* [PATCH] libsemanage: fix use-after-free in parse_module_store()
@ 2021-06-14 4:21 HuaxinLu
2021-06-17 17:42 ` James Carter
0 siblings, 1 reply; 4+ messages in thread
From: HuaxinLu @ 2021-06-14 4:21 UTC (permalink / raw)
To: selinux; +Cc: HuaxinLu
The passing parameter "arg" of parse_module_store will be freed after
calling. A copy of parameter should be used instead of itself.
Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com>
---
libsemanage/src/conf-parse.y | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index 9bf9364a..eac91344 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
char *s;
current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
if ((s = strchr(arg, ':')) == NULL) {
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = 4242;
} else {
char *endptr;
*s = '\0';
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = strtol(s + 1, &endptr, 10);
if (*(s + 1) == '\0' || *endptr != '\0') {
return -2;
--
2.26.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] libsemanage: fix use-after-free in parse_module_store()
2021-06-14 4:21 [PATCH] libsemanage: fix use-after-free in parse_module_store() HuaxinLu
@ 2021-06-17 17:42 ` James Carter
2021-06-18 14:50 ` Petr Lautrbach
0 siblings, 1 reply; 4+ messages in thread
From: James Carter @ 2021-06-17 17:42 UTC (permalink / raw)
To: HuaxinLu; +Cc: SElinux list
On Mon, Jun 14, 2021 at 12:52 AM HuaxinLu <luhuaxin1@foxmail.com> wrote:
>
> The passing parameter "arg" of parse_module_store will be freed after
> calling. A copy of parameter should be used instead of itself.
>
> Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libsemanage/src/conf-parse.y | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
> index 9bf9364a..eac91344 100644
> --- a/libsemanage/src/conf-parse.y
> +++ b/libsemanage/src/conf-parse.y
> @@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
> char *s;
> current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
> if ((s = strchr(arg, ':')) == NULL) {
> - current_conf->store_path = arg;
> + current_conf->store_path = strdup(arg);
> current_conf->server_port = 4242;
> } else {
> char *endptr;
> *s = '\0';
> - current_conf->store_path = arg;
> + current_conf->store_path = strdup(arg);
> current_conf->server_port = strtol(s + 1, &endptr, 10);
> if (*(s + 1) == '\0' || *endptr != '\0') {
> return -2;
> --
> 2.26.0
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] libsemanage: fix use-after-free in parse_module_store()
2021-06-17 17:42 ` James Carter
@ 2021-06-18 14:50 ` Petr Lautrbach
0 siblings, 0 replies; 4+ messages in thread
From: Petr Lautrbach @ 2021-06-18 14:50 UTC (permalink / raw)
To: SElinux list; +Cc: James Carter, HuaxinLu
EJames Carter <jwcart2@gmail.com> writes:
> On Mon, Jun 14, 2021 at 12:52 AM HuaxinLu <luhuaxin1@foxmail.com> wrote:
>>
>> The passing parameter "arg" of parse_module_store will be freed after
>> calling. A copy of parameter should be used instead of itself.
>>
>> Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
Merged, thanks!
>> ---
>> libsemanage/src/conf-parse.y | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
>> index 9bf9364a..eac91344 100644
>> --- a/libsemanage/src/conf-parse.y
>> +++ b/libsemanage/src/conf-parse.y
>> @@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
>> char *s;
>> current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
>> if ((s = strchr(arg, ':')) == NULL) {
>> - current_conf->store_path = arg;
>> + current_conf->store_path = strdup(arg);
>> current_conf->server_port = 4242;
>> } else {
>> char *endptr;
>> *s = '\0';
>> - current_conf->store_path = arg;
>> + current_conf->store_path = strdup(arg);
>> current_conf->server_port = strtol(s + 1, &endptr, 10);
>> if (*(s + 1) == '\0' || *endptr != '\0') {
>> return -2;
>> --
>> 2.26.0
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] libsemanage: fix use-after-free in parse_module_store()
@ 2021-06-14 5:56 HuaxinLu
0 siblings, 0 replies; 4+ messages in thread
From: HuaxinLu @ 2021-06-14 5:56 UTC (permalink / raw)
To: selinux; +Cc: HuaxinLu
The passing parameter "arg" of parse_module_store will be freed after
calling. A copy of parameter should be used instead of itself.
Signed-off-by: HuaxinLu <luhuaxin95@163.com>
---
libsemanage/src/conf-parse.y | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index 9bf9364a..eac91344 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
char *s;
current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
if ((s = strchr(arg, ':')) == NULL) {
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = 4242;
} else {
char *endptr;
*s = '\0';
- current_conf->store_path = arg;
+ current_conf->store_path = strdup(arg);
current_conf->server_port = strtol(s + 1, &endptr, 10);
if (*(s + 1) == '\0' || *endptr != '\0') {
return -2;
--
2.26.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-18 14:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-14 4:21 [PATCH] libsemanage: fix use-after-free in parse_module_store() HuaxinLu
2021-06-17 17:42 ` James Carter
2021-06-18 14:50 ` Petr Lautrbach
2021-06-14 5:56 HuaxinLu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.