libselinux-2.8-5
- Fix RESOURCE_LEAK coverity scan defects
This commit is contained in:
Petr Lautrbach
parent
debb5ae895
commit
9588e46203
@ -121,6 +121,22 @@ index ba4c9a2..c815872 100644
|
||||
if (!selinux_mnt) {
|
||||
errno = ENOENT;
|
||||
return -1;
|
||||
diff --git libselinux-2.8/src/checkAccess.c libselinux-2.8/src/checkAccess.c
|
||||
index 8de5747..16bfcfb 100644
|
||||
--- libselinux-2.8/src/checkAccess.c
|
||||
+++ libselinux-2.8/src/checkAccess.c
|
||||
@@ -89,8 +89,10 @@ int selinux_check_passwd_access(access_vector_t requested)
|
||||
int retval;
|
||||
|
||||
passwd_class = string_to_security_class("passwd");
|
||||
- if (passwd_class == 0)
|
||||
+ if (passwd_class == 0) {
|
||||
+ freecon(user_context);
|
||||
return 0;
|
||||
+ }
|
||||
|
||||
retval = security_compute_av_raw(user_context,
|
||||
user_context,
|
||||
diff --git libselinux-2.8/src/check_context.c libselinux-2.8/src/check_context.c
|
||||
index 8a7997f..5be8434 100644
|
||||
--- libselinux-2.8/src/check_context.c
|
||||
@ -236,6 +252,63 @@ index 52707d0..0cbe12d 100644
|
||||
if (rc < 0 && errno == ENOTSUP) {
|
||||
char * ccontext = NULL;
|
||||
int err = errno;
|
||||
diff --git libselinux-2.8/src/label_db.c libselinux-2.8/src/label_db.c
|
||||
index c46d0a1..fa481e0 100644
|
||||
--- libselinux-2.8/src/label_db.c
|
||||
+++ libselinux-2.8/src/label_db.c
|
||||
@@ -283,10 +283,12 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
|
||||
}
|
||||
if (fstat(fileno(filp), &sb) < 0) {
|
||||
free(catalog);
|
||||
+ fclose(filp);
|
||||
return NULL;
|
||||
}
|
||||
if (!S_ISREG(sb.st_mode)) {
|
||||
free(catalog);
|
||||
+ fclose(filp);
|
||||
errno = EINVAL;
|
||||
return NULL;
|
||||
}
|
||||
@@ -340,6 +342,7 @@ out_error:
|
||||
free(spec->lr.ctx_trans);
|
||||
}
|
||||
free(catalog);
|
||||
+ fclose(filp);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
diff --git libselinux-2.8/src/label_file.c libselinux-2.8/src/label_file.c
|
||||
index 560d8c3..21c8d36 100644
|
||||
--- libselinux-2.8/src/label_file.c
|
||||
+++ libselinux-2.8/src/label_file.c
|
||||
@@ -317,8 +317,10 @@ end_arch_check:
|
||||
goto out;
|
||||
}
|
||||
rc = next_entry(str_buf, mmap_area, entry_len);
|
||||
- if (rc < 0)
|
||||
+ if (rc < 0) {
|
||||
+ free(str_buf);
|
||||
goto out;
|
||||
+ }
|
||||
|
||||
if (str_buf[entry_len - 1] != '\0') {
|
||||
free(str_buf);
|
||||
diff --git libselinux-2.8/src/load_policy.c libselinux-2.8/src/load_policy.c
|
||||
index e9f1264..20052be 100644
|
||||
--- libselinux-2.8/src/load_policy.c
|
||||
+++ libselinux-2.8/src/load_policy.c
|
||||
@@ -262,8 +262,10 @@ checkbool:
|
||||
rc = security_get_boolean_names(&names, &len);
|
||||
if (!rc) {
|
||||
values = malloc(sizeof(int) * len);
|
||||
- if (!values)
|
||||
+ if (!values) {
|
||||
+ free(names);
|
||||
goto unmap;
|
||||
+ }
|
||||
for (i = 0; i < len; i++)
|
||||
values[i] =
|
||||
security_get_boolean_active(names[i]);
|
||||
diff --git libselinux-2.8/src/lsetfilecon.c libselinux-2.8/src/lsetfilecon.c
|
||||
index 1d3b28a..ea6d70b 100644
|
||||
--- libselinux-2.8/src/lsetfilecon.c
|
||||
@ -256,6 +329,83 @@ index 1d3b28a..ea6d70b 100644
|
||||
if (rc < 0 && errno == ENOTSUP) {
|
||||
char * ccontext = NULL;
|
||||
int err = errno;
|
||||
diff --git libselinux-2.8/src/selinux_config.c libselinux-2.8/src/selinux_config.c
|
||||
index 292728f..b06cb63 100644
|
||||
--- libselinux-2.8/src/selinux_config.c
|
||||
+++ libselinux-2.8/src/selinux_config.c
|
||||
@@ -177,8 +177,7 @@ static void init_selinux_config(void)
|
||||
|
||||
if (!strncasecmp(buf_p, SELINUXTYPETAG,
|
||||
sizeof(SELINUXTYPETAG) - 1)) {
|
||||
- selinux_policytype = type =
|
||||
- strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
|
||||
