SELinuxProject · cgzones · Oct 12, 2021 · Oct 12, 2021 · Jul 12, 2022 · Nov 1, 2023
diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
@@ -108,8 +108,8 @@ jobs:
             # Test hat debug build works fine
             EXPLICIT_MAKE_VARS="DEBUG=1"
         elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then
-            sanitizers='-fsanitize=address,undefined'
-            EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS="
+            sanitizers='-fsanitize=address,undefined -fsanitize-address-use-after-scope -fno-omit-frame-pointer'
+            EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS='dbus gui mcstrans restorecond semodule-utils'"
             echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV
             echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV
         else

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
@@ -89,7 +89,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi
           -Werror -Wno-aggregate-return \
           $(EXTRA_CFLAGS)
 
-LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=libselinux.map,-z,defs,-z,relro
+LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=libselinux.map,-z,relro
 
 ifeq ($(OS), Darwin)
 override CFLAGS += -I/opt/local/include

diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
@@ -90,7 +90,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map
 	ln -sf $@ $(TARGET)
 
 $(LIBPC): $(LIBPC).in ../VERSION

diff --git a/libsemanage/src/database.c b/libsemanage/src/database.c
@@ -21,6 +21,7 @@ static int assert_init(semanage_handle_t * handle, dbase_config_t * dconfig)
 	return STATUS_SUCCESS;
 }
 
+__attribute__((no_sanitize("function")))
 static int enter_ro(semanage_handle_t * handle, dbase_config_t * dconfig)
 {
 
@@ -58,6 +59,7 @@ static inline int exit_ro(semanage_handle_t * handle)
 	return commit_num;
 }
 
+__attribute__((no_sanitize("function")))
 static int enter_rw(semanage_handle_t * handle, dbase_config_t * dconfig)
 {
 
@@ -79,6 +81,7 @@ static int enter_rw(semanage_handle_t * handle, dbase_config_t * dconfig)
 	return STATUS_ERR;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_modify(semanage_handle_t * handle,
 		 dbase_config_t * dconfig,
 		 const record_key_t * key, const record_t * data)
@@ -93,6 +96,7 @@ int dbase_modify(semanage_handle_t * handle,
 	return STATUS_SUCCESS;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_set(semanage_handle_t * handle,
 	      dbase_config_t * dconfig,
 	      const record_key_t * key, const record_t * data)
@@ -107,6 +111,7 @@ int dbase_set(semanage_handle_t * handle,
 	return STATUS_SUCCESS;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_del(semanage_handle_t * handle,
 	      dbase_config_t * dconfig, const record_key_t * key)
 {
@@ -120,6 +125,7 @@ int dbase_del(semanage_handle_t * handle,
 	return STATUS_SUCCESS;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_query(semanage_handle_t * handle,
 		dbase_config_t * dconfig,
 		const record_key_t * key, record_t ** response)
@@ -136,6 +142,7 @@ int dbase_query(semanage_handle_t * handle,
 	return exit_ro(handle);
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_exists(semanage_handle_t * handle,
 		 dbase_config_t * dconfig,
 		 const record_key_t * key, int *response)
@@ -152,6 +159,7 @@ int dbase_exists(semanage_handle_t * handle,
 	return exit_ro(handle);
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_count(semanage_handle_t * handle,
 		dbase_config_t * dconfig, unsigned int *response)
 {
@@ -167,6 +175,7 @@ int dbase_count(semanage_handle_t * handle,
 	return exit_ro(handle);
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_iterate(semanage_handle_t * handle,
 		  dbase_config_t * dconfig,
 		  int (*fn) (const record_t * record,
@@ -184,6 +193,7 @@ int dbase_iterate(semanage_handle_t * handle,
 	return exit_ro(handle);
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_list(semanage_handle_t * handle,
 	       dbase_config_t * dconfig,
 	       record_t *** records, unsigned int *count)

diff --git a/libsemanage/src/database_activedb.c b/libsemanage/src/database_activedb.c
@@ -139,6 +139,9 @@ int dbase_activedb_init(semanage_handle_t * handle,
 void dbase_activedb_release(dbase_activedb_t * dbase)
 {
 
+	if (!dbase)
+		return;
+
 	dbase_llist_drop_cache(&dbase->llist);
 	free(dbase);
 }

diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c
@@ -37,6 +37,7 @@ struct dbase_file {
 	record_file_table_t *rftable;
 };
 
+__attribute__((no_sanitize("function")))
 static int dbase_file_cache(semanage_handle_t * handle, dbase_file_t * dbase)
 {
 
@@ -191,6 +192,9 @@ int dbase_file_init(semanage_handle_t * handle,
 void dbase_file_release(dbase_file_t * dbase)
 {
 
