[systemd-devel] [PATCH 1/2] selinux: fix potential double free crash in child process
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Mon Oct 13 08:14:24 PDT 2014
On Mon, Oct 13, 2014 at 04:57:12PM +0200, Michal Sekletar wrote:
> Before returning from function we should reset ret to NULL, thus cleanup
> function is nop.
>
> Also context_str() returns pointer to a string containing context but not a
> copy, hence we must make copy it explicitly.
> ---
> src/shared/label.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/shared/label.c b/src/shared/label.c
> index b6af38d..89fb49e 100644
> --- a/src/shared/label.c
> +++ b/src/shared/label.c
> @@ -334,7 +334,8 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
> }
>
> freecon(mycon);
> - mycon = context_str(bcon);
> + mycon = NULL;
This line doesn't make sense.
> + mycon = strdup(context_str(bcon));
> if (!mycon) {
> r = -errno;
> goto out;
> @@ -348,6 +349,7 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
> }
>
> *label = ret;
> + ret = NULL;
> r = 0;
Otherwise looks good.
Zbyszek
More information about the systemd-devel
mailing list