* [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
@ 2022-04-01 13:35 Petr Lautrbach
2022-04-01 13:35 ` [PATCH 2/3] semodule_package: Close leaking fd Petr Lautrbach
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Petr Lautrbach @ 2022-04-01 13:35 UTC (permalink / raw)
To: selinux; +Cc: Petr Lautrbach
>From fclose(3):
Upon successful completion, 0 is returned. Otherwise, EOF is returned
and errno is set to indicate the error. In either case, any further
access (including another call to fclose()) to the stream results in
undefined behavior.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
libsemanage/src/direct_api.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index d83941b05ca1..d5716ce579e9 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -2293,6 +2293,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
tmp = NULL;
if (fclose(fp) != 0) {
+ fp = NULL;
ERR(sh,
"Unable to close %s module lang ext file.",
(*modinfo)->name);
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/3] semodule_package: Close leaking fd
2022-04-01 13:35 [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() Petr Lautrbach
@ 2022-04-01 13:35 ` Petr Lautrbach
2022-04-01 13:35 ` [PATCH 3/3] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects Petr Lautrbach
2022-04-04 19:22 ` [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() James Carter
2 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2022-04-01 13:35 UTC (permalink / raw)
To: selinux; +Cc: Petr Lautrbach
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
semodule-utils/semodule_package/semodule_package.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
index 3515234e36de..bc8584b51079 100644
--- a/semodule-utils/semodule_package/semodule_package.c
+++ b/semodule-utils/semodule_package/semodule_package.c
@@ -73,6 +73,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
goto err;
}
if (!sb.st_size) {
+ close(fd);
*len = 0;
return 0;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/3] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects
2022-04-01 13:35 [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() Petr Lautrbach
2022-04-01 13:35 ` [PATCH 2/3] semodule_package: Close leaking fd Petr Lautrbach
@ 2022-04-01 13:35 ` Petr Lautrbach
2022-04-04 19:22 ` [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() James Carter
2 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2022-04-01 13:35 UTC (permalink / raw)
To: selinux; +Cc: Petr Lautrbach
---
mcstrans/src/mcstrans.c | 25 ++++++++++++++++++++++++-
mcstrans/src/mcstransd.c | 4 +++-
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
index d42760fdbfc2..af3f507ef718 100644
--- a/mcstrans/src/mcstrans.c
+++ b/mcstrans/src/mcstrans.c
@@ -632,16 +632,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
map->raw = strdup(raw);
if (!map->raw) {
+ free(map);
goto err;
}
map->trans = strdup(trans);
if (!map->trans) {
+ free(map->raw);
+ free(map);
goto err;
}
log_debug(" add_cache (%s,%s)\n", raw, trans);
- if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0)
+ if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0) {
+ free(map->trans);
+ free(map->raw);
+ free(map);
goto err;
+ }
if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
goto err;
@@ -1568,6 +1575,7 @@ trans_context(const char *incon, char **rcon) {
trans = compute_trans_from_raw(range, domain);
if (trans)
if (add_cache(domain, range, trans) < 0) {
+ free(trans);
free(range);
return -1;
}
@@ -1579,6 +1587,7 @@ trans_context(const char *incon, char **rcon) {
ltrans = compute_trans_from_raw(lrange, domain);
if (ltrans) {
if (add_cache(domain, lrange, ltrans) < 0) {
+ free(ltrans);
free(range);
return -1;
}
@@ -1597,6 +1606,7 @@ trans_context(const char *incon, char **rcon) {
utrans = compute_trans_from_raw(urange, domain);
if (utrans) {
if (add_cache(domain, urange, utrans) < 0) {
+ free(utrans);
free(ltrans);
free(range);
return -1;
@@ -1636,6 +1646,10 @@ trans_context(const char *incon, char **rcon) {
}
if (dashp)
*dashp = '-';
+ if (trans) {
+ free(trans);
+ trans = NULL;
+ }
}
if (trans) {
@@ -1696,7 +1710,9 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(raw, domain);
if (canonical && strcmp(canonical, range))
if (add_cache(domain, raw, canonical) < 0) {
+ free(canonical);
free(range);
+ free(raw);
return -1;
}
}
@@ -1704,6 +1720,7 @@ untrans_context(const char *incon, char **rcon) {
free(canonical);
if (add_cache(domain, raw, range) < 0) {
free(range);
+ free(raw);
return -1;
}
} else {
