[libvirt] [PATCH 0/2] Fix a couple of security_selinux issues
Both found by Coverity... Please, be kind if this send is messed up - I have a new laptop and I'm slowly finding out all the things that I don't have on it that I used to have on the old one. John Ferlan (2): security: Resolve possible memory leak security: Fix comparison for virSecuritySELinuxRecallLabel src/security/security_selinux.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) -- 2.19.2
If virSecuritySELinuxRestoreFileLabel returns 0 or -1 too soon, then the @newpath will be leaked. Suggested-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/security/security_selinux.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 4de8b6f9cd..f3690a4cb1 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1477,10 +1477,12 @@ virSecuritySELinuxRestoreFileLabel(virSecurityManagerPtr mgr, goto cleanup; } - if ((rc = virSecuritySELinuxTransactionAppend(path, NULL, false, true)) < 0) - return -1; - else if (rc > 0) - return 0; + if ((rc = virSecuritySELinuxTransactionAppend(path, NULL, false, true)) < 0) { + goto cleanup; + } else if (rc > 0) { + ret = 0; + goto cleanup; + } if (recall) { if ((rc = virSecuritySELinuxRecallLabel(newpath, &fcon)) < 0) { -- 2.19.2
The @con type security_context_t is actually a "char *", so the correct check should be to dereference one more level; otherwise, we could return/use the NULL pointer later in a subsequent virSecuritySELinuxSetFileconImpl call (using @fcon). Suggested-by: Michal Prívozník <mprivozn@redhat.com> Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/security/security_selinux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index f3690a4cb1..5cdb839c13 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -211,7 +211,7 @@ virSecuritySELinuxRecallLabel(const char *path, path, con) < 0) return -1; - if (!con) + if (!*con) return 1; return 0; -- 2.19.2
On Thu, Dec 20, 2018 at 04:41:32PM -0500, John Ferlan wrote:
Both found by Coverity...
Please, be kind if this send is messed up - I have a new laptop and I'm slowly finding out all the things that I don't have on it that I used to have on the old one.
John Ferlan (2): security: Resolve possible memory leak security: Fix comparison for virSecuritySELinuxRecallLabel
src/security/security_selinux.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
John Ferlan -
Ján Tomko