Skip to content

Commit

Permalink
libselinux: use reentrant strtok_r(3)
Browse files Browse the repository at this point in the history
Use the reentrant version strtok_r(3) instead of strtok(3) to avoid
potential data races with concurrent threads.

Signed-off-by: Christian Göttsche <[email protected]>
Acked-by: James Carter <[email protected]>
  • Loading branch information
cgzones authored and jwcart2 committed Jan 25, 2024
1 parent 3e3661f commit 82195e7
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions libselinux/src/selinux_restorecon.c
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
int index = 0, found = 0;
uint64_t nfile = 0;
char *mount_info[4];
char *buf = NULL, *item;
char *buf = NULL, *item, *saveptr;

/* Check to see if the kernel supports seclabel */
if (uname(&uts) == 0 && strverscmp(uts.release, "2.6.30") < 0)
Expand All @@ -258,13 +258,14 @@ static uint64_t exclude_non_seclabel_mounts(void)
while (getline(&buf, &len, fp) != -1) {
found = 0;
index = 0;
item = strtok(buf, " ");
saveptr = NULL;
item = strtok_r(buf, " ", &saveptr);
while (item != NULL) {
mount_info[index] = item;
index++;
if (index == 4)
break;
item = strtok(NULL, " ");
item = strtok_r(NULL, " ", &saveptr);
}
if (index < 4) {
selinux_log(SELINUX_ERROR,
Expand All @@ -276,14 +277,15 @@ static uint64_t exclude_non_seclabel_mounts(void)
/* Remove pre-existing entry */
remove_exclude(mount_info[1]);

item = strtok(mount_info[3], ",");
saveptr = NULL;
item = strtok_r(mount_info[3], ",", &saveptr);
while (item != NULL) {
if (strcmp(item, "seclabel") == 0) {
found = 1;
nfile += file_system_count(mount_info[1]);
break;
}
item = strtok(NULL, ",");
item = strtok_r(NULL, ",", &saveptr);
}

/* Exclude mount points without the seclabel option */
Expand Down

0 comments on commit 82195e7

Please sign in to comment.