search

SELinuxProject / selinux

This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to selinux@vger.kernel.org
Other
1.35k stars 360 forks source link

libselinux: wrong swig code for security_load_policy(3) #354

Open cgzones opened 2 years ago

cgzones commented 2 years ago

The swig typemap https://github.com/SELinuxProject/selinux/blob/0a8c177dacdc1df96ea11bb8aa75e16c4fa82285/libselinux/src/selinuxswig_python.i#L131-L133 added in https://github.com/SELinuxProject/selinux/commit/9639f5d9a837df2d026748543c96cecbc95cb1e2 leads to wrong wrapper code being generated:

selinux.py:

def security_load_policy(len):
    return _selinux.security_load_policy(len)

selinuxswig_python_wrap.c:

SWIGINTERN PyObject *_wrap_security_load_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
  PyObject *resultobj = 0;
  void *arg1 = (void *) 0 ;
  size_t arg2 ;
  char *temp1 = NULL ;
  size_t val2 ;
  int ecode2 = 0 ;
  PyObject *swig_obj[1] ;
  int result;

  {
    arg1 = temp1;  // <- assignment to NULL
  }
  if (!args) SWIG_fail;
  swig_obj[0] = args;
  ecode2 = SWIG_AsVal_size_t(swig_obj[0], &val2);
  if (!SWIG_IsOK(ecode2)) {
    SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_load_policy" "', argument " "2"" of type '" "size_t""'");
  }
  arg2 = (size_t)(val2);
  {
    result = (int)security_load_policy(arg1,arg2);  // <- arg1 is always NULL
    if (result < 0) {
      PyErr_SetFromErrno(PyExc_OSError);
      SWIG_fail;
    }
  }
  resultobj = SWIG_From_int((int)(result));
  return resultobj;
fail:
  return NULL;
}

The typemap might have been indented for selinux_getenforcemode(3) only but does affect many more functions, e.g. selinux_check_access(3).