summarylogtreecommitdiffstats
path: root/0003-libsemanage-semanage_seuser_key_create-copy-name.patch
diff options
context:
space:
mode:
Diffstat (limited to '0003-libsemanage-semanage_seuser_key_create-copy-name.patch')
-rw-r--r--0003-libsemanage-semanage_seuser_key_create-copy-name.patch65
1 files changed, 65 insertions, 0 deletions
diff --git a/0003-libsemanage-semanage_seuser_key_create-copy-name.patch b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch
new file mode 100644
index 000000000000..d75e4cb728a2
--- /dev/null
+++ b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch
@@ -0,0 +1,65 @@
+From 7c040a554e2c576cfa787335def949b277a19917 Mon Sep 17 00:00:00 2001
+From: Nicolas Iooss <nicolas.iooss@m4x.org>
+Date: Sat, 12 Nov 2016 13:05:03 +0100
+Subject: [PATCH] libsemanage: semanage_seuser_key_create: copy name
+
+When removing a login using semanage with Python 3 the following error
+occurs:
+
+ # semanage login -l | grep my_user
+ my_user user_u
+
+ # semanage login --delete my_user
+ ValueError: Login mapping for my_user is not defined
+
+This is due to a use-after-free in the swig-generated code for python3
+bindings.
+
+Copy the user name in semanage_seuser_key_create() and free it in
+semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol:
+sepol_{bool|iface|user}_key_create: copy name") did.
+
+Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
+---
+ libsemanage/src/seuser_record.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c
+index 8823b1ed1c7b..1ed459486228 100644
+--- a/libsemanage/src/seuser_record.c
++++ b/libsemanage/src/seuser_record.c
+@@ -33,7 +33,7 @@ struct semanage_seuser {
+
+ struct semanage_seuser_key {
+ /* This user's name */
+- const char *name;
++ char *name;
+ };
+
+ int semanage_seuser_key_create(semanage_handle_t * handle,
+@@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle,
+ ERR(handle, "out of memory, could not create seuser key");
+ return STATUS_ERR;
+ }
+- tmp_key->name = name;
++ tmp_key->name = strdup(name);
++ if (!tmp_key->name) {
++ ERR(handle, "out of memory, could not create seuser key");
++ free(tmp_key);
++ return STATUS_ERR;
++ }
+
+ *key_ptr = tmp_key;
+ return STATUS_SUCCESS;
+@@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract)
+
+ void semanage_seuser_key_free(semanage_seuser_key_t * key)
+ {
+-
++ free(key->name);
+ free(key);
+ }
+
+--
+2.10.2
+