+ type = strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
|
||||
if (!type)
|
||||
return;
|
||||
end = type + strlen(type) - 1;
|
||||
@@ -187,6 +186,11 @@ static void init_selinux_config(void)
|
||||
*end = 0;
|
||||
end--;
|
||||
}
|
||||
+ if (setpolicytype(type) != 0) {
|
||||
+ free(type);
|
||||
+ return;
|
||||
+ }
|
||||
+ free(type);
|
||||
continue;
|
||||
} else if (!strncmp(buf_p, SETLOCALDEFS,
|
||||
sizeof(SETLOCALDEFS) - 1)) {
|
||||
@@ -212,13 +216,10 @@ static void init_selinux_config(void)
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
- if (!type) {
|
||||
- selinux_policytype = type = strdup(SELINUXDEFAULT);
|
||||
- if (!type)
|
||||
- return;
|
||||
- }
|
||||
+ if (!selinux_policytype && setpolicytype(SELINUXDEFAULT) != 0)
|
||||
+ return;
|
||||
|
||||
- if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, type) == -1)
|
||||
+ if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, selinux_policytype) == -1)
|
||||
return;
|
||||
|
||||
for (i = 0; i < NEL; i++)
|
||||
diff --git libselinux-2.8/src/selinux_restorecon.c libselinux-2.8/src/selinux_restorecon.c
|
||||
index ced4115..8714a70 100644
|
||||
--- libselinux-2.8/src/selinux_restorecon.c
|
||||
+++ libselinux-2.8/src/selinux_restorecon.c
|
||||
@@ -350,12 +350,19 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
|
||||
new_entry->next = NULL;
|
||||
|
||||
new_entry->directory = strdup(directory);
|
||||
- if (!new_entry->directory)
|
||||
+ if (!new_entry->directory) {
|
||||
+ free(new_entry);
|
||||
+ free(sha1_buf);
|
||||
goto oom;
|
||||
+ }
|
||||
|
||||
new_entry->digest = strdup(sha1_buf);
|
||||
- if (!new_entry->digest)
|
||||
+ if (!new_entry->digest) {
|
||||
+ free(new_entry->directory);
|
||||
+ free(new_entry);
|
||||
+ free(sha1_buf);
|
||||
goto oom;
|
||||
+ }
|
||||
|
||||
new_entry->result = digest_result;
|
||||
|
||||
@@ -849,6 +856,7 @@ int selinux_restorecon(const char *pathname_orig,
|
||||
|
||||
if (lstat(pathname, &sb) < 0) {
|
||||
if (flags.ignore_noent && errno == ENOENT) {
|
||||
+ free(xattr_value);
|
||||
free(pathdnamer);
|
||||
free(pathname);
|
||||
return 0;
|
||||
diff --git libselinux-2.8/src/setfilecon.c libselinux-2.8/src/setfilecon.c
|
||||
index d05969c..3f0200e 100644
|
||||
--- libselinux-2.8/src/setfilecon.c
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
%define ruby_inc %(pkg-config --cflags ruby)
|
||||
%define libsepolver 2.8-1
|
||||
%define libsepolver 2.8-3
|
||||
|
||||
Summary: SELinux library and simple utilities
|
||||
Name: libselinux
|
||||
Version: 2.8
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: Public Domain
|
||||
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/libselinux-2.8.tar.gz
|
||||
@ -14,7 +14,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
|
||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||
# run:
|
||||
# $ VERSION=2.8 ./make-fedora-selinux-patch.sh libselinux
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/db1433d3b785eadb4eecf5c82430d57c92855a35
|
||||
# HEAD https://github.com/fedora-selinux/selinux/commit/decd49caec76a87817686f84716503151cf2be5d
|
||||
Patch1: libselinux-fedora.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: python2 python2-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
|
||||
@ -229,6 +229,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
|
||||
%{ruby_vendorarchdir}/selinux.so
|
||||
|
||||
%changelog
|
||||
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
|
||||
- Fix RESOURCE_LEAK coverity scan defects
|
||||
|
||||
* Tue Sep 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
|
||||
- Fix the whatis line for the selinux_boolean_sub.3 manpage
|
||||
- Fix line wrapping in selabel_file.5
|
||||
|
||||
Loading…
Reference in New Issue
Block a user