From 23957130df0b80e3b93178fc4f8ebc64d3a3625c Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Aug 22 2005 18:13:47 +0000 Subject: - Fix mls crash --- diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch index 465ae37..fd28976 100644 --- a/checkpolicy-rhat.patch +++ b/checkpolicy-rhat.patch @@ -1,111 +1,29 @@ -diff --exclude-from=exclude -N -u -r nsacheckpolicy/Makefile checkpolicy-1.25.3/Makefile ---- nsacheckpolicy/Makefile 2005-07-28 15:18:33.000000000 -0400 -+++ checkpolicy-1.25.3/Makefile 2005-07-29 09:18:09.000000000 -0400 -@@ -6,7 +6,7 @@ - MANDIR ?= $(PREFIX)/share/man - LIBDIR ?= $(PREFIX)/lib - INCLUDEDIR ?= $(PREFIX)/include --TARGETS = checkpolicy checkmodule -+TARGETS = checkpolicy checkmodule semodule_package - - CFLAGS ?= -g -Wall -O2 -pipe -fno-strict-aliasing - -@@ -15,8 +15,9 @@ - CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o - CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o - CHECKMODOBJS = $(CHECKOBJS) checkmodule.o -+SEMODULE_PACKAGEOBJS = semodule_package.o - --LDLIBS=$(LIBDIR)/libsepol.a -lfl -+LDLIBS=$(LIBDIR)/libsepol.a -lfl - - all: $(TARGETS) - -@@ -24,6 +25,9 @@ - - checkmodule: $(CHECKMODOBJS) - -+semodule_package: $(SEMODULE_PACKAGEOBJS) -+ $(CC) -o $@ $^ ${LIBDIR}/libsemanage.a $(LIBDIR)/libsepol.a -+ - %.o: %.c - $(CC) $(CFLAGS) -o $@ -c $< - -diff --exclude-from=exclude -N -u -r nsacheckpolicy/semodule_package.c checkpolicy-1.25.3/semodule_package.c ---- nsacheckpolicy/semodule_package.c 1969-12-31 19:00:00.000000000 -0500 -+++ checkpolicy-1.25.3/semodule_package.c 2005-07-28 15:30:24.000000000 -0400 -@@ -0,0 +1,74 @@ -+/* Authors: Karl MacMillan -+ * -+ * Copyright (C) 2004 Tresys Technology, LLC -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, version 2. -+ */ -+ -+#include -+ -+#include -+#include -+#include -+#include -+ -+extern char *optarg; -+ -+static void usage(char *progname) -+{ -+ printf("usage: %s PACKAGE MODULE [FILE_CONTEXTS]\n", progname); -+ printf("Build a package from a module and optional file contexts.\n"); -+ printf("Options:\n"); -+ printf(" PACKAGE name of file to write generated package\n"); -+ printf(" MODULE base or policy module to wrap\n"); -+ printf(" FILE_CONTEXTS file containing file contexts for this package\n"); -+ exit(1); -+} -+ -+static int file_to_policy_file(char *filename, struct policy_file *pf, char *mode) -+{ -+ FILE *f; -+ -+ memset(pf, 0, sizeof(struct policy_file)); -+ -+ f = fopen(filename, mode); -+ if (!f) { -+ fprintf(stderr, "Could not open file %s\n", filename); -+ return -1; -+ } -+ pf->type = PF_USE_STDIO; -+ pf->fp = f; -+ -+ return 0; -+} -+ -+int main(int argc, char **argv) -+{ -+ struct policy_file out, mod, fc; -+ -+ if (argc < 3 || argc > 4) -+ usage(argv[0]); -+ -+ if (file_to_policy_file(argv[1], &out, "w")) -+ exit(1); -+ -+ if (file_to_policy_file(argv[2], &mod, "r")) -+ exit(1); -+ -+ if (argc == 3) { -+ if (semod_module_package_create(&mod, NULL, &out)) { -+ fprintf(stderr, "Could not write module package\n"); -+ exit(1); +Index: checkpolicy/policy_parse.y +=================================================================== +RCS file: /nfshome/pal/CVS/selinux-usr/checkpolicy/policy_parse.y,v +retrieving revision 1.41 +diff -u -p -r1.41 policy_parse.y +--- checkpolicy/policy_parse.y 15 Aug 2005 16:10:56 -0000 1.41 ++++ checkpolicy/policy_parse.y 22 Aug 2005 17:49:36 -0000 +@@ -2965,6 +2965,7 @@ static int define_validatetrans(constrai + ebitmap_t classmap; + constraint_expr_t *e; + int depth; ++ unsigned char useexpr = 1; + + if (pass == 1) { + while ((id = queue_remove(id_queue))) +@@ -3035,7 +3036,12 @@ static int define_validatetrans(constrai + return -1; + } + memset(node, 0, sizeof(constraint_node_t)); +- node->expr = expr; ++ if (useexpr) { ++ node->expr = expr; ++ useexpr = 0; ++ } else { ++ node->expr = constraint_expr_clone(expr); + } -+ } else if (argc == 4) { -+ if (file_to_policy_file(argv[3], &fc, "r")) -+ exit(1); -+ if (semod_module_package_create(&mod, &fc, &out)) { -+ fprintf(stderr, "Could not write module package\n"); -+ exit(1); -+ } -+ } -+ -+ return 0; -+} + node->permissions = 0; + + node->next = cladatum->validatetrans; diff --git a/checkpolicy.spec b/checkpolicy.spec index 8437a94..c181d49 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -2,7 +2,7 @@ Summary: SELinux policy compiler Name: checkpolicy Version: 1.25.11 -Release: 1 +Release: 2 License: GPL Group: Development/System Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -45,6 +45,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man8/checkpolicy.8.gz %changelog +* Mon Aug 22 2005 Dan Walsh 1.25.11-2 +- Fix mls crash + * Fri Aug 19 2005 Dan Walsh 1.25.11-1 - Update to NSA Release * Merged use-after-free fix from Serge Hallyn (IBM).