From 915004f403cb25fadb207ddfdbe6a2f43bd44fac Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>

Date: Fri, 17 Jan 2025 17:29:34 +0000

Subject: [PATCH] ls: fix crash with --context

* src/ls.c (main): Flag that we need to stat()

if we're going to get security context (call file_has_aclinfo_cache).

(file_has_aclinfo_cache): Be defensive and only lookup the device

for the file if the stat has been performed.

(has_capability_cache): Likewise.

* tests/ls/selinux-segfault.sh: Add a test case.

Reported by Bruno Haible.

---

 src/ls.c                     | 10 +++++-----

 tests/ls/selinux-segfault.sh |  3 +++

 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/ls.c b/src/ls.c

index 3215360216..f67167f160 100644

--- a/src/ls.c

+++ b/src/ls.c

@@ -1768,7 +1768,7 @@ main (int argc, char **argv)

   format_needs_stat = ((sort_type == sort_time) | (sort_type == sort_size)

                        | (format == long_format)

-                       | print_block_size | print_hyperlink);

+                       | print_block_size | print_hyperlink | print_scontext);

   format_needs_type = ((! format_needs_stat)

                        & (recursive | print_with_color | print_scontext

                           | directories_first

@@ -3309,7 +3309,7 @@ file_has_aclinfo_cache (char const *file, struct fileinfo *f,

   static int unsupported_scontext_err;

   static dev_t unsupported_device;

-  if (f->stat.st_dev == unsupported_device)

+  if (f->stat_ok && f->stat.st_dev == unsupported_device)

     {

       ai->buf = ai->u.__gl_acl_ch;

       ai->size = 0;

@@ -3322,7 +3322,7 @@ file_has_aclinfo_cache (char const *file, struct fileinfo *f,

   errno = 0;

   int n = file_has_aclinfo (file, ai, flags);

   int err = errno;

-  if (n <= 0 && !acl_errno_valid (err))

+  if (f->stat_ok && n <= 0 && !acl_errno_valid (err))

     {

       unsupported_return = n;

       unsupported_scontext = ai->scontext;

@@ -3342,14 +3342,14 @@ has_capability_cache (char const *file, struct fileinfo *f)

      found that has_capability fails indicating lack of support.  */

   static dev_t unsupported_device;

-  if (f->stat.st_dev == unsupported_device)

+  if (f->stat_ok && f->stat.st_dev == unsupported_device)

     {

       errno = ENOTSUP;

       return 0;

     }

   bool b = has_capability (file);

-  if ( !b && !acl_errno_valid (errno))

+  if (f->stat_ok && !b && !acl_errno_valid (errno))

     unsupported_device = f->stat.st_dev;

   return b;

 }

diff --git a/tests/ls/selinux-segfault.sh b/tests/ls/selinux-segfault.sh

index 11623acb3f..1cac2b5fc0 100755

--- a/tests/ls/selinux-segfault.sh

+++ b/tests/ls/selinux-segfault.sh

@@ -30,4 +30,7 @@ mkdir sedir || framework_failure_

 ln -sf missing sedir/broken || framework_failure_

 returns_ 1 ls -L -R -Z -m sedir > out || fail=1

+# ls 9.6 would segfault with the following

+ls -Z . > out || fail=1

+

 Exit $fail