+	if (!dbase)
+		return;
+
 	dbase_llist_drop_cache(&dbase->llist);
 	free(dbase);
 }

diff --git a/libsemanage/src/database_join.c b/libsemanage/src/database_join.c
@@ -34,6 +34,7 @@ struct dbase_join {
 	record_join_table_t *rjtable;
 };
 
+__attribute__((no_sanitize("function")))
 static int dbase_join_cache(semanage_handle_t * handle, dbase_join_t * dbase)
 {
 
@@ -170,6 +171,7 @@ static int dbase_join_cache(semanage_handle_t * handle, dbase_join_t * dbase)
 }
 
 /* Flush database */
+__attribute__((no_sanitize("function")))
 static int dbase_join_flush(semanage_handle_t * handle, dbase_join_t * dbase)
 {
 
@@ -271,6 +273,9 @@ int dbase_join_init(semanage_handle_t * handle,
 void dbase_join_release(dbase_join_t * dbase)
 {
 
+	if (!dbase)
+		return;
+
 	dbase_llist_drop_cache(&dbase->llist);
 	free(dbase);
 }

diff --git a/libsemanage/src/database_llist.c b/libsemanage/src/database_llist.c
@@ -34,6 +34,7 @@ int dbase_llist_needs_resync(semanage_handle_t * handle, dbase_llist_t * dbase)
 }
 
 /* Helper for adding records to the cache */
+__attribute__((no_sanitize("function")))
 int dbase_llist_cache_prepend(semanage_handle_t * handle,
 			      dbase_llist_t * dbase, const record_t * data)
 {
@@ -67,6 +68,7 @@ int dbase_llist_cache_prepend(semanage_handle_t * handle,
 	return STATUS_ERR;
 }
 
+__attribute__((no_sanitize("function")))
 void dbase_llist_drop_cache(dbase_llist_t * dbase)
 {
 
@@ -99,6 +101,7 @@ int dbase_llist_set_serial(semanage_handle_t * handle, dbase_llist_t * dbase)
 }
 
 /* Helper for finding records in the cache */
+__attribute__((no_sanitize("function")))
 static int dbase_llist_cache_locate(semanage_handle_t * handle,
 				    dbase_llist_t * dbase,
 				    const record_key_t * key,
@@ -226,6 +229,7 @@ int dbase_llist_modify(semanage_handle_t * handle,
 	return STATUS_SUCCESS;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_llist_query(semanage_handle_t * handle,
 		      dbase_llist_t * dbase,
 		      const record_key_t * key, record_t ** response)
@@ -248,6 +252,7 @@ int dbase_llist_query(semanage_handle_t * handle,
 	return STATUS_ERR;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_llist_iterate(semanage_handle_t * handle,
 			dbase_llist_t * dbase,
 			int (*fn) (const record_t * record,
@@ -274,6 +279,7 @@ int dbase_llist_iterate(semanage_handle_t * handle,
 	return STATUS_ERR;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_llist_del(semanage_handle_t * handle __attribute__ ((unused)),
 		    dbase_llist_t * dbase, const record_key_t * key)
 {
@@ -304,6 +310,7 @@ int dbase_llist_del(semanage_handle_t * handle __attribute__ ((unused)),
 	return STATUS_SUCCESS;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_llist_clear(semanage_handle_t * handle, dbase_llist_t * dbase)
 {
 
@@ -331,6 +338,7 @@ int dbase_llist_clear(semanage_handle_t * handle, dbase_llist_t * dbase)
 	return STATUS_SUCCESS;
 }
 
+__attribute__((no_sanitize("function")))
 int dbase_llist_list(semanage_handle_t * handle,
 		     dbase_llist_t * dbase,
 		     record_t *** records, unsigned int *count)

diff --git a/libsemanage/src/database_policydb.c b/libsemanage/src/database_policydb.c
@@ -44,7 +44,7 @@ struct dbase_policydb {
 static void dbase_policydb_drop_cache(dbase_policydb_t * dbase)
 {
 
-	if (dbase->cache_serial >= 0) {
+	if (dbase && dbase->cache_serial >= 0) {
 		sepol_policydb_free(dbase->policydb);
 		dbase->cache_serial = -1;
 		dbase->modified = 0;
@@ -382,6 +382,7 @@ struct list_handler_arg {
 	int pos;
 };
 
+__attribute__((no_sanitize("function")))
 static int list_handler(const record_t * record, void *varg)
 {
 

diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
@@ -321,6 +321,7 @@ int semanage_direct_connect(semanage_handle_t * sh)
 
       err:
 	ERR(sh, "could not establish direct connection");
+	(void) semanage_direct_disconnect(sh);
 	return STATUS_ERR;
 }
 
