PERFORCE change 39432 for review

Fri Oct 10 00:58:09 GMT 2003

http://perforce.freebsd.org/chv.cgi?CH=39432

Change 39432 by hdandeka at hdandeka_yash on 2003/10/09 17:57:53

	mmap the policy file before calling security_load_policy.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/checkpolicy.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/checkpolicy.c#5 (text+ko) ====

@@ -34,9 +34,11 @@
 #include <unistd.h>
 #include <errno.h>
 #include <string.h>
+#include <fcntl.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/mman.h>
 #include <netinet/in.h>
 #include "linux-compat.h"
 #else /* __FreeBSD__ */
@@ -320,6 +322,7 @@
 	unsigned int binary = 0, debug = 0;
 	int ret, ch, nel;
 	FILE *fp, *outfp = NULL;
+	int fd;
 	void *filedata;
 	struct stat fsb;
 	size_t filelen;
@@ -619,29 +622,28 @@
 			pathlen = strlen(ans);
 			ans[pathlen - 1] = 0;
 			printf("%s:  loading policy configuration from %s\n", argv[0], ans);
-			fp = fopen(ans, "r");
-			if (!fp) {
+			fd = open(ans, O_RDONLY);
+			if (fd < 0) {
 				printf("%s:  unable to open %s\n", argv[0], ans);
 				break;
 			}
-			if(stat(ans, &fsb) == -1) {
+			if(fstat(fd, &fsb) < 0) {
 				printf("%s:  unable to get size of %s\n", argv[0], ans);
 				break;
 			}
 			filelen = (size_t) fsb.st_size;
 			if ( ((off_t) filelen) != fsb.st_size ) {
-				 printf("%s:  large file, size truncated\n", argv[0]);
-                                 break;
+				printf("%s:  large file, size truncated\n", argv[0]);
+				close(fd);
+				break;
 			}
-			filedata = malloc(filelen);
-			if (!filedata) {
-		                fprintf(stderr, "out of memory\n");
-		                exit(1);
-		        }
-			if(fread(filedata, filelen, 1, fp) != filelen) {
-				printf("%s:  unable to get read from %s\n", argv[0], ans);
+
+			filedata = mmap(NULL, filelen, PROT_READ, MAP_SHARED, fd,0);
+			if (filedata == MAP_FAILED) {
+				printf("Can't map %s\n", ans);
+				close(fd);
 				break;
-			}
+	                }
 			ret = security_load_policy(filedata, filelen);
 			switch (ret) {
 			case 0:
@@ -656,7 +658,8 @@
 			default:
 				printf("return code 0x%x\n", ret);
 			}
-			fclose(fp);
+			/* XXX: call munmap(filedata, filelen) or not ? */
+			close(fd);
 			break;
 		case '8':
 			printf("fs kdevname?  ");
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

