Red Hat Bugzilla – Bug 149194
unchecked input errors, wrong EOL handling
Last modified: 2007-11-30 17:11:00 EST
Description of problem:
Some utilities in libselinux don't check the input they get correctly and might
use uninitialized data. Also, the libselinux code cannot handle lines at the
end of the file which don't have a newline.
I attach a patch which fixes these problems and improves robustness:
~ use getline() instead of fgets(). The result is that lines can be arbitrarily
long. The memory handling is done in libc, well proved code. No more bogus
message about ignored lines.
~ if fgets() fails for user input, handle this. some functions are designed so
that they cannot fail. In this case the new code simply continues. This is not
good, but more correct than using invalid memory.
~ in setsebool, the creation of the new file could corrupt the old file. The
write return value wasn't checked. While fixing this, I changed the code to
create a temporary file so that the old file is not lost in case the new file
cannot be successfully created.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Created attachment 111243 [details]
patch to fix the mentioned problems
libselinux-1.21.10-3 has this patch applied.