[PATCH] security: fix use-after-free in virSecuritySELinuxReserveLabel

[Martin Kletzander]

On Tue, Aug 17, 2021 at 10:55:24AM +0800, Zhenyu Ye wrote:
>commit 2e668a61d5ae4("Fix error handling when adding MCS labels") uses
>the 'pctx' in virReportError after it has been freed. Fix it.
>
>Fixes: 2e668a61d5ae4cbd6f79e096d0c394f186e132bd
>Signed-off-by: eillon <yezhenyu2 at huawei.com>

Thanks for fixing a 9 year old bug =)  One thing I am not sure about is
the sign off.  According to the Project Governance [0] states:

   "... for contributing patches, providing a 'Signed-off-by' line with
    the author's legal name and e-mail address to demonstrate agreement
    and compliance with the Developer Certificate of Origin is required."

Which I am not sure you maybe misconfigured somehow?  Just let me know
whether I should change "eillon" to "Zhenyu Ye" and I can fix that
before pushing the patch, or coreect me if I misunderstood.  No need to
send another version.

Reviewed-by: Martin Kletzander <mkletzan at redhat.com>

>---
> src/security/security_selinux.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
>index 9ff35a7be5..0e5ea0366d 100644
>--- a/src/security/security_selinux.c
>+++ b/src/security/security_selinux.c
>@@ -967,7 +967,6 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
>     }
>
>     ctx = context_new(pctx);
>-    freecon(pctx);
>     if (!ctx)
>         goto error;
>
>@@ -985,11 +984,13 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
>         goto error;
>     }
>
>+    freecon(pctx);
>     context_free(ctx);
>
>     return 0;
>
>  error:
>+    freecon(pctx);
>     context_free(ctx);
>     return -1;
> }
>-- 
>2.27.0
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210817/810c3b4f/attachment-0001.sig>