|
 |
2fc102 |
From 1a088724c4d70edfbecab4252c1644100374f0f0 Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
2fc102 |
Date: Wed, 2 Apr 2014 22:11:59 +0200
|
|
|
2fc102 |
Subject: [PATCH 121/121] IPA: Fix SELinux mapping order memory hierarchy
|
|
|
2fc102 |
|
|
|
2fc102 |
https://fedorahosted.org/sssd/ticket/2300
|
|
|
2fc102 |
|
|
|
2fc102 |
The list of SELinux mapping orders was allocated on tmp_ctx and parsed
|
|
|
2fc102 |
into an array. The array itself was correctly allocated on mem_ctx but
|
|
|
2fc102 |
its contents remained on tmp_ctx, leading to a use-after-free error.
|
|
|
2fc102 |
This patch fixes the memory hierarchy so that both the array and its
|
|
|
2fc102 |
contents are allocated on mem_ctx.
|
|
|
2fc102 |
|
|
|
2fc102 |
(cherry picked from commit 355b8a655cfcc4e783077d12f76b55da1d23fb87)
|
|
|
2fc102 |
|
|
|
2fc102 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/providers/ipa/ipa_selinux.c | 16 ++++++++--------
|
|
|
2fc102 |
1 file changed, 8 insertions(+), 8 deletions(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
|
|
|
2fc102 |
index 7f59161918a04ff8c994a0ce0fe55924ff09eda7..b7cbe445f1ecbfffaa84bb049aaf45ba4ecb1a35 100644
|
|
|
2fc102 |
--- a/src/providers/ipa/ipa_selinux.c
|
|
|
2fc102 |
+++ b/src/providers/ipa/ipa_selinux.c
|
|
|
2fc102 |
@@ -557,21 +557,15 @@ static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order,
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
- order = talloc_strdup(tmp_ctx, map_order);
|
|
|
2fc102 |
- if (order == NULL) {
|
|
|
2fc102 |
- ret = ENOMEM;
|
|
|
2fc102 |
- goto done;
|
|
|
2fc102 |
- }
|
|
|
2fc102 |
- len = strlen(order);
|
|
|
2fc102 |
-
|
|
|
2fc102 |
/* The "order" string contains one or more SELinux user records
|
|
|
2fc102 |
* separated by $. Now we need to create an array of string from
|
|
|
2fc102 |
* this one string. First find out how many elements in the array
|
|
|
2fc102 |
* will be. This way only one alloc will be necessary for the array
|
|
|
2fc102 |
*/
|
|
|
2fc102 |
order_count = 1;
|
|
|
2fc102 |
+ len = strlen(map_order);
|
|
|
2fc102 |
for (i = 0; i < len; i++) {
|
|
|
2fc102 |
- if (order[i] == '$') order_count++;
|
|
|
2fc102 |
+ if (map_order[i] == '$') order_count++;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
order_array = talloc_array(tmp_ctx, char *, order_count);
|
|
|
2fc102 |
@@ -580,6 +574,12 @@ static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order,
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
+ order = talloc_strdup(order_array, map_order);
|
|
|
2fc102 |
+ if (order == NULL) {
|
|
|
2fc102 |
+ ret = ENOMEM;
|
|
|
2fc102 |
+ goto done;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
/* Now fill the array with pointers to the original string. Also
|
|
|
2fc102 |
* use binary zeros to make multiple string out of the one.
|
|
|
2fc102 |
*/
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.9.0
|
|
|
2fc102 |
|