[PATCH v1] secontext: print context of Unix socket's sun_path field

Renaud Métrich rmetrich at redhat.com
Thu Jun 30 19:00:34 UTC 2022


Yes sorry I should have mentioned that, I was also worried about non
terminated string but checked the code as found it was null terminated
anyway.

On Thursday, June 30, 2022, Dmitry V. Levin <ldv at altlinux.org> wrote:
> On Thu, Jun 30, 2022 at 07:15:27PM +0300, Dmitry V. Levin wrote:
>> On Tue, Jun 21, 2022 at 08:43:00AM +0200, Renaud Métrich wrote:
>> > Signed-off-by: Renaud Métrich <rmetrich at redhat.com>
>> > ---
>> >  src/sockaddr.c     |  3 +++
>> >  tests/gen_tests.in |  4 ++++
>> >  tests/secontext.c  | 49 +++++++++++++++++++++++++++++++++++++++++
>> >  tests/secontext.h  | 12 +++++++++++
>> >  tests/sockname.c   | 54 ++++++++++++++++++++++++++++++----------------
>> >  5 files changed, 103 insertions(+), 19 deletions(-)
>> >
>> > diff --git a/src/sockaddr.c b/src/sockaddr.c
>> > index a6e698d4b..cf770a5e7 100644
>> > --- a/src/sockaddr.c
>> > +++ b/src/sockaddr.c
>> > @@ -63,6 +63,8 @@
>> >  #include "xlat/mctp_addrs.h"
>> >  #include "xlat/mctp_nets.h"
>> >
>> > +#include "secontext.h"
>> > +
>> >  #define SIZEOF_SA_FAMILY sizeof_field(struct sockaddr, sa_family)
>> >
>> >  struct sockaddr_rxrpc {
>> > @@ -115,6 +117,7 @@ print_sockaddr_data_un(struct tcb *tcp, const void
*const buf, const int addrlen
>> >     if (sa_un->sun_path[0]) {
>> >             print_quoted_string(sa_un->sun_path, path_len + 1,
>> >                                 QUOTE_0_TERMINATED);
>> > +           selinux_printfilecon(tcp, sa_un->sun_path);
>>
>> Interesting, selinux_printfilecon takes a NUL-terminated path, but
>> sa_un->sun_path is not necessarily NUL-terminated.  Also, path_len
>> could potentially be less than sizeof(sa_un->sun_path) - 1,
>> I wonder what selinux_printfilecon would print in that case.
>
> OK, looks like all of this is safe thanks to decode_sockaddr that already
> does the NUL-termination.
>
>
> --
> ldv
>
>

-- 
Renaud
Sent from my phone, sorry for the typos...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20220630/861389ff/attachment.htm>


More information about the Strace-devel mailing list