Re: [libvirt] [PATCH] selinux: fix segfault in virSecuritySELinuxMCSGetProcessRange
On Tue, Jun 04, 2013 at 12:16:05PM +0200, Ján Tomko wrote:
From: James Gilliland <neclimdul(a)gmail.com>
https://bugzilla.redhat.com/show_bug.cgi?id=969878
---
src/security/security_selinux.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index b862fbf..3d8195c 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -189,6 +189,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
context_t ourContext = NULL;
char *cat = NULL;
char *tmp;
+ char *contextRange;
int ret = -1;
if (getcon_raw(&ourSecContext) < 0) {
@@ -202,8 +203,14 @@ virSecuritySELinuxMCSGetProcessRange(char **sens,
ourSecContext);
goto cleanup;
}
+ if (!(contextRange = context_range_get(ourContext))) {
+ virReportSystemError(errno,
+ _("Unable to parse current SELinux context range
'%s'"),
+ ourSecContext);
+ goto cleanup;
+ }
- if (VIR_STRDUP(*sens, context_range_get(ourContext)) < 0)
+ if (VIR_STRDUP(*sens, contextRange) < 0)
goto cleanup;
/* Find and blank out the category part (if any) */
Can you add something to tests/securityselinuxtest.c to exercise the
NULL pointer crash, so that we can validate the fix. From the bug it
seems we need a test using something like "system_u:system_r:virtd_t"
as the context (ie without the sensitivty/category present).
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|