diff options
| author | CoprDistGit <infra@openeuler.org> | 2023-10-12 11:50:23 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2023-10-12 11:50:23 +0000 |
| commit | a39ad350cc564b3b46e6f75e2f9d1f26f646861e (patch) | |
| tree | 2c862b9103baa1192a30703077647caeac8d638c /backport-semanage-disconnect-to-free-libsemanage-internals.patch | |
| parent | 9db7dc8abcf40be92578f61ae05c86ba78c65866 (diff) | |
automatic import of shadowopeneuler22.03_LTS
Diffstat (limited to 'backport-semanage-disconnect-to-free-libsemanage-internals.patch')
| -rw-r--r-- | backport-semanage-disconnect-to-free-libsemanage-internals.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/backport-semanage-disconnect-to-free-libsemanage-internals.patch b/backport-semanage-disconnect-to-free-libsemanage-internals.patch new file mode 100644 index 0000000..94a0722 --- /dev/null +++ b/backport-semanage-disconnect-to-free-libsemanage-internals.patch @@ -0,0 +1,76 @@ +From 7078ed1e0b8a197aa9e5103986bce927abef87a4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Sat, 1 Apr 2023 14:11:06 +0200
+Subject: [PATCH] semanage: disconnect to free libsemanage internals
+
+Destroying the handle does not actually disconnect, see [1].
+Also free the key on user removal.
+
+[1]: https://github.com/SELinuxProject/selinux/blob/e9072e7d45f4559887d11b518099135cbe564163/libsemanage/src/direct_api.c#L330
+
+Example adduser leak:
+
+ Direct leak of 1008 byte(s) in 14 object(s) allocated from:
+ #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
+ #1 0x7fb5cfffad09 in dbase_file_init src/database_file.c:170:45
+
+ Direct leak of 392 byte(s) in 7 object(s) allocated from:
+ #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
+ #1 0x7fb5cfffc929 in dbase_policydb_init src/database_policydb.c:187:27
+
+ Direct leak of 144 byte(s) in 2 object(s) allocated from:
+ #0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
+ #1 0x7fb5cfffb519 in dbase_join_init src/database_join.c:249:28
+
+ [...]
+
+Conflict: NA
+Reference: https://github.com/shadow-maint/shadow/commit/7078ed1e0b8a197aa9e5103986bce927abef87a4
+---
+ lib/semanage.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/lib/semanage.c b/lib/semanage.c
+index 5d336b08..d412186c 100644
+--- a/lib/semanage.c
++++ b/lib/semanage.c
+@@ -97,6 +97,8 @@ static semanage_handle_t *semanage_init (void)
+ return handle;
+
+ fail:
++ if (handle)
++ semanage_disconnect (handle);
+ semanage_handle_destroy (handle);
+ return NULL;
+ }
+@@ -156,7 +158,7 @@ done:
+
+
+ static int semanage_user_add (semanage_handle_t *handle,
+- semanage_seuser_key_t *key,
++ const semanage_seuser_key_t *key,
+ const char *login_name,
+ const char *seuser_name)
+ {
+@@ -279,6 +281,8 @@ int set_seuser (const char *login_name, const char *seuser_name)
+
+ done:
+ semanage_seuser_key_free (key);
++ if (handle)
++ semanage_disconnect (handle);
+ semanage_handle_destroy (handle);
+ return ret;
+ }
+@@ -353,6 +357,9 @@ int del_seuser (const char *login_name)
+
+ ret = 0;
+ done:
++ semanage_seuser_key_free (key);
++ if (handle)
++ semanage_disconnect (handle);
+ semanage_handle_destroy (handle);
+ return ret;
+ }
+--
+2.27.0
+
|