On 11/12/2016 07:05 AM, Nicolas Iooss wrote:
> When removing a login using semanage with Python 3 the following error
> occurs:
>
> # semanage login -l | grep my_user
> my_user user_u
>
> # semanage login --delete my_user
> ValueError: Login mapping for my_user is not defined
>
> This is due to a use-after-free in the swig-generated code for python3
> bindings.
>
> Copy the user name in semanage_seuser_key_create() and free it in
> semanage_seuser_key_free(), like commit eac6f1f1b512 ("libsepol:
> sepol_{bool|iface|user}_key_create: copy name") did.
Thanks, applied.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
> ---
> libsemanage/src/seuser_record.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/libsemanage/src/seuser_record.c b/libsemanage/src/seuser_record.c
> index 8823b1ed1c7b..1ed459486228 100644
> --- a/libsemanage/src/seuser_record.c
> +++ b/libsemanage/src/seuser_record.c
> @@ -33,7 +33,7 @@ struct semanage_seuser {
>
> struct semanage_seuser_key {
> /* This user's name */
> - const char *name;
> + char *name;
> };
>
> int semanage_seuser_key_create(semanage_handle_t * handle,
> @@ -48,7 +48,12 @@ int semanage_seuser_key_create(semanage_handle_t * handle,
> ERR(handle, "out of memory, could not create seuser key");
> return STATUS_ERR;
> }
> - tmp_key->name = name;
> + tmp_key->name = strdup(name);
> + if (!tmp_key->name) {
> + ERR(handle, "out of memory, could not create seuser key");
> + free(tmp_key);
> + return STATUS_ERR;
> + }
>
> *key_ptr = tmp_key;
> return STATUS_SUCCESS;
> @@ -75,7 +80,7 @@ hidden_def(semanage_seuser_key_extract)
>
> void semanage_seuser_key_free(semanage_seuser_key_t * key)
> {
> -
> + free(key->name);
> free(key);
> }
>
>
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
