From 97954d5e8df8346c4544201349339a8684befb3f Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Thu, 21 May 2026 18:09:02 +0200 Subject: [PATCH] libsepol-3.10-2 - Fix memory leak in role_dominates_copy_callback Resolves: RHEL-147882 --- ...ory-leak-in-role_dominates_copy_call.patch | 46 +++++++++++++++++++ changelog | 3 ++ libsepol.spec | 3 +- 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 0001-libsepol-Fix-memory-leak-in-role_dominates_copy_call.patch diff --git a/0001-libsepol-Fix-memory-leak-in-role_dominates_copy_call.patch b/0001-libsepol-Fix-memory-leak-in-role_dominates_copy_call.patch new file mode 100644 index 0000000..50a51ef --- /dev/null +++ b/0001-libsepol-Fix-memory-leak-in-role_dominates_copy_call.patch @@ -0,0 +1,46 @@ +From bee83f31fddd26a87c63b1f9bd8fd87450437d6b Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Tue, 28 Apr 2026 23:34:09 +0200 +Subject: [PATCH] libsepol: Fix memory leak in role_dominates_copy_callback + +Free memory allocated by map_ebitmap in case ebitmap_union fails. + +Fixes: + Defect type: RESOURCE_LEAK + libsepol-3.10/src/expand.c:828:2: alloc_arg: "map_ebitmap" allocates memory that is stored into "mapped.node". + libsepol-3.10/src/expand.c:68:3: alloc_arg: "ebitmap_set_bit" allocates memory that is stored into "dst->node". + libsepol-3.10/src/ebitmap.c:420:2: alloc_fn: Storage is returned from allocation function "malloc". + libsepol-3.10/src/ebitmap.c:420:2: assign: Assigning: "new" = "(ebitmap_node_t *)malloc(24UL)". + libsepol-3.10/src/ebitmap.c:437:3: assign: Assigning: "e->node" = "new". + libsepol-3.10/src/expand.c:831:3: leaked_storage: Variable "mapped" going out of scope leaks the storage "mapped.node" points to. + \# 829| return -1; + \# 830| if (ebitmap_union(&new_role->dominates, &mapped)) + \# 831|-> return -1; + \# 832| ebitmap_destroy(&mapped); + \# 833| + +Signed-off-by: Vit Mojzis +Acked-by: Petr Lautrbach +--- + libsepol/src/expand.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c +index ed912b57..72804f60 100644 +--- a/libsepol/src/expand.c ++++ b/libsepol/src/expand.c +@@ -827,8 +827,10 @@ static int role_dominates_copy_callback(hashtab_key_t key __attribute__ ((unused + + if (map_ebitmap(&role->dominates, &mapped, state->rolemap)) + return -1; +- if (ebitmap_union(&new_role->dominates, &mapped)) ++ if (ebitmap_union(&new_role->dominates, &mapped)) { ++ ebitmap_destroy(&mapped); + return -1; ++ } + ebitmap_destroy(&mapped); + + return 0; +-- +2.53.0 + diff --git a/changelog b/changelog index e29525c..775bf8c 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,6 @@ +* Thu May 21 2026 Vit Mojzis - 3.10-2 +- Fix memory leak in role_dominates_copy_callback (RHEL-147882) + * Thu Feb 05 2026 Vit Mojzis - 3.10-1 - SELinux userspace 3.10 release diff --git a/libsepol.spec b/libsepol.spec index fc6d4fd..048d35f 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,7 +1,7 @@ Summary: SELinux binary policy manipulation library Name: libsepol Version: 3.10 -Release: 1%{?dist} +Release: 2%{?dist} License: LGPL-2.1-or-later Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsepol-%{version}.tar.gz Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libsepol-%{version}.tar.gz.asc @@ -12,6 +12,7 @@ URL: https://github.com/SELinuxProject/selinux/wiki # $ git format-patch -N libsepol-3.10 -- libsepol # $ i=1; for j in 0*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # Patch list start +Patch0001: 0001-libsepol-Fix-memory-leak-in-role_dominates_copy_call.patch # Patch list end BuildRequires: make BuildRequires: gcc