@@ -1721,6 +1738,7 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(lraw, domain);
if (canonical)
if (add_cache(domain, lraw, canonical) < 0) {
+ free(canonical);
free(lraw);
free(range);
return -1;
@@ -1752,6 +1770,7 @@ untrans_context(const char *incon, char **rcon) {
canonical = compute_trans_from_raw(uraw, domain);
if (canonical)
if (add_cache(domain, uraw, canonical) < 0) {
+ free(canonical);
free(uraw);
free(lraw);
free(range);
@@ -1802,6 +1821,10 @@ untrans_context(const char *incon, char **rcon) {
}
if (dashp)
*dashp = '-';
+ if (raw) {
+ free(raw);
+ raw = NULL;
+ }
}
if (raw) {
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
index 536c0f32f23a..42262e580386 100644
--- a/mcstrans/src/mcstransd.c
+++ b/mcstrans/src/mcstransd.c
@@ -328,6 +328,7 @@ process_events(struct pollfd **ufds, int *nfds)
/* Setup pollfd for deletion later. */
(*ufds)[ii].fd = -1;
close(connfd);
+ connfd = -1;
/* So we don't get bothered later */
revents = revents & ~(POLLHUP);
}
@@ -341,10 +342,11 @@ process_events(struct pollfd **ufds, int *nfds)
/* Set the pollfd up for deletion later. */
(*ufds)[ii].fd = -1;
close(connfd);
+ connfd = -1;
revents = revents & ~(POLLHUP);
}
- if (revents) {
+ if (revents && connfd != -1) {
syslog(LOG_ERR, "Unknown/error events (%x) encountered"
" for fd (%d)\n", revents, connfd);
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
2022-04-01 13:35 [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() Petr Lautrbach
2022-04-01 13:35 ` [PATCH 2/3] semodule_package: Close leaking fd Petr Lautrbach
2022-04-01 13:35 ` [PATCH 3/3] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects Petr Lautrbach
@ 2022-04-04 19:22 ` James Carter
2022-04-06 9:34 ` Petr Lautrbach
2 siblings, 1 reply; 5+ messages in thread
From: James Carter @ 2022-04-04 19:22 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: SElinux list
On Fri, Apr 1, 2022 at 11:54 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> >From fclose(3):
> Upon successful completion, 0 is returned. Otherwise, EOF is returned
> and errno is set to indicate the error. In either case, any further
> access (including another call to fclose()) to the stream results in
> undefined behavior.
>
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
For all three patches:
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libsemanage/src/direct_api.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
> index d83941b05ca1..d5716ce579e9 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -2293,6 +2293,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
> tmp = NULL;
>
> if (fclose(fp) != 0) {
> + fp = NULL;
> ERR(sh,
> "Unable to close %s module lang ext file.",
> (*modinfo)->name);
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
2022-04-04 19:22 ` [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() James Carter
@ 2022-04-06 9:34 ` Petr Lautrbach
0 siblings, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2022-04-06 9:34 UTC (permalink / raw)
To: SElinux list; +Cc: James Carter
James Carter <jwcart2@gmail.com> writes:
> On Fri, Apr 1, 2022 at 11:54 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>>
>> >From fclose(3):
>> Upon successful completion, 0 is returned. Otherwise, EOF is returned
>> and errno is set to indicate the error. In either case, any further
>> access (including another call to fclose()) to the stream results in
>> undefined behavior.
>>
>> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
>
> For all three patches:
> Acked-by: James Carter <jwcart2@gmail.com>
Merged, thanks!
>
>> ---
>> libsemanage/src/direct_api.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
>> index d83941b05ca1..d5716ce579e9 100644
>> --- a/libsemanage/src/direct_api.c
>> +++ b/libsemanage/src/direct_api.c
>> @@ -2293,6 +2293,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
>> tmp = NULL;
>>
>> if (fclose(fp) != 0) {
>> + fp = NULL;
>> ERR(sh,
>> "Unable to close %s module lang ext file.",
>> (*modinfo)->name);
>> --
>> 2.35.1
>>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-04-06 14:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-01 13:35 [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() Petr Lautrbach
2022-04-01 13:35 ` [PATCH 2/3] semodule_package: Close leaking fd Petr Lautrbach
2022-04-01 13:35 ` [PATCH 3/3] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan defects Petr Lautrbach
2022-04-04 19:22 ` [PATCH 1/3] libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info() James Carter
2022-04-06 9:34 ` Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.