[PATCH] security: fix use-after-free in virSecuritySELinuxReserveLabel
Martin Kletzander
mkletzan at redhat.com
Tue Aug 17 09:21:08 UTC 2021
On Tue, Aug 17, 2021 at 10:55:24AM +0800, Zhenyu Ye wrote:
>commit 2e668a61d5ae4("Fix error handling when adding MCS labels") uses
>the 'pctx' in virReportError after it has been freed. Fix it.
>
>Fixes: 2e668a61d5ae4cbd6f79e096d0c394f186e132bd
>Signed-off-by: eillon <yezhenyu2 at huawei.com>
Thanks for fixing a 9 year old bug =) One thing I am not sure about is
the sign off. According to the Project Governance [0] states:
"... for contributing patches, providing a 'Signed-off-by' line with
the author's legal name and e-mail address to demonstrate agreement
and compliance with the Developer Certificate of Origin is required."
Which I am not sure you maybe misconfigured somehow? Just let me know
whether I should change "eillon" to "Zhenyu Ye" and I can fix that
before pushing the patch, or coreect me if I misunderstood. No need to
send another version.
Reviewed-by: Martin Kletzander <mkletzan at redhat.com>
>---
> src/security/security_selinux.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
>index 9ff35a7be5..0e5ea0366d 100644
>--- a/src/security/security_selinux.c
>+++ b/src/security/security_selinux.c
>@@ -967,7 +967,6 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
> }
>
> ctx = context_new(pctx);
>- freecon(pctx);
> if (!ctx)
> goto error;
>
>@@ -985,11 +984,13 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
> goto error;
> }
>
>+ freecon(pctx);
> context_free(ctx);
>
> return 0;
>
> error:
>+ freecon(pctx);
> context_free(ctx);
> return -1;
> }
>--
>2.27.0
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210817/810c3b4f/attachment-0001.sig>
More information about the libvir-list
mailing list