On 08/25/2015 10:05 AM, Petr Lautrbach wrote:
sepol_*_key_create functions, which create keys based only on name, copy only a pointer to a new key. This pointer doesn't need to be valid during the new key lifetime therefore it's necessary to create a copy of it. E.g. Python 3 SWIG bindings temporarily allocate memory needed for PyUnicodeObject->char * conversion. This memory is deallocated shortly after underlying C function returns. Patch-by: Michal Srb <msrb@xxxxxxxxxx> Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx> --- libsepol/src/boolean_record.c | 7 +++++-- libsepol/src/iface_record.c | 7 +++++-- libsepol/src/user_record.c | 7 +++++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/libsepol/src/boolean_record.c b/libsepol/src/boolean_record.c index 8b64413..0d139ac 100644 --- a/libsepol/src/boolean_record.c +++ b/libsepol/src/boolean_record.c @@ -25,12 +25,14 @@ int sepol_bool_key_create(sepol_handle_t * handle, sepol_bool_key_t *tmp_key = (sepol_bool_key_t *) malloc(sizeof(struct sepol_bool_key)); - if (!tmp_key) { + char *tmp_name = strdup(name); + + if (!tmp_key || !tmp_name) { ERR(handle, "out of memory, " "could not create boolean key"); return STATUS_ERR; }
Need to free tmp_key if it is allocated, but the strdup for tmp_name fails. And vice versa.
- tmp_key->name = name; + tmp_key->name = tmp_name; *key_ptr = tmp_key; return STATUS_SUCCESS; @@ -62,6 +64,7 @@ int sepol_bool_key_extract(sepol_handle_t * handle, void sepol_bool_key_free(sepol_bool_key_t * key) { + free(key->name); free(key); } diff --git a/libsepol/src/iface_record.c b/libsepol/src/iface_record.c index 09adeb7..4315238 100644 --- a/libsepol/src/iface_record.c +++ b/libsepol/src/iface_record.c @@ -31,12 +31,14 @@ int sepol_iface_key_create(sepol_handle_t * handle, sepol_iface_key_t *tmp_key = (sepol_iface_key_t *) malloc(sizeof(sepol_iface_key_t)); - if (!tmp_key) { + char *tmp_name = strdup(name); + + if (!tmp_key || !tmp_name) { ERR(handle, "out of memory, could not create interface key"); return STATUS_ERR; }
Same here.
- tmp_key->name = name; + tmp_key->name = tmp_name; *key_ptr = tmp_key; return STATUS_SUCCESS; @@ -68,6 +70,7 @@ int sepol_iface_key_extract(sepol_handle_t * handle, void sepol_iface_key_free(sepol_iface_key_t * key) { + free(key->name); free(key); } diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c index c59c54b..dfc66e5 100644 --- a/libsepol/src/user_record.c +++ b/libsepol/src/user_record.c @@ -34,13 +34,15 @@ int sepol_user_key_create(sepol_handle_t * handle, sepol_user_key_t *tmp_key = (sepol_user_key_t *) malloc(sizeof(sepol_user_key_t)); - if (!tmp_key) { + char *tmp_name = strdup(name); + + if (!tmp_key || !tmp_name) { ERR(handle, "out of memory, " "could not create selinux user key"); return STATUS_ERR; }
And here.
- tmp_key->name = name; + tmp_key->name = tmp_name; *key_ptr = tmp_key; return STATUS_SUCCESS; @@ -71,6 +73,7 @@ int sepol_user_key_extract(sepol_handle_t * handle, void sepol_user_key_free(sepol_user_key_t * key) { + free(key->name); free(key); }
-- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.