[systemd-devel] [PATCH 1/2] selinux: fix potential double free crash in child process
Michal Sekletar
msekleta at redhat.com
Wed Oct 15 00:37:10 PDT 2014
On Mon, Oct 13, 2014 at 05:14:24PM +0200, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Oct 13, 2014 at 04:57:12PM +0200, Michal Sekletar wrote:
> > Before returning from function we should reset ret to NULL, thus cleanup
> > function is nop.
> >
> > Also context_str() returns pointer to a string containing context but not a
> > copy, hence we must make copy it explicitly.
> > ---
> > src/shared/label.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/src/shared/label.c b/src/shared/label.c
> > index b6af38d..89fb49e 100644
> > --- a/src/shared/label.c
> > +++ b/src/shared/label.c
> > @@ -334,7 +334,8 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
> > }
> >
> > freecon(mycon);
> > - mycon = context_str(bcon);
> > + mycon = NULL;
> This line doesn't make sense.
Will remove it.
>
> > + mycon = strdup(context_str(bcon));
> > if (!mycon) {
> > r = -errno;
> > goto out;
> > @@ -348,6 +349,7 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
> > }
> >
> > *label = ret;
> > + ret = NULL;
> > r = 0;
> Otherwise looks good.
I will amend and push then.
Thanks,
Michal
>
> Zbyszek
More information about the systemd-devel
mailing list