Skip to content

Commit

Permalink
cfg: add library configuration for libselinux (#6461)
Browse files Browse the repository at this point in the history 
There are a couple false-positives and false-negatives:

- no warning of `ignoredReturnValue` for `get_default_type()`:
   
  ```xml
  <function name="get_default_type">
    <returnValue type="int"/>
    <noreturn>false</noreturn>
    <use-retval/>
    <leak-ignore/>
    <arg nr="1" direction="in">
      <not-null/>
      <not-uninit/>
      <strz/>
    </arg>
    <arg nr="2" direction="out">
      <not-null/>
    </arg>
  </function>
  <memory>
    <alloc init="true" arg="2">get_default_type</alloc>
    <dealloc>free</dealloc>
  </memory>
  ```
  ```c
get_default_type("object_r", type2); // does not report
ignoredReturnValue
  ```

- wrong `constVariablePointer` report for `selabel_open()`, especially
since the cleanup function `selabel_close()` does take a not pointer to
non-const:
  ```xml
  <function name="selabel_open">
    <returnValue type="struct selabel_handle *"/>
    <noreturn>false</noreturn>
    <use-retval/>
    <leak-ignore/>
    <arg nr="1" direction="in">
      <not-uninit/>
      <not-bool/>
      <valid>0:5</valid>
    </arg>
    <arg nr="2" direction="in">
      <not-uninit/>
      <minsize type="argvalue" arg="3"/>
    </arg>
    <arg nr="3" direction="in">
      <not-uninit/>
      <not-bool/>
    </arg>
  </function>
  ```
  ```c
struct selabel_handle *hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); //
reports constVariablePointer
  ```

- missing `memleak` for `getseuserbyname()`:
  ```xml
  <function name="getseuserbyname">
    <returnValue type="int"/>
    <noreturn>false</noreturn>
    <use-retval/>
    <leak-ignore/>
    <arg nr="1" direction="in">
      <not-null/>
      <not-uninit/>
      <strz/>
    </arg>
    <arg nr="2" direction="out">
      <not-null/>
    </arg>
    <arg nr="3" direction="out">
      <not-null/>
    </arg>
  </function>
  <memory>
    <alloc init="true" arg="2">getseuserbyname</alloc>
    <dealloc>free</dealloc>
  </memory>
  <memory>
    <alloc init="true" arg="3">getseuserbyname</alloc>
    <dealloc>free</dealloc>
  </memory>
  ```
  ```c
  void getseuserbyname_fail2(void)
  {
    char *seuser, *level;
    getseuserbyname("root", &seuser, &level);
    free(level);

    // seuser is leaked; no memleak report
  }
  ```

---------

Co-authored-by: chrchr-github <[email protected]>
Co-authored-by: Oliver Stöneberg <[email protected]>
  • Loading branch information
@cgzones @chrchr-github @firewave
3 people authored Jul 22, 2024
1 parent ac5d06c commit 81e7614
Show file tree
Hide file tree
Showing 6 changed files with 3,934 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/CI-unixish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -359,7 +359,7 @@ jobs:
- name: Install missing software on ubuntu 22.04 (cfg)
if: matrix.os == 'ubuntu-22.04'
run: |
sudo apt-get install libcairo2-dev libcurl4-openssl-dev liblua5.3-dev libssl-dev libsqlite3-dev libcppunit-dev libsigc++-2.0-dev libgtk-3-dev libboost-all-dev libwxgtk3.0-gtk3-dev xmlstarlet qtbase5-dev
sudo apt-get install libcairo2-dev libcurl4-openssl-dev liblua5.3-dev libssl-dev libsqlite3-dev libcppunit-dev libsigc++-2.0-dev libgtk-3-dev libboost-all-dev libselinux-dev libwxgtk3.0-gtk3-dev xmlstarlet qtbase5-dev
# coreutils contains "nproc"
- name: Install missing software on macos
Expand Down
Loading

0 comments on commit 81e7614

Please sign in to comment.