From c4f415c2444874488e9a9ae2e02a7cbeea583ba2 Mon Sep 17 00:00:00 2001 From: Sven Vermeulen Date: Tue, 29 May 2012 11:12:11 -0400 Subject: [PATCH] libsemanage: use after free in python bindings In python 3.2 we hit a problem where the fconext was garbage. We didn't see this in python 2.7. The reason is because python3.2 would free and reuse the memory and python 2.7 just happened to leave it alone. Instead of using memory that python might use for something else, use strdup() to get a local copy which we can free when we are finished with it. Signed-off-by: Eric Paris Acked-by: Dan Walsh --- libsemanage/src/fcontext_record.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libsemanage/src/fcontext_record.c b/libsemanage/src/fcontext_record.c index ec02a892..3d28f9c0 100644 --- a/libsemanage/src/fcontext_record.c +++ b/libsemanage/src/fcontext_record.c @@ -25,7 +25,7 @@ struct semanage_fcontext { struct semanage_fcontext_key { /* Matching expression */ - const char *expr; + char *expr; /* Type of object */ int type; @@ -45,7 +45,11 @@ int semanage_fcontext_key_create(semanage_handle_t * handle, "create file context key"); return STATUS_ERR; } - tmp_key->expr = expr; + tmp_key->expr = strdup(expr); + if (!tmp_key->expr) { + ERR(handle, "out of memory, could not create file context key."); + return STATUS_ERR; + } tmp_key->type = type; *key_ptr = tmp_key; @@ -74,6 +78,7 @@ hidden_def(semanage_fcontext_key_extract) void semanage_fcontext_key_free(semanage_fcontext_key_t * key) { + free(key->expr); free(key); }