add pcr/libsepol

1 files changed, 126 insertions, 0 deletions

diff --git a/pcr/libsepol/0011-libsepol-sepol_-bool-iface-user-_key_create-copy-nam.patch b/pcr/libsepol/0011-libsepol-sepol_-bool-iface-user-_key_create-copy-nam.patch
new file mode 100644
index 000000000..82df34438
--- /dev/null
+++ b/pcr/libsepol/0011-libsepol-sepol_-bool-iface-user-_key_create-copy-nam.patch
@@ -0,0 +1,126 @@
+From b14534df3a481ea73eee578b90dcf34c96e4a2c9 Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Tue, 8 Nov 2016 10:46:14 -0500
+Subject: [PATCH] libsepol: sepol_{bool|iface|user}_key_create: copy name
+
+The sepol_{bool|iface|user}_key_create() functions were not
+copying the name.  This produces a use-after-free in the
+swig-generated code for python3 bindings.  Copy the name
+in these functions, and free it upon sepol_{bool|iface|user}_key_free().
+
+Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+---
+ libsepol/src/boolean_record.c | 10 ++++++++--
+ libsepol/src/iface_record.c   | 10 ++++++++--
+ libsepol/src/user_record.c    | 10 ++++++++--
+ 3 files changed, 24 insertions(+), 6 deletions(-)
+
+diff --git a/libsepol/src/boolean_record.c b/libsepol/src/boolean_record.c
+index 8b644138a3bc..ebef7f18f0f9 100644
+--- a/libsepol/src/boolean_record.c
++++ b/libsepol/src/boolean_record.c
+@@ -15,7 +15,7 @@ struct sepol_bool {
+ 
+ struct sepol_bool_key {
+ 	/* This boolean's name */
+-	const char *name;
++	char *name;
+ };
+ 
+ int sepol_bool_key_create(sepol_handle_t * handle,
+@@ -30,7 +30,12 @@ int sepol_bool_key_create(sepol_handle_t * handle,
+ 		return STATUS_ERR;
+ 	}
+ 
+-	tmp_key->name = name;
++	tmp_key->name = strdup(name);
++	if (!tmp_key->name) {
++		ERR(handle, "out of memory, " "could not create boolean key");
++		free(tmp_key);
++		return STATUS_ERR;
++	}
+ 
+ 	*key_ptr = tmp_key;
+ 	return STATUS_SUCCESS;
+@@ -62,6 +67,7 @@ int sepol_bool_key_extract(sepol_handle_t * handle,
+ 
+ void sepol_bool_key_free(sepol_bool_key_t * key)
+ {
++	free(key->name);
+ 	free(key);
+ }
+ 
+diff --git a/libsepol/src/iface_record.c b/libsepol/src/iface_record.c
+index 09adeb79f5e9..c8b977c8facc 100644
+--- a/libsepol/src/iface_record.c
++++ b/libsepol/src/iface_record.c
+@@ -20,7 +20,7 @@ struct sepol_iface {
+ struct sepol_iface_key {
+ 
+ 	/* Interface name */
+-	const char *name;
++	char *name;
+ };
+ 
+ /* Key */
+@@ -36,7 +36,12 @@ int sepol_iface_key_create(sepol_handle_t * handle,
+ 		return STATUS_ERR;
+ 	}
+ 
+-	tmp_key->name = name;
++	tmp_key->name = strdup(name);
++	if (!tmp_key->name) {
++		ERR(handle, "out of memory, could not create interface key");
++		free(tmp_key);
++		return STATUS_ERR;
++	}
+ 
+ 	*key_ptr = tmp_key;
+ 	return STATUS_SUCCESS;
+@@ -68,6 +73,7 @@ int sepol_iface_key_extract(sepol_handle_t * handle,
+ 
+ void sepol_iface_key_free(sepol_iface_key_t * key)
+ {
++	free(key->name);
+ 	free(key);
+ }
+ 
+diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c
+index c59c54b1e9b5..e7e2fc20fe36 100644
+--- a/libsepol/src/user_record.c
++++ b/libsepol/src/user_record.c
+@@ -24,7 +24,7 @@ struct sepol_user {
+ 
+ struct sepol_user_key {
+ 	/* This user's name */
+-	const char *name;
++	char *name;
+ };
+ 
+ int sepol_user_key_create(sepol_handle_t * handle,
+@@ -40,7 +40,12 @@ int sepol_user_key_create(sepol_handle_t * handle,
+ 		return STATUS_ERR;
+ 	}
+ 
+-	tmp_key->name = name;
++	tmp_key->name = strdup(name);
++	if (!tmp_key->name) {
++		ERR(handle, "out of memory, could not create selinux user key");
++		free(tmp_key);
++		return STATUS_ERR;
++	}
+ 
+ 	*key_ptr = tmp_key;
+ 	return STATUS_SUCCESS;
+@@ -71,6 +76,7 @@ int sepol_user_key_extract(sepol_handle_t * handle,
+ 
+ void sepol_user_key_free(sepol_user_key_t * key)
+ {
++	free(key->name);
+ 	free(key);
+ }
+ 
+-- 
+2.10.2
+