rpm/libsepol
SHA256
1
0
Fork 0
forked from pool/libsepol
Code Pull Requests Activity
dbf4cf0499
libsepol/CVE-2021-36085.patch
Johannes Segitz d28af01c4e Accepting request 904153 from home:jsegitz:branches:security:SELinux 
- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
  Added CVE-2021-36085.patch
- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
  Added CVE-2021-36086.patch

OBS-URL: https://build.opensuse.org/request/show/904153
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=87
2021-07-05 12:52:59 +00:00

34 lines
1.3 KiB
Diff
Raw Blame History

From 2d35fcc7e9e976a2346b1de20e54f8663e8a6cba Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Thu, 8 Apr 2021 13:32:04 -0400
Subject: [PATCH] libsepol/cil: Destroy classperm list when resetting map perms
Map perms share the same struct as regular perms, but only the
map perms use the classperms field. This field is a pointer to a
list of classperms that is created and added to when resolving
classmapping rules, so the map permission doesn't own any of the
data in the list and this list should be destroyed when the AST is
reset.
When resetting a perm, destroy the classperms list without destroying
the data in the list.
Signed-off-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_reset_ast.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: libsepol/libsepol-3.2/cil/src/cil_reset_ast.c
===================================================================
--- libsepol.orig/libsepol-3.2/cil/src/cil_reset_ast.c
+++ libsepol/libsepol-3.2/cil/src/cil_reset_ast.c
@@ -36,7 +36,7 @@ static void cil_reset_class(struct cil_c
static void cil_reset_perm(struct cil_perm *perm)
{
- cil_reset_classperms_list(perm->classperms);
+ cil_list_destroy(&perm->classperms, CIL_FALSE);
}
static inline void cil_reset_classperms(struct cil_classperms *cp)
View Git Blame Copy Permalink