On Tue, Jun 04, 2013 at 12:16:05PM +0200, Ján Tomko wrote:

From: James Gilliland <neclimdul@gmail.com>

https://bugzilla.redhat.com/show_bug.cgi?id=969878 --- src/security/security_selinux.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index b862fbf..3d8195c 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -189,6 +189,7 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, context_t ourContext = NULL; char *cat = NULL; char *tmp; + char *contextRange; int ret = -1;

if (getcon_raw(&ourSecContext) < 0) { @@ -202,8 +203,14 @@ virSecuritySELinuxMCSGetProcessRange(char **sens, ourSecContext); goto cleanup; } + if (!(contextRange = context_range_get(ourContext))) { + virReportSystemError(errno, + _("Unable to parse current SELinux context range '%s'"), + ourSecContext); + goto cleanup; + }

- if (VIR_STRDUP(*sens, context_range_get(ourContext)) < 0) + if (VIR_STRDUP(*sens, contextRange) < 0) goto cleanup;

/* Find and blank out the category part (if any) */

Can you add something to tests/securityselinuxtest.c to exercise the NULL pointer crash, so that we can validate the fix. From the bug it seems we need a test using something like "system_u:system_r:virtd_t" as the context (ie without the sensitivty/category present). Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|