rpms/libselinux
7
0
Fork 0
Code Issues Pull Requests Releases Activity

libselinux-2.8-5

Browse Source 
- Fix RESOURCE_LEAK coverity scan defects
This commit is contained in:
Petr Lautrbach 2018-11-13 10:29:36 +01:00
parent debb5ae895
commit 9588e46203
2 changed files with 156 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
libselinux-fedora.patch
View File

@ -121,6 +121,22 @@ index ba4c9a2..c815872 100644
if (!selinux_mnt) { if (!selinux_mnt) {
errno = ENOENT; errno = ENOENT;
return -1; return -1;
diff --git libselinux-2.8/src/checkAccess.c libselinux-2.8/src/checkAccess.c
index 8de5747..16bfcfb 100644
--- libselinux-2.8/src/checkAccess.c
+++ libselinux-2.8/src/checkAccess.c
@@ -89,8 +89,10 @@ int selinux_check_passwd_access(access_vector_t requested)
int retval;
passwd_class = string_to_security_class("passwd");
- if (passwd_class == 0)
+ if (passwd_class == 0) {
+ freecon(user_context);
return 0;
+ }
retval = security_compute_av_raw(user_context,
user_context,
diff --git libselinux-2.8/src/check_context.c libselinux-2.8/src/check_context.c diff --git libselinux-2.8/src/check_context.c libselinux-2.8/src/check_context.c
index 8a7997f..5be8434 100644 index 8a7997f..5be8434 100644
--- libselinux-2.8/src/check_context.c --- libselinux-2.8/src/check_context.c
@ -236,6 +252,63 @@ index 52707d0..0cbe12d 100644
if (rc < 0 && errno == ENOTSUP) { if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL; char * ccontext = NULL;
int err = errno; int err = errno;
diff --git libselinux-2.8/src/label_db.c libselinux-2.8/src/label_db.c
index c46d0a1..fa481e0 100644
--- libselinux-2.8/src/label_db.c
+++ libselinux-2.8/src/label_db.c
@@ -283,10 +283,12 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
}
if (fstat(fileno(filp), &sb) < 0) {
free(catalog);
+ fclose(filp);
return NULL;
}
if (!S_ISREG(sb.st_mode)) {
free(catalog);
+ fclose(filp);
errno = EINVAL;
return NULL;
}
@@ -340,6 +342,7 @@ out_error:
free(spec->lr.ctx_trans);
}
free(catalog);
+ fclose(filp);
return NULL;
}
diff --git libselinux-2.8/src/label_file.c libselinux-2.8/src/label_file.c
index 560d8c3..21c8d36 100644
--- libselinux-2.8/src/label_file.c
+++ libselinux-2.8/src/label_file.c
@@ -317,8 +317,10 @@ end_arch_check:
goto out;
}
rc = next_entry(str_buf, mmap_area, entry_len);
- if (rc < 0)
+ if (rc < 0) {
+ free(str_buf);
goto out;
+ }
if (str_buf[entry_len - 1] != '\0') {
free(str_buf);
diff --git libselinux-2.8/src/load_policy.c libselinux-2.8/src/load_policy.c
index e9f1264..20052be 100644
--- libselinux-2.8/src/load_policy.c
+++ libselinux-2.8/src/load_policy.c
@@ -262,8 +262,10 @@ checkbool:
rc = security_get_boolean_names(&names, &len);
if (!rc) {
values = malloc(sizeof(int) * len);
- if (!values)
+ if (!values) {
+ free(names);
goto unmap;
+ }
for (i = 0; i < len; i++)
values[i] =
security_get_boolean_active(names[i]);
diff --git libselinux-2.8/src/lsetfilecon.c libselinux-2.8/src/lsetfilecon.c diff --git libselinux-2.8/src/lsetfilecon.c libselinux-2.8/src/lsetfilecon.c
index 1d3b28a..ea6d70b 100644 index 1d3b28a..ea6d70b 100644
--- libselinux-2.8/src/lsetfilecon.c --- libselinux-2.8/src/lsetfilecon.c
@ -256,6 +329,83 @@ index 1d3b28a..ea6d70b 100644
if (rc < 0 && errno == ENOTSUP) { if (rc < 0 && errno == ENOTSUP) {
char * ccontext = NULL; char * ccontext = NULL;
int err = errno; int err = errno;
diff --git libselinux-2.8/src/selinux_config.c libselinux-2.8/src/selinux_config.c
index 292728f..b06cb63 100644
--- libselinux-2.8/src/selinux_config.c
+++ libselinux-2.8/src/selinux_config.c
@@ -177,8 +177,7 @@ static void init_selinux_config(void)
if (!strncasecmp(buf_p, SELINUXTYPETAG,
sizeof(SELINUXTYPETAG) - 1)) {
- selinux_policytype = type =
- strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
+ type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
if (!type)
return;
end = type + strlen(type) - 1;
@@ -187,6 +186,11 @@ static void init_selinux_config(void)
*end = 0;
end--;
}
+ if (setpolicytype(type) != 0) {
+ free(type);
+ return;
+ }
+ free(type);
continue;
} else if (!strncmp(buf_p, SETLOCALDEFS,
sizeof(SETLOCALDEFS) - 1)) {
@@ -212,13 +216,10 @@ static void init_selinux_config(void)
fclose(fp);
}
- if (!type) {
- selinux_policytype = type = strdup(SELINUXDEFAULT);
- if (!type)
- return;
- }
+ if (!selinux_policytype && setpolicytype(SELINUXDEFAULT) != 0)
+ return;
- if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, type) == -1)
+ if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, selinux_policytype) == -1)
return;
for (i = 0; i < NEL; i++)
diff --git libselinux-2.8/src/selinux_restorecon.c libselinux-2.8/src/selinux_restorecon.c
index ced4115..8714a70 100644
--- libselinux-2.8/src/selinux_restorecon.c
+++ libselinux-2.8/src/selinux_restorecon.c
@@ -350,12 +350,19 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
new_entry->next = NULL;
new_entry->directory = strdup(directory);
- if (!new_entry->directory)
+ if (!new_entry->directory) {
+ free(new_entry);
+ free(sha1_buf);
goto oom;
+ }
new_entry->digest = strdup(sha1_buf);
- if (!new_entry->digest)
+ if (!new_entry->digest) {
+ free(new_entry->directory);
+ free(new_entry);
+ free(sha1_buf);
goto oom;
+ }
new_entry->result = digest_result;
@@ -849,6 +856,7 @@ int selinux_restorecon(const char *pathname_orig,
if (lstat(pathname, &sb) < 0) {
if (flags.ignore_noent && errno == ENOENT) {
+ free(xattr_value);
free(pathdnamer);
free(pathname);
return 0;
diff --git libselinux-2.8/src/setfilecon.c libselinux-2.8/src/setfilecon.c diff --git libselinux-2.8/src/setfilecon.c libselinux-2.8/src/setfilecon.c
index d05969c..3f0200e 100644 index d05969c..3f0200e 100644
--- libselinux-2.8/src/setfilecon.c --- libselinux-2.8/src/setfilecon.c

