security: fix use-after-free in virSecuritySELinuxReserveLabel

[PATCH] security: fix use-after-free in virSecuritySELinuxReserveLabel

Zhenyu Ye posted 1 patch 2 years, 8 months ago

Download mbox

Test syntax-check failed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/45124334-3216-4974-574c-3b2d372c03d5@huawei.com

src/security/security_selinux.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Expand all Fold all

[PATCH] security: fix use-after-free in virSecuritySELinuxReserveLabel

Posted by Zhenyu Ye 2 years, 8 months ago

commit 2e668a61d5ae4("Fix error handling when adding MCS labels") uses
the 'pctx' in virReportError after it has been freed. Fix it.

Fixes: 2e668a61d5ae4cbd6f79e096d0c394f186e132bd
Signed-off-by: eillon <yezhenyu2@huawei.com>
---
 src/security/security_selinux.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9ff35a7be5..0e5ea0366d 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -967,7 +967,6 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
     }

     ctx = context_new(pctx);
-    freecon(pctx);
     if (!ctx)
         goto error;

@@ -985,11 +984,13 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
         goto error;
     }

+    freecon(pctx);
     context_free(ctx);

     return 0;

  error:
+    freecon(pctx);
     context_free(ctx);
     return -1;
 }
-- 
2.27.0