From nobody Mon May 6 01:25:20 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1629170027153303.07951507329926; Mon, 16 Aug 2021 20:13:47 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-503-1JBl9b1eOGSDeTU5zY5BoA-1; Mon, 16 Aug 2021 23:13:44 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A82F8100A61D; Tue, 17 Aug 2021 03:13:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 825F718B42; Tue, 17 Aug 2021 03:13:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5D6754BB7B; Tue, 17 Aug 2021 03:13:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 17H3DSqj004530 for ; Mon, 16 Aug 2021 23:13:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id 355A72031A55; Tue, 17 Aug 2021 03:13:28 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2F7932031A4A for ; Tue, 17 Aug 2021 03:13:25 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A6C4789C7DB for ; Tue, 17 Aug 2021 03:13:25 +0000 (UTC) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-6-KVFUSAEPNNGC1l-R9yB12A-1; Mon, 16 Aug 2021 23:13:23 -0400 Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.57]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4GpbCX6qTRzdbDy for ; Tue, 17 Aug 2021 10:51:52 +0800 (CST) Received: from dggpemm500017.china.huawei.com (7.185.36.178) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Tue, 17 Aug 2021 10:55:36 +0800 Received: from [10.174.186.109] (10.174.186.109) by dggpemm500017.china.huawei.com (7.185.36.178) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Tue, 17 Aug 2021 10:55:36 +0800 X-MC-Unique: 1JBl9b1eOGSDeTU5zY5BoA-1 X-MC-Unique: KVFUSAEPNNGC1l-R9yB12A-1 From: Zhenyu Ye Subject: [PATCH] security: fix use-after-free in virSecuritySELinuxReserveLabel To: Message-ID: <45124334-3216-4974-574c-3b2d372c03d5@huawei.com> Date: Tue, 17 Aug 2021 10:55:24 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 MIME-Version: 1.0 X-Originating-IP: [10.174.186.109] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggpemm500017.china.huawei.com (7.185.36.178) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-loop: libvir-list@redhat.com Cc: "liangpeng \(H\)" , yubihong , Xiexiangyou X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1629170028603100001 Content-Type: text/plain; charset="utf-8" commit 2e668a61d5ae4("Fix error handling when adding MCS labels") uses the 'pctx' in virReportError after it has been freed. Fix it. Fixes: 2e668a61d5ae4cbd6f79e096d0c394f186e132bd Signed-off-by: eillon --- src/security/security_selinux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinu= x.c index 9ff35a7be5..0e5ea0366d 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -967,7 +967,6 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr, } ctx =3D context_new(pctx); - freecon(pctx); if (!ctx) goto error; @@ -985,11 +984,13 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mg= r, goto error; } + freecon(pctx); context_free(ctx); return 0; error: + freecon(pctx); context_free(ctx); return -1; } --=20 2.27.0