| e6edc424555d4f8d1d6a968072e137a77656d480 |
|
07-Apr-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol: do not seg fault on sepol_*_key_free(NULL)
sepol_*_key_free(NULL) should just be a no-op just like
free(NULL). Fix several instances that did not handle this
correctly and would seg fault if called with NULL.
Test: setsebool -P zebra_write_config=1 while non-root
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/user_record.c
|
| b251dbba9845e36b93b59b7489ddfd9113009283 |
|
28-Mar-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol: fix use-after-free in sepol_user_clone()
When sepol_user_add_role() fails to allocate memory for role_cp but
succeeds in reallocating user->roles memory, it frees this reallocated
memory, thus leaving user->roles referencing a free memory block. When
sepol_user_clone() calls sepol_user_free(new_user) because the
allocation failure made sepol_user_add_role() fail, the following code
is executed:
for (i = 0; i < user->num_roles; i++)
free(user->roles[i]);
free(user->roles);
As user->roles has been freed, this code frees pointers which may be
invalid and then tries to free user->roles again.
Fix this flaw by returning right after strdup() failed in
sepol_user_add_role().
This issue has been found using clang's static analyzer.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/src/user_record.c
|
| eac6f1f1b5125fde76dedb2f3e806a69f8a3e9ff |
|
08-Nov-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol: sepol_{bool|iface|user}_key_create: copy name
The sepol_{bool|iface|user}_key_create() functions were not
copying the name. This produces a use-after-free in the
swig-generated code for python3 bindings. Copy the name
in these functions, and free it upon sepol_{bool|iface|user}_key_free().
Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/user_record.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsepol/src/user_record.c
|