Index: libselinux/src/matchpathcon.c
===================================================================
--- libselinux/src/matchpathcon.c	(revision 2209)
+++ libselinux/src/matchpathcon.c	(working copy)
@@ -444,7 +444,7 @@
 			int pass, unsigned lineno)
 {
 	int items, len, regerr, ret;
-	char *buf_p;
+	char *buf_p, *ptr;
 	char *regex, *type, *context;
 	const char *reg_buf;
 	char *anchored_regex;
@@ -459,7 +459,18 @@
 	/* Skip comment lines and empty lines. */
 	if (*buf_p == '#' || *buf_p == 0)
 		return 0;
-	items = sscanf(line_buf, "%as %as %as", &regex, &type, &context);
+
+	items = 0;
+	regex = strtok_r(buf_p, " \t", &ptr);
+	if (regex)
+		items += 1;
+	type = strtok_r(NULL, " \t", &ptr);
+	if (type)
+		items += 1;
+	context = strtok_r(NULL, " \t", &ptr);
+	if (context)
+		items += 1;
+	
 	if (items < 2) {
 		myprintf("%s:  line %d is missing fields, skipping\n", path,
 			 lineno);
@@ -470,6 +481,23 @@
 		type = NULL;
 	}
 
+	regex = strdup(regex);
+	if (!regex) {
+		return -1;
+	}
+	if (type) {
+		type = strdup(type);
+		if (!type) {
+			ret = -1;
+			goto finish;
+		}
+	}
+	context = strdup(context);
+	if (!context) {
+		ret = -1;
+		goto finish;
+	}
+
 	reg_buf = regex;
 	len = get_stem_from_spec(reg_buf);
 	if (len && prefix && strncmp(prefix, regex, len)) {