packages/libselinux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!37 [sync] PR-36: backport patch

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot 2023-04-13 01:26:24 +00:00 committed by Gitee
commit 2f93e7a35f
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 71 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
backport-libselinux-correctly-hash-specfiles-larger-than-4G.patch Normal file
View File

@ -0,0 +1,66 @@
From e17619792fa1e342c7f0a819077129adff438cd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 13 Apr 2022 17:56:33 +0200
Subject: [PATCH] libselinux: correctly hash specfiles larger than 4G
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The internal Sha1Update() functions only handles buffers up to a size of
UINT32_MAX, due to its usage of the type uint32_t. This causes issues
when processing more than UINT32_MAX bytes, e.g. with a specfile larger
than 4G. 0aa974a4 ("libselinux: limit has buffer size") tried to
address this issue, but failed since the overflow check
if (digest->hashbuf_size + buf_len < digest->hashbuf_size) {
will be done in the widest common type, which is size_t, the type of
`buf_len`.
Revert the type of `hashbuf_size` to size_t and instead process the data
in blocks of supported size.
Acked-by: James Carter <jwcart2@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reverts: 0aa974a4 ("libselinux: limit has buffer size")
Reference:https://github.com/SELinuxProjrct/selinux/commit/e17619792fa1e342c7f0a819077129adff438cd1
Confilict delete modified label_internal.h
---
libselinux/src/label_support.c | 14 +++++++++++++-
1 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/src/label_support.c b/src/label_support.c
index 94ed6e42..54fd49a5 100644
--- a/src/label_support.c
+++ b/src/label_support.c
@@ -116,13 +116,25 @@ int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
void digest_gen_hash(struct selabel_digest *digest)
{
Sha1Context context;
+ size_t remaining_size;
+ const unsigned char *ptr;
/* If SELABEL_OPT_DIGEST not set then just return */
if (!digest)
return;
Sha1Initialise(&context);
- Sha1Update(&context, digest->hashbuf, digest->hashbuf_size);
+
+ /* Process in blocks of UINT32_MAX bytes */
+ remaining_size = digest->hashbuf_size;
+ ptr = digest->hashbuf;
+ while (remaining_size > UINT32_MAX) {
+ Sha1Update(&context, ptr, UINT32_MAX);
+ remaining_size -= UINT32_MAX;
+ ptr += UINT32_MAX;
+ }
+ Sha1Update(&context, ptr, remaining_size);
+
Sha1Finalise(&context, (SHA1_HASH *)digest->digest);
free(digest->hashbuf);
digest->hashbuf = NULL;
--
2.27.0

6
libselinux.spec
View File

@ -3,7 +3,7 @@
Name: libselinux
Version: 3.1
Release: 6
Release: 7
License: Public Domain
Summary: SELinux library and simple utilities
Url: https://github.com/SELinuxProject/selinux/wiki
@ -13,6 +13,7 @@ Patch1: do-malloc-trim-after-load-policy.patch
Patch6000: backport-libselinux-Fix-potential-undefined-shifts.patch
Patch6001: backport-libselinux-fix-segfault-in-add_xattr_entry.patch
Patch6002: backport-libselinux-correctly-hash-specfiles-larger-than-4G.patch
BuildRequires: gcc python3-devel systemd swig pcre2-devel xz-devel
BuildRequires: python2-devel ruby-devel libsepol-static >= %{libsepol_version}
@ -154,6 +155,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
%{_mandir}/ru/man8/*
%changelog
* Tue Apr 11 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 3.1-7
- backport patch
* Thu Sep 1 2022 lujie <lujie54@huawei.com> - 3.1-6
- update requires libsepol version 3.1