Blame SOURCES/0366-selinux-fix-potential-double-free-crash-in-child-pro.patch
|
 |
84b277 |
From 161ad7deb00e31cb47fdc29f2e795690ffa66be4 Mon Sep 17 00:00:00 2001
|
|
|
84b277 |
From: Michal Sekletar <msekleta@redhat.com>
|
|
|
84b277 |
Date: Mon, 13 Oct 2014 13:41:06 +0200
|
|
|
84b277 |
Subject: [PATCH] selinux: fix potential double free crash in child process
|
|
|
84b277 |
|
|
|
84b277 |
Before returning from function we should reset ret to NULL, thus cleanup
|
|
|
84b277 |
function is nop.
|
|
|
84b277 |
|
|
|
84b277 |
Also context_str() returns pointer to a string containing context but not a
|
|
|
84b277 |
copy, hence we must make copy it explicitly.
|
|
|
84b277 |
|
|
|
84b277 |
Related: #1113790
|
|
|
84b277 |
---
|
|
|
84b277 |
src/shared/label.c | 5 +++--
|
|
|
84b277 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
84b277 |
|
|
|
84b277 |
diff --git a/src/shared/label.c b/src/shared/label.c
|
|
|
84b277 |
index 8f7dfb4..52aea4f 100644
|
|
|
84b277 |
--- a/src/shared/label.c
|
|
|
84b277 |
+++ b/src/shared/label.c
|
|
|
84b277 |
@@ -270,7 +270,8 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
|
|
|
84b277 |
}
|
|
|
84b277 |
|
|
|
84b277 |
freecon(mycon);
|
|
|
84b277 |
- mycon = context_str(bcon);
|
|
|
84b277 |
+ mycon = NULL;
|
|
|
84b277 |
+ mycon = strdup(context_str(bcon));
|
|
|
84b277 |
if (!mycon) {
|
|
|
84b277 |
r = -errno;
|
|
|
84b277 |
goto out;
|
|
|
84b277 |
@@ -284,8 +285,8 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
|
|
|
84b277 |
}
|
|
|
84b277 |
|
|
|
84b277 |
*label = ret;
|
|
|
84b277 |
+ ret = NULL;
|
|
|
84b277 |
r = 0;
|
|
|
84b277 |
-
|
|
|
84b277 |
out:
|
|
|
84b277 |
if (r < 0 && security_getenforce() == 1)
|
|
|
84b277 |
return r;
|