[systemd-devel] [PATCH 1/2] selinux: fix potential double free crash in child process
Michal Sekletar
msekleta at redhat.com
Mon Oct 13 07:57:12 PDT 2014
Before returning from function we should reset ret to NULL, thus cleanup
function is nop.
Also context_str() returns pointer to a string containing context but not a
copy, hence we must make copy it explicitly.
---
src/shared/label.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/shared/label.c b/src/shared/label.c
index b6af38d..89fb49e 100644
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -334,7 +334,8 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
}
freecon(mycon);
- mycon = context_str(bcon);
+ mycon = NULL;
+ mycon = strdup(context_str(bcon));
if (!mycon) {
r = -errno;
goto out;
@@ -348,6 +349,7 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
}
*label = ret;
+ ret = NULL;
r = 0;
out:
--
1.8.3.1
More information about the systemd-devel
mailing list