39 lines
1.1 KiB
Diff
39 lines
1.1 KiB
Diff
From 5e78424f4a27c07be50e246308035c877f204038 Mon Sep 17 00:00:00 2001
|
|
From: Michal Sekletar <msekleta@redhat.com>
|
|
Date: Mon, 13 Oct 2014 15:25:09 +0200
|
|
Subject: [PATCH] selinux: fix potential double free crash in child process
|
|
|
|
Before returning from function we should reset ret to NULL, thus cleanup
|
|
function is nop.
|
|
|
|
Also context_str() returns pointer to a string containing context but not a
|
|
copy, hence we must make copy it explicitly.
|
|
---
|
|
src/shared/label.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git src/shared/label.c src/shared/label.c
|
|
index b6af38d..69d4616 100644
|
|
--- src/shared/label.c
|
|
+++ src/shared/label.c
|
|
@@ -334,7 +334,7 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
|
|
}
|
|
|
|
freecon(mycon);
|
|
- mycon = context_str(bcon);
|
|
+ mycon = strdup(context_str(bcon));
|
|
if (!mycon) {
|
|
r = -errno;
|
|
goto out;
|
|
@@ -348,6 +348,7 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
|
|
}
|
|
|
|
*label = ret;
|
|
+ ret = NULL;
|
|
r = 0;
|
|
|
|
out:
|
|
--
|
|
1.7.9.2
|
|
|