From 95fac8f9a86b8efd30d8d3b99d92f0ce743ef14d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 8 Jan 2024 14:35:37 +0100 Subject: [PATCH 1/4] Use overflow safe binary search computation Make a good example. --- src/ordering.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ordering.c b/src/ordering.c index c9cb48b2..d930fd6f 100644 --- a/src/ordering.c +++ b/src/ordering.c @@ -93,7 +93,7 @@ void calculate_longest_increasing_subsequence(const struct policy_node *head, int low = 1; int high = longest_seq; while (low <= high) { - int mid = (low + high + 1) / 2; // Ceiling + int mid = low + (high - low + 1) / 2; // Ceiling if (comp_func(ordering, nodes[nodes[mid-1].end_of_seq].node, nodes[index].node) >= 0) { low = mid + 1; } else { From 1e7fe2d0aa3a87a1cb43930a6ec91ec06a04efd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 8 Jan 2024 14:35:41 +0100 Subject: [PATCH 2/4] Use macro for no-sanitize overrides --- src/maps.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/src/maps.c b/src/maps.c index 94853839..ea737b77 100644 --- a/src/maps.c +++ b/src/maps.c @@ -419,12 +419,7 @@ int is_role_if(const char *if_name) } } -#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4) -__attribute__((no_sanitize("unsigned-integer-overflow"))) -#if (__clang_major__ >= 12) -__attribute__((no_sanitize("unsigned-shift-base"))) -#endif -#endif +no_sanitize_unsigned_integer_ void mark_used_if(const char *if_name) { struct if_hash_elem *used_if; @@ -443,12 +438,7 @@ void mark_used_if(const char *if_name) } } -#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4) -__attribute__((no_sanitize("unsigned-integer-overflow"))) -#if (__clang_major__ >= 12) -__attribute__((no_sanitize("unsigned-shift-base"))) -#endif -#endif +no_sanitize_unsigned_integer_ int is_used_if(const char *if_name) { struct if_hash_elem *used_if; From dfa796ecf599f97ac453bbc92335ed2474feb58f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 8 Jan 2024 14:35:47 +0100 Subject: [PATCH 3/4] Constify read-only variables --- src/check_hooks.c | 2 +- src/parse_fc.c | 2 +- src/parse_functions.c | 6 +++--- src/parse_functions.h | 2 +- src/startup.c | 8 ++++---- src/te_checks.c | 2 +- src/tree.c | 18 +++++++++--------- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/check_hooks.c b/src/check_hooks.c index 41b41a1a..9f308008 100644 --- a/src/check_hooks.c +++ b/src/check_hooks.c @@ -261,7 +261,7 @@ void display_check_issue_counts(const struct checks *ck) qsort((void *) node_arr, num_nodes, sizeof(struct check_node *), comp_check_nodes); unsigned int issue_count = 0; - char *old_issue_name = NULL; + const char *old_issue_name = NULL; for (unsigned int i=0; i < num_nodes; i++) { if (old_issue_name && 0 != strcmp(old_issue_name, node_arr[i]->check_id)) { // New issue. Print the old info diff --git a/src/parse_fc.c b/src/parse_fc.c index 3a4b9b0d..96ac70eb 100644 --- a/src/parse_fc.c +++ b/src/parse_fc.c @@ -166,7 +166,7 @@ struct sel_context *parse_context(char *context_str) struct sel_context *context = xmalloc(sizeof(struct sel_context)); memset(context, 0, sizeof(struct sel_context)); // User - char *pos = strtok(context_str, ":"); + const char *pos = strtok(context_str, ":"); if (pos == NULL) { goto cleanup; diff --git a/src/parse_functions.c b/src/parse_functions.c index e85afe37..b1f0798b 100644 --- a/src/parse_functions.c +++ b/src/parse_functions.c @@ -104,7 +104,7 @@ enum selint_error insert_declaration(struct policy_node **cur, // If the name starts with $ we're probably doing something like associating // a role with types in interfaces - char *mn = get_current_module_name(); + const char *mn = get_current_module_name(); if (!mn) { return SELINT_NO_MOD_NAME; @@ -155,7 +155,7 @@ enum selint_error insert_aliases(struct policy_node **cur, insert_decl_into_template_map(temp_name, flavor, alias->string); } else { - char *mn = get_current_module_name(); + const char *mn = get_current_module_name(); if (!mn) { free_string_list(aliases); return SELINT_NO_MOD_NAME; @@ -382,7 +382,7 @@ enum selint_error insert_role_transition(struct policy_node **cur, struct string_list *sources, struct string_list *targets, struct string_list *object_classes, - char *default_role, + const char *default_role, unsigned int lineno) { struct role_transition_data *rt_data = diff --git a/src/parse_functions.h b/src/parse_functions.h index 33dd844c..84148d1a 100644 --- a/src/parse_functions.h +++ b/src/parse_functions.h @@ -216,7 +216,7 @@ enum selint_error insert_role_transition(struct policy_node **cur, struct string_list *sources, struct string_list *targets, struct string_list *object_classes, - char *default_role, + const char *default_role, unsigned int lineno); enum selint_error insert_interface_call(struct policy_node **cur, const char *if_name, diff --git a/src/startup.c b/src/startup.c index c53a7875..69a858ed 100644 --- a/src/startup.c +++ b/src/startup.c @@ -45,7 +45,7 @@ enum selint_error load_access_vectors_kernel(const char *av_path) FTS *ftsp = fts_open(paths, FTS_PHYSICAL, NULL); - FTSENT *file = fts_read(ftsp); + const FTSENT *file = fts_read(ftsp); while (file) { @@ -219,14 +219,14 @@ enum selint_error load_modules_source(const char *modules_conf_path) fclose(fd); return SELINT_PARSE_ERROR; } - char *mod_name = strip_space(pos); + const char *mod_name = strip_space(pos); pos = strtok(NULL, "="); if (!pos) { free(line); fclose(fd); return SELINT_PARSE_ERROR; } - char *status = strip_space(pos); + const char *status = strip_space(pos); insert_into_mods_map(mod_name, status); if (strtok(NULL, "=")) { free(line); @@ -296,7 +296,7 @@ enum selint_error load_devel_headers(struct policy_file_list *context_files) FTS *ftsp = fts_open(paths, FTS_PHYSICAL | FTS_NOSTAT, NULL); - FTSENT *file = fts_read(ftsp); + const FTSENT *file = fts_read(ftsp); while (file) { const char *suffix = (file->fts_pathlen > 3) ? (file->fts_path + file->fts_pathlen - 3) : NULL; if (suffix && !strcmp(suffix, ".if")) { diff --git a/src/te_checks.c b/src/te_checks.c index c5210cbf..7542b689 100644 --- a/src/te_checks.c +++ b/src/te_checks.c @@ -197,7 +197,7 @@ struct check_result *check_no_self(__attribute__((unused)) const struct check_da if (node->flavor != NODE_AV_RULE && node->flavor != NODE_XAV_RULE) { return alloc_internal_error("Bad node type given to check C-007"); } - struct av_rule_data *av_data = node->data.av_data; + const struct av_rule_data *av_data = node->data.av_data; if (av_data->sources->next || av_data->targets->next || diff --git a/src/tree.c b/src/tree.c index 03711f52..4a9d9451 100644 --- a/src/tree.c +++ b/src/tree.c @@ -101,7 +101,7 @@ int is_template_call(const struct policy_node *node) return 0; } - char *call_name = node->data.ic_data->name; + const char *call_name = node->data.ic_data->name; if (look_up_in_template_map(call_name)) { return 1; @@ -149,14 +149,14 @@ struct name_list *get_names_in_node(const struct policy_node *node) struct name_list *ret = NULL; struct name_list *cur = NULL; - struct av_rule_data *av_data; - struct type_transition_data *tt_data; - struct role_transition_data *rt_data; - struct declaration_data *d_data; - struct if_call_data *ifc_data; - struct role_allow_data *ra_data; - struct role_types_data *rtyp_data; - struct attribute_data *at_data; + const struct av_rule_data *av_data; + const struct type_transition_data *tt_data; + const struct role_transition_data *rt_data; + const struct declaration_data *d_data; + const struct if_call_data *ifc_data; + const struct role_allow_data *ra_data; + const struct role_types_data *rtyp_data; + const struct attribute_data *at_data; switch (node->flavor) { case NODE_AV_RULE: From be83114f40ffb05313c584a175fd8c92d6c79f92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 8 Jan 2024 14:35:51 +0100 Subject: [PATCH 4/4] Drop unreachable OOM branches Since commit 40faacbd ("Check memory allocation") memory allocations use a wrapper that checks internally for OOM. Remove the unreachable branches at caller sites. --- src/parse_functions.c | 3 --- src/tree.c | 7 ------- 2 files changed, 10 deletions(-) diff --git a/src/parse_functions.c b/src/parse_functions.c index b1f0798b..fd53379e 100644 --- a/src/parse_functions.c +++ b/src/parse_functions.c @@ -803,9 +803,6 @@ static enum node_flavor attr_to_node_flavor(enum attr_flavor flavor) static enum selint_error insert_attribute(struct policy_node **cur, enum attr_flavor flavor, const char *type, struct string_list *attrs, unsigned int lineno) { struct attribute_data *data = xcalloc(1, sizeof(struct attribute_data)); - if (!data) { - return SELINT_OUT_OF_MEM; - } union node_data nd; nd.at_data = data; diff --git a/src/tree.c b/src/tree.c index 4a9d9451..92cd482e 100644 --- a/src/tree.c +++ b/src/tree.c @@ -32,10 +32,6 @@ enum selint_error insert_policy_node_child(struct policy_node *parent, } struct policy_node *to_insert = xmalloc(sizeof(struct policy_node)); - if (!to_insert) { - return SELINT_OUT_OF_MEM; - } - to_insert->parent = parent; to_insert->next = NULL; to_insert->first_child = NULL; @@ -73,9 +69,6 @@ enum selint_error insert_policy_node_next(struct policy_node *prev, } struct policy_node *to_insert = xmalloc(sizeof(struct policy_node)); - if (!to_insert) { - return SELINT_OUT_OF_MEM; - } prev->next = to_insert;