e6edc424555d4f8d1d6a968072e137a77656d480 |
|
07-Apr-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol: do not seg fault on sepol_*_key_free(NULL) sepol_*_key_free(NULL) should just be a no-op just like free(NULL). Fix several instances that did not handle this correctly and would seg fault if called with NULL. Test: setsebool -P zebra_write_config=1 while non-root Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/user_record.c
|
b251dbba9845e36b93b59b7489ddfd9113009283 |
|
28-Mar-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol: fix use-after-free in sepol_user_clone() When sepol_user_add_role() fails to allocate memory for role_cp but succeeds in reallocating user->roles memory, it frees this reallocated memory, thus leaving user->roles referencing a free memory block. When sepol_user_clone() calls sepol_user_free(new_user) because the allocation failure made sepol_user_add_role() fail, the following code is executed: for (i = 0; i < user->num_roles; i++) free(user->roles[i]); free(user->roles); As user->roles has been freed, this code frees pointers which may be invalid and then tries to free user->roles again. Fix this flaw by returning right after strdup() failed in sepol_user_add_role(). This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/src/user_record.c
|
eac6f1f1b5125fde76dedb2f3e806a69f8a3e9ff |
|
08-Nov-2016 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol: sepol_{bool|iface|user}_key_create: copy name The sepol_{bool|iface|user}_key_create() functions were not copying the name. This produces a use-after-free in the swig-generated code for python3 bindings. Copy the name in these functions, and free it upon sepol_{bool|iface|user}_key_free(). Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/user_record.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsepol/src/user_record.c
|