aboutsummaryrefslogtreecommitdiffstats
path: root/libselinux/src/stringrep.c
diff options
context:
space:
mode:
Diffstat (limited to 'libselinux/src/stringrep.c')
-rw-r--r--libselinux/src/stringrep.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
index 082778e5..ba75ccd5 100644
--- a/libselinux/src/stringrep.c
+++ b/libselinux/src/stringrep.c
@@ -258,18 +258,21 @@ static struct discover_class_node * discover_class(const char *s)
struct stat m;
snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
- if (stat(path,&m) < 0)
+ fd = open(path, O_RDONLY | O_CLOEXEC);
+ if (fd < 0)
goto err4;
+ if (fstat(fd, &m) < 0) {
+ close(fd);
+ goto err4;
+ }
+
if (m.st_mode & S_IFDIR) {
+ close(fd);
dentry = readdir(dir);
continue;
}
- fd = open(path, O_RDONLY);
- if (fd < 0)
- goto err4;
-
memset(buf, 0, sizeof(buf));
ret = read(fd, buf, sizeof(buf) - 1);
close(fd);
@@ -279,6 +282,9 @@ static struct discover_class_node * discover_class(const char *s)
if (sscanf(buf, "%u", &value) != 1)
goto err4;
+ if (value == 0 || value > NVECTORS)
+ goto err4;
+
node->perms[value-1] = strdup(dentry->d_name);
if (node->perms[value-1] == NULL)
goto err4;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-12 21:43:04 +0000