@@ -1140,6 +1141,7 @@ static int copy_file_if_exists(const char *src, const char *dst, mode_t mode){
 /* Commits all changes in sandbox to the actual kernel policy.
  * Returns commit number on success, -1 on error.
  */
+__attribute__((no_sanitize("function")))
 static int semanage_direct_commit(semanage_handle_t * sh)
 {
 	char **mod_filenames = NULL;

diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
@@ -368,12 +368,11 @@ int semanage_access_check(semanage_handle_t * sh)
 
 int semanage_disconnect(semanage_handle_t * sh)
 {
-	assert(sh != NULL && sh->funcs != NULL
-	       && sh->funcs->disconnect != NULL);
+	assert(sh != NULL);
 	if (!sh->is_connected) {
 		return 0;
 	}
-	if (sh->funcs->disconnect(sh) < 0) {
+	if (sh->funcs && sh->funcs->disconnect(sh) < 0) {
 		return -1;
 	}
 	sh->is_in_transaction = 0;

diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
@@ -254,7 +254,11 @@ char *semanage_str_replace(const char *search, const char *replace,
 		return strdup(src);
 
 	/* Allocate the result string */
-	newsize = strlen(src) + 1 + count * (rlen - slen);
+	newsize = strlen(src) + 1;
+	if (rlen >= slen)
+		newsize += count * (rlen - slen);
+	else
+		newsize -= count * (slen - rlen);
 	result = malloc(newsize);
 	if (!result)
 		return NULL;

diff --git a/libsemanage/tests/test_bool.c b/libsemanage/tests/test_bool.c
@@ -603,7 +603,8 @@ static void test_bool_count(void)
 /* Function bool_iterate */
 unsigned int counter_bool_iterate = 0;
 
-static int handler_bool_iterate(const semanage_bool_t *record, void *varg)
+static int handler_bool_iterate(__attribute__((unused)) const semanage_bool_t *record,
+				__attribute__((unused)) void *varg)
 {
 	counter_bool_iterate++;
 	return 0;
@@ -859,7 +860,8 @@ static void test_bool_count_local(void)
 /* Function bool_iterate_local */
 unsigned int counter_bool_iterate_local = 0;
 
-static int handler_bool_iterate_local(const semanage_bool_t *record, void *varg)
+static int handler_bool_iterate_local(__attribute__((unused)) const semanage_bool_t *record,
+				      __attribute__((unused)) void *varg)
 {
 	counter_bool_iterate_local++;
 	return 0;

diff --git a/libsemanage/tests/test_fcontext.c b/libsemanage/tests/test_fcontext.c
@@ -655,7 +655,8 @@ static void test_fcontext_count(void)
 /* Function semanage_fcontext_iterate */
 unsigned int counter_fcontext_iterate = 0;
 
-static int handler_fcontext_iterate(const semanage_fcontext_t *record, void *varg)
+static int handler_fcontext_iterate(const semanage_fcontext_t *record,
+				    __attribute__((unused)) void *varg)
 {
 	CU_ASSERT_PTR_NOT_NULL(record);
 	counter_fcontext_iterate++;
@@ -937,7 +938,7 @@ static void test_fcontext_count_local(void)
 unsigned int counter_fcontext_iterate_local = 0;
 
 static int handler_fcontext_iterate_local(const semanage_fcontext_t *record,
-				   void *varg)
+					  __attribute__((unused)) void *varg)
 {
 	CU_ASSERT_PTR_NOT_NULL(record);
 	counter_fcontext_iterate_local++;

diff --git a/libsemanage/tests/test_handle.c b/libsemanage/tests/test_handle.c
@@ -236,8 +236,9 @@ static void test_mls_enabled(void)
 /* Function semanage_set_callback */
 int msg_set_callback_count = 0;
 
-static void helper_msg_set_callback(void *varg, semanage_handle_t *handle,
-			     const char *fmt, ...)
+static void helper_msg_set_callback(__attribute__((unused)) void *varg,
+				    __attribute__((unused)) semanage_handle_t *handle,
+				    __attribute__((unused)) const char *fmt, ...)
 {
 	msg_set_callback_count++;
 }
@@ -316,6 +317,7 @@ static void helper_select_store(const char *name, enum semanage_connect_type typ
 		cleanup_handle(SH_HANDLE);
 }
 
+__attribute__((no_sanitize("implicit-integer-sign-change")))
 static void test_select_store(void)
 {
 	helper_select_store("asdf", SEMANAGE_CON_INVALID - 1, -1);