9
libselinux.spec
View File

@ -1,10 +1,10 @@
%define ruby_inc %(pkg-config --cflags ruby) %define ruby_inc %(pkg-config --cflags ruby)
%define libsepolver 2.8-1 %define libsepolver 2.8-3
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 2.8 Version: 2.8
Release: 4%{?dist} Release: 5%{?dist}
License: Public Domain License: Public Domain
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-2.8.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-2.8.tar.gz
@ -14,7 +14,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.8 ./make-fedora-selinux-patch.sh libselinux # $ VERSION=2.8 ./make-fedora-selinux-patch.sh libselinux
# HEAD https://github.com/fedora-selinux/selinux/commit/db1433d3b785eadb4eecf5c82430d57c92855a35 # HEAD https://github.com/fedora-selinux/selinux/commit/decd49caec76a87817686f84716503151cf2be5d
Patch1: libselinux-fedora.patch Patch1: libselinux-fedora.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@ -229,6 +229,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
%{ruby_vendorarchdir}/selinux.so %{ruby_vendorarchdir}/selinux.so
%changelog %changelog
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
- Fix RESOURCE_LEAK coverity scan defects
* Tue Sep 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4 * Tue Sep 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
- Fix the whatis line for the selinux_boolean_sub.3 manpage - Fix the whatis line for the selinux_boolean_sub.3 manpage
- Fix line wrapping in selabel_file.5 - Fix line wrapping in selabel_file.5