[libvirt] [PATCH] selinux: fix segfault in virSecuritySELinuxMCSGetProcessRange
Daniel P. Berrange
berrange at redhat.com
Tue Jun 4 10:20:02 UTC 2013
On Tue, Jun 04, 2013 at 12:16:05PM +0200, Ján Tomko wrote:
> From: James Gilliland <neclimdul at gmail.com>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=969878
> ---
> src/security/security_selinux.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
> index b862fbf..3d8195c 100644
> --- a/src/security/security_selinux.c
> +++ b/src/security/security_selinux.c
> @@ -189,6 +189,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
> context_t ourContext = NULL;
> char *cat = NULL;
> char *tmp;
> + char *contextRange;
> int ret = -1;
>
> if (getcon_raw(&ourSecContext) < 0) {
> @@ -202,8 +203,14 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
> ourSecContext);
> goto cleanup;
> }
> + if (!(contextRange = context_range_get(ourContext))) {
> + virReportSystemError(errno,
> + _("Unable to parse current SELinux context range '%s'"),
> + ourSecContext);
> + goto cleanup;
> + }
>
> - if (VIR_STRDUP(*sens, context_range_get(ourContext)) < 0)
> + if (VIR_STRDUP(*sens, contextRange) < 0)
> goto cleanup;
>
> /* Find and blank out the category part (if any) */
Can you add something to tests/securityselinuxtest.c to exercise the
NULL pointer crash, so that we can validate the fix. From the bug it
seems we need a test using something like "system_u:system_r:virtd_t"
as the context (ie without the sensitivty/category present).
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list