rpms/libsepol
6
0
Fork 0
Code Issues Pull Requests Releases Activity

libsepol-3.6-2

Browse Source 
- sepol_compute_sid: Do not destroy uninitialized context

Resolves: RHEL-28964
This commit is contained in:
Petr Lautrbach 2025-01-10 17:16:26 +01:00
parent d568b2713a
commit 15d6b46b43
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
0004-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch Normal file
View File

@ -0,0 +1,52 @@
From 9f30f8d7997d49289bc9c09a85934a5b3f83c3a4 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 19 Jul 2024 18:17:13 +0200
Subject: [PATCH] libsepol/sepol_compute_sid: Do not destroy uninitialized
context
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain
Avoid context_destroy() on "newcontext" before context_init() is called.
Fixes:
libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer.
libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy".
\# 1460| rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid);
\# 1461| out:
\# 1462|-> context_destroy(&newcontext);
\# 1463| return rc;
\# 1464| }
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Reviewed-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libsepol/src/services.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 0eeee7ec6ec7..51a40d1594a7 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1342,14 +1342,12 @@ static int sepol_compute_sid(sepol_security_id_t ssid,
scontext = sepol_sidtab_search(sidtab, ssid);
if (!scontext) {
ERR(NULL, "unrecognized SID %d", ssid);
- rc = -EINVAL;
- goto out;
+ return -EINVAL;
}
tcontext = sepol_sidtab_search(sidtab, tsid);
if (!tcontext) {
ERR(NULL, "unrecognized SID %d", tsid);
- rc = -EINVAL;
- goto out;
+ return -EINVAL;
}
if (tclass && tclass <= policydb->p_classes.nprim)
--
2.47.1

6
libsepol.spec
View File

@ -1,7 +1,7 @@
Summary: SELinux binary policy manipulation library Summary: SELinux binary policy manipulation library
Name: libsepol Name: libsepol
Version: 3.6 Version: 3.6
Release: 1%{?dist} Release: 2%{?dist}
License: LGPLv2+ License: LGPLv2+
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/libsepol-3.6.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6/libsepol-3.6.tar.gz
URL: https://github.com/SELinuxProject/selinux/wiki URL: https://github.com/SELinuxProject/selinux/wiki
@ -13,6 +13,7 @@ URL: https://github.com/SELinuxProject/selinux/wiki
Patch0001: 0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch Patch0001: 0001-libsepol-Bring-back-POLICYDB_CAPABILITY_-constants.patch
Patch0002: 0002-Revert-Do-not-automatically-install-Russian-translat.patch Patch0002: 0002-Revert-Do-not-automatically-install-Russian-translat.patch
Patch0003: 0003-Revert-libsepol-Remove-the-Russian-translations.patch Patch0003: 0003-Revert-libsepol-Remove-the-Russian-translations.patch
Patch0004: 0004-libsepol-sepol_compute_sid-Do-not-destroy-uninitiali.patch
# Patch list end # Patch list end
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -109,6 +110,9 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/ru/man8
%{_mandir}/man8/chkcon.8.gz %{_mandir}/man8/chkcon.8.gz
%changelog %changelog
* Fri Jan 10 2025 Petr Lautrbach <lautrbach@redhat.com> - 3.6-2
- sepol_compute_sid: Do not destroy uninitialized context (RHEL-28964)
* Wed Dec 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1 * Wed Dec 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1
- SELinux userspace 3.6 release - SELinux userspace 3.6 release