Description of problem: Some utilities in libselinux don't check the input they get correctly and might use uninitialized data. Also, the libselinux code cannot handle lines at the end of the file which don't have a newline. I attach a patch which fixes these problems and improves robustness: ~ use getline() instead of fgets(). The result is that lines can be arbitrarily long. The memory handling is done in libc, well proved code. No more bogus message about ignored lines. ~ if fgets() fails for user input, handle this. some functions are designed so that they cannot fail. In this case the new code simply continues. This is not good, but more correct than using invalid memory. ~ in setsebool, the creation of the new file could corrupt the old file. The write return value wasn't checked. While fixing this, I changed the code to create a temporary file so that the old file is not lost in case the new file cannot be successfully created. Version-Release number of selected component (if applicable): libselinux-1.21.10-1 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 111243 [details] patch to fix the mentioned problems
libselinux-1.21.10-3 has this patch applied.