[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] policycoreutils: check lstat return value

To: SELinux <selinux@xxxxxxxxxxxxx>
Subject: [PATCH] policycoreutils: check lstat return value
From: serue@xxxxxxxxxx
Date: Mon, 22 Aug 2005 07:08:55 -0500
Sender: owner-selinux@xxxxxxxxxxxxx
User-agent: Mutt/1.5.8i

This patch addresses a potential bug found by Coverity.

I was going to ignore this one at first, but then thought that a
race condition could still cause problems.  The lstat return value
is not checked in sestatus.  This seems safe because it is only
called if lgetfilecon has already succeeded, however it seems
possible that a parent directory context or permission could be
changed between these two calls.

(these were the only two warnings on policycoreutils - now back
to libsepol :)

thanks,
-serge

Index: sestatus/sestatus.c
===================================================================
--- sestatus.orig/sestatus.c
+++ sestatus/sestatus.c
@@ -359,7 +359,12 @@ int main(int argc, char **argv) {
 			printf_tab(fc[i]);
 
 			/* check if this is a symlink */
-			lstat(fc[i],&m);
+			if (lstat(fc[i],&m)) {
+				printf("%s (could not check link status (%s)!)\n",
+						context, strerror(errno));
+				freecon(context);
+				continue;
+			}
 			if( S_ISLNK(m.st_mode) ) {
 				/* print link target context */
 				printf("%s -> ",context);

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Prev by Date: Re: [PATCH] add variable initializer
Next by Date: Re: [PATCH] libsemanage: fix resource leaks
Previous by thread: [PATCH] policycoreutils: needless check
Next by thread: [PATCH 1/6] libsepol: range_trans_clone memory leak
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.