From 7a8654ed855913131c0b5225cbee6d36f4948a3c Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 24 Jan 2025 13:39:29 +0100 Subject: [PATCH] libselinux-2.9-10 - Close old selabel handle when setting a new one (RHEL-73348) Resolves: RHEL-73348 - Fix NULL pointer use in selinux_restorecon_set_sehandle (RHEL-74252) Resolves: RHEL-74252 --- ...ULL-pointer-use-in-selinux_restoreco.patch | 34 +++++++++++++++++++ ...-old-selabel-handle-when-setting-a-n.patch | 34 +++++++++++++++++++ libselinux.spec | 8 ++++- 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch create mode 100644 0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch diff --git a/0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch b/0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch new file mode 100644 index 0000000..7af42c9 --- /dev/null +++ b/0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch @@ -0,0 +1,34 @@ +From f232f9013f04234f0c9a457499ccc9ee2254d7b3 Mon Sep 17 00:00:00 2001 +From: Ji Qin +Date: Sun, 14 Jun 2020 21:20:23 -0400 +Subject: [PATCH] libselinux: Fix NULL pointer use in + selinux_restorecon_set_sehandle +Content-type: text/plain + +error occur when selinux_restorecon_default_handle return NULL in +restorecon_init. + +fixes: https://github.com/SELinuxProject/selinux/issues/249 + +Signed-off-by: Ji Qin +Acked-by: Stephen Smalley +--- + libselinux/src/selinux_restorecon.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index b37027640926..a57932c0602b 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -1062,6 +1062,8 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl) + size_t num_specfiles; + + fc_sehandle = (struct selabel_handle *) hndl; ++ if (!fc_sehandle) ++ return; + + /* + * Read digest if requested in selabel_open(3) and set global params. +-- +2.48.1 + diff --git a/0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch b/0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch new file mode 100644 index 0000000..3a8b7fb --- /dev/null +++ b/0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch @@ -0,0 +1,34 @@ +From 2bbacbb31d18d9856ca13b6e49a2bfeb34b22b1b Mon Sep 17 00:00:00 2001 +From: James Carter +Date: Wed, 22 Jan 2025 10:58:27 -0500 +Subject: [PATCH] libselinux: Close old selabel handle when setting a new one +Content-type: text/plain + +In selinux_restorecon_set_sehandle(), close the old selabel handle +(if it exists) before setting the new one. + +Signed-off-by: James Carter +--- + libselinux/src/selinux_restorecon.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c +index a57932c0602b..db56cc7e587b 100644 +--- a/libselinux/src/selinux_restorecon.c ++++ b/libselinux/src/selinux_restorecon.c +@@ -1061,7 +1061,11 @@ void selinux_restorecon_set_sehandle(struct selabel_handle *hndl) + char **specfiles; + size_t num_specfiles; + +- fc_sehandle = (struct selabel_handle *) hndl; ++ if (fc_sehandle) { ++ selabel_close(fc_sehandle); ++ } ++ ++ fc_sehandle = (struct selabel_handle *) hndl; + if (!fc_sehandle) + return; + +-- +2.48.1 + diff --git a/libselinux.spec b/libselinux.spec index 3aedcea..e962c72 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -6,7 +6,7 @@ %endif %define libsepolver 2.9-1 -%define libselinuxrelease 9 +%define libselinuxrelease 10 Summary: SELinux library and simple utilities Name: libselinux @@ -34,6 +34,8 @@ Patch0012: 0012-libselinux-Strip-spaces-before-values-in-config.patch Patch0013: 0013-libselinux-Ignore-missing-directories-when-i-is-used.patch Patch0014: 0014-libselinux-restorecon-Fix-memory-leak-xattr_value.patch Patch0015: 0015-libselinux-restorecon-Include-selinux-label.h.patch +Patch0016: 0016-libselinux-Fix-NULL-pointer-use-in-selinux_restoreco.patch +Patch0017: 0017-libselinux-Close-old-selabel-handle-when-setting-a-n.patch BuildRequires: gcc %if 0%{?with_ruby} @@ -281,6 +283,10 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool* %endif %changelog +* Fri Jan 24 2025 Petr Lautrbach - 2.9-10 +- Close old selabel handle when setting a new one (RHEL-73348) +- Fix NULL pointer use in selinux_restorecon_set_sehandle (RHEL-74252) + * Mon Jul 29 2024 Vit Mojzis - 2.9-9 - restorecon: Include (RHEL-50830)