|
 |
d477aa |
From 30da7a4907893bd43fe9da40728a3bcabdf3d7a4 Mon Sep 17 00:00:00 2001
|
|
|
d477aa |
From: Petr Lautrbach <plautrba@redhat.com>
|
|
|
d477aa |
Date: Wed, 28 Jul 2021 11:21:35 +0200
|
|
|
d477aa |
Subject: [PATCH] libsemanage: Fix USE_AFTER_FREE (CWE-672) in
|
|
|
d477aa |
semanage_direct_write_langext()
|
|
|
d477aa |
|
|
|
d477aa |
>From fclose(3):
|
|
|
d477aa |
Upon successful completion, 0 is returned. Otherwise, EOF is returned
|
|
|
d477aa |
and errno is set to indicate the error. In either case, any further
|
|
|
d477aa |
access (including another call to fclose()) to the stream results in
|
|
|
d477aa |
undefined behavior.
|
|
|
d477aa |
|
|
|
d477aa |
Fixes:
|
|
|
d477aa |
Error: USE_AFTER_FREE (CWE-672): [#def1]
|
|
|
d477aa |
libsemanage-3.2/src/direct_api.c:1023: freed_arg: "fclose" frees "fp".
|
|
|
d477aa |
libsemanage-3.2/src/direct_api.c:1034: use_closed_file: Calling "fclose" uses file handle "fp" after closing it.
|
|
|
d477aa |
# 1032|
|
|
|
d477aa |
# 1033| cleanup:
|
|
|
d477aa |
# 1034|-> if (fp != NULL) fclose(fp);
|
|
|
d477aa |
# 1035|
|
|
|
d477aa |
# 1036| return ret;
|
|
|
d477aa |
|
|
|
d477aa |
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
|
d477aa |
---
|
|
|
d477aa |
libsemanage/src/direct_api.c | 1 +
|
|
|
d477aa |
1 file changed, 1 insertion(+)
|
|
|
d477aa |
|
|
|
d477aa |
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
|
|
|
d477aa |
index c32939c0..7638653a 100644
|
|
|
d477aa |
--- a/libsemanage/src/direct_api.c
|
|
|
d477aa |
+++ b/libsemanage/src/direct_api.c
|
|
|
d477aa |
@@ -1022,6 +1022,7 @@ static int semanage_direct_write_langext(semanage_handle_t *sh,
|
|
|
d477aa |
|
|
|
d477aa |
if (fclose(fp) != 0) {
|
|
|
d477aa |
ERR(sh, "Unable to close %s module ext file.", modinfo->name);
|
|
|
d477aa |
+ fp = NULL;
|
|
|
d477aa |
ret = -1;
|
|
|
d477aa |
goto cleanup;
|
|
|
d477aa |
}
|
|
|
d477aa |
--
|
|
|
d477aa |
2.30.2
|
|
|
d477aa |
|