From b1802386d2ec6a2767927abef4b99b4575da4085 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 30 May 2025 14:30:48 +0200
Subject: [PATCH] libselinux: retain LIFO order for path substitutions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Store the path substitutions in LIFO order as in previous versions.

Fixes: 4d436e4b ("libselinux: use vector instead of linked list for substitutions")
Reported-by: Dominick Grift <dominick.grift@defensec.nl>
Link: https://lore.kernel.org/selinux/87ldqftsxd.fsf@defensec.nl/
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
---
 src/label_file.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/label_file.c b/src/label_file.c
index 61a9ddb6..b785eab6 100644
--- a/src/label_file.c
+++ b/src/label_file.c
@@ -1350,6 +1350,15 @@ static int selabel_subs_init(const char *path, struct selabel_digest *digest,
 	if (digest_add_specfile(digest, cfg, NULL, sb.st_size, path) < 0)
 		goto err;
 
+	/* LIFO order for backward compatibility */
+	for (uint32_t i = 0; i < tmp_num/2; i++) {
+		struct selabel_sub swap;
+
+		swap = tmp[i];
+		tmp[i] = tmp[tmp_num - i - 1];
+		tmp[tmp_num - i - 1] = swap;
+	}
+
 	*out_subs = tmp;
 	*out_num = tmp_num;
 	*out_alloc = tmp_alloc;
-- 
2.53.0