diff options
Diffstat (limited to '0003-libsemanage-semanage_seuser_key_create-copy-name.patch')
-rw-r--r-- | 0003-libsemanage-semanage_seuser_key_create-copy-name.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/0003-libsemanage-semanage_seuser_key_create-copy-name.patch b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch new file mode 100644 index 000000000000..d75e4cb728a2 --- /dev/null +++ b/0003-libsemanage-semanage_seuser_key_create-copy-name.patch @@ -0,0 +1,65 @@ +From 7c040a554e2c576cfa787335def949b277a19917 Mon Sep 17 00:00:00 2001 +From: Nicolas Iooss <nicolas.iooss@m4x.org> +Date: Sat, 12 Nov 2016 13:05:03 +0100 +Subject: [PATCH] libsemanage: semanage_seuser_key_create: copy name + +When removing a login using semanage with Python 3 the following error +occurs: + + # semanage login -l | grep my_user + my_user user_u + + # semanage login --delete my_user + ValueError: Login mapping for my_user is not defined + +This is due to a use-after-free in the swig-generated code for python3 +bindings. + +Copy the user name in semanage_seuser_key_create() and free it in +semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol: +sepol_{bool|iface|user}_key_create: copy name") did. + +Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> +--- + libsemanage/src/seuser_record.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c +index 8823b1ed1c7b..1ed459486228 100644 +--- a/libsemanage/src/seuser_record.c ++++ b/libsemanage/src/seuser_record.c +@@ -33,7 +33,7 @@ struct semanage_seuser { + + struct semanage_seuser_key { + /* This user's name */ +- const char *name; ++ char *name; + }; + + int semanage_seuser_key_create(semanage_handle_t * handle, +@@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle, + ERR(handle, "out of memory, could not create seuser key"); + return STATUS_ERR; + } +- tmp_key->name = name; ++ tmp_key->name = strdup(name); ++ if (!tmp_key->name) { ++ ERR(handle, "out of memory, could not create seuser key"); ++ free(tmp_key); ++ return STATUS_ERR; ++ } + + *key_ptr = tmp_key; + return STATUS_SUCCESS; +@@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract) + + void semanage_seuser_key_free(semanage_seuser_key_t * key) + { +- ++ free(key->name); + free(key); + } + +-- +2.10.2 + |