40:56 UTC
Thanks Dan. Have you passed the patch to the upstream author?

Comment 4 Daniel Walsh 2004-08-31 15:25:40 UTC
I passed it on to Smalley, whose package contains it.  Not sure if the
original author is doing anything with it now.

Dan

Comment 5 Steve Grubb 2004-08-31 15:29:17 UTC
OK. Thanks.


Note You need to log in before you can comment on or make changes to this bug.