From 5f729783808512a95782af421347e59d3052f6a6 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 13 Jul 2012 16:37:22 -0400 Subject: [PATCH] Attempt to allocate memory for selinux_binary_policy_path and free memory - allocated by asprintf. --- libsemanage-rhat.patch | 51 +++++++++++++++++++++++++++++++++++++++--- libsemanage.spec | 7 +++--- 2 files changed, 52 insertions(+), 6 deletions(-) diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index 6c5a31e..f60ce5e 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -29,15 +29,60 @@ index fc64919..c63bb22 100644 $(LIBA): $(OBJS) $(AR) rcs $@ $^ diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c -index 7fcd2b4..f5cd4d0 100644 +index 7fcd2b4..18babe6 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c -@@ -147,7 +147,8 @@ const char *semanage_binary_policy_path() { +@@ -52,6 +52,26 @@ static char *private_usersconf_path = NULL; + static char *private_netfilter_context_path = NULL; + static char *private_policy_root = NULL; + ++static char *get_policy_path(void) { ++ char *dup_path = NULL; ++ int max = security_policyvers(); ++ if (max < 0) ++ max = sepol_policy_kern_vers_max(); ++ ++ char *policy_path = selinux_binary_policy_path_min_max(0, &max); ++ if (policy_path) { ++ dup_path = strdup(policy_path); ++ free(policy_path); ++ } else { ++ /* No Policy installed so just do max */ ++ int ret = asprintf(&policy_path, "%s.%d", selinux_binary_policy_path(), sepol_policy_kern_vers_max()); ++ if (ret > 0) ++ dup_path = strdup(policy_path); ++ free(policy_path); ++ } ++ return dup_path; ++} ++ + void semanage_free_root() { + free(private_selinux_path); private_selinux_path = NULL; + free(private_semanage_conf_path); private_semanage_conf_path = NULL; +@@ -91,9 +111,15 @@ int semanage_set_root(const char *path) { + goto error; + } + +- if ( asprintf(&private_binary_policy_path, "%s/%s", path, selinux_binary_policy_path()) < 0 ) { ++ char *policy_path = get_policy_path(); ++ if (! policy_path) ++ goto error; ++ ++ if ( asprintf(&private_binary_policy_path, "%s/%s", path, policy_path) < 0 ) { ++ free(policy_path); + goto error; + } ++ free(policy_path); + + if ( asprintf(&private_usersconf_path, "%s/%s", path, selinux_usersconf_path()) < 0 ) { + goto error; +@@ -147,7 +173,9 @@ const char *semanage_binary_policy_path() { // printf("private_binary_policy_path %s\n", private_binary_policy_path); if (private_binary_policy_path) return private_binary_policy_path; - return selinux_binary_policy_path(); -+ private_binary_policy_path = selinux_binary_policy_path(); ++ ++ private_binary_policy_path = get_policy_path(); + return private_binary_policy_path; } diff --git a/libsemanage.spec b/libsemanage.spec index 27e373a..6cd7497 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -5,7 +5,7 @@ %endif %define libsepolver 2.1.5-1 -%define libselinuxver 2.1.10-1 +%define libselinuxver 2.1.11-2 Summary: SELinux binary policy manipulation library Name: libsemanage @@ -180,8 +180,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif # if with_python3 %changelog -* Thu Jul 12 2012 Dan Walsh - 2.1.8-3 -- Revert Eric Paris Patch for binary_policy_path +* Fri Jul 13 2012 Dan Walsh - 2.1.8-3 +- Attempt to allocate memory for selinux_binary_policy_path and free memory +- allocated by asprintf. * Thu Jul 12 2012 Dan Walsh - 2.1.8-2 - Fix asprintf within an asprintf call