When removing a login using semanage with Python 3 the following error
occurs:
# semanage login -l | grep my_user
my_user user_u
# semanage login --delete my_user
ValueError: Login mapping for my_user is not defined
This is due to a use-after-free in the swig-generated code for python3
bindings.
Copy the user name in semanage_seuser_key_create() and free it in
semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol:
sepol_{bool|iface|user}_key_create: copy name") did.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsemanage/src/seuser_record.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c
index 8823b1ed1c7b..1ed459486228 100644
--- a/libsemanage/src/seuser_record.c
+++ b/libsemanage/src/seuser_record.c
@@ -33,7 +33,7 @@ struct semanage_seuser {
struct semanage_seuser_key {
/* This user's name */
- const char *name;
+ char *name;
};
int semanage_seuser_key_create(semanage_handle_t * handle,
@@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle,
ERR(handle, "out of memory, could not create seuser key");
return STATUS_ERR;
}
- tmp_key->name = name;
+ tmp_key->name = strdup(name);
+ if (!tmp_key->name) {
+ ERR(handle, "out of memory, could not create seuser key");
+ free(tmp_key);
+ return STATUS_ERR;
+ }
*key_ptr = tmp_key;
return STATUS_SUCCESS;
@@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract)
void semanage_seuser_key_free(semanage_seuser_key_t * key)
{
-
+ free(key->name);
free(key);
}
--
2.10.2
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
