libselinux/matchpathcon has a memory leak

libselinux/matchpathcon has a memory leak

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 347 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Looks like the selabel stuff is leaking.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfZsNoACgkQrlYvE4MpobOFMgCfeZLFY2nmV+AmYWCkf64pWU60
M9MAoOenkWW6cjXuhP3dgJHzCWX7kKLg
=9INA
-----END PGP SIGNATURE-----

[-- Attachment #2: out --]
[-- Type: text/plain, Size: 4688 bytes --]

valgrind --leak-check=full matchpathcon /etc/security/access.conf /etc/security/chroot.conf /etc/security/console.apps /etc/security/console.handlers /etc/security/console.perms /etc/security/console.perms.d /etc/security/group.conf /etc/security/group.conf.rpmnew /etc/security/limits.conf /etc/security/limits.conf.rpmnew /etc/security/limits.d /etc/security/namespace.conf /etc/security/namespace.d /etc/security/namespace.init /etc/security/opasswd /etc/security/pam_env.conf /etc/security/pam_mount.conf.xml /etc/security/pam_winbind.conf /etc/security/sepermit.conf /etc/security/sepermit.conf.rpmnew /etc/security/time.conf
==22135== Memcheck, a memory error detector.
==22135== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==22135== Using LibVEX rev 1804, a library for dynamic binary translation.
==22135== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==22135== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==22135== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==22135== For more details, rerun with: -v
==22135== 
/etc/security/access.conf	system_u:object_r:etc_t
/etc/security/chroot.conf	system_u:object_r:etc_t
/etc/security/console.apps	system_u:object_r:userhelper_conf_t
/etc/security/console.handlers	system_u:object_r:etc_t
/etc/security/console.perms	system_u:object_r:etc_t
/etc/security/console.perms.d	system_u:object_r:etc_t
/etc/security/group.conf	system_u:object_r:etc_t
/etc/security/group.conf.rpmnew	system_u:object_r:etc_t
/etc/security/limits.conf	system_u:object_r:etc_t
/etc/security/limits.conf.rpmnew	system_u:object_r:etc_t
/etc/security/limits.d	system_u:object_r:etc_t
/etc/security/namespace.conf	system_u:object_r:etc_t
/etc/security/namespace.d	system_u:object_r:etc_t
/etc/security/namespace.init	system_u:object_r:bin_t
/etc/security/opasswd	system_u:object_r:etc_t
/etc/security/pam_env.conf	system_u:object_r:etc_t
/etc/security/pam_mount.conf.xml	system_u:object_r:etc_t
/etc/security/pam_winbind.conf	system_u:object_r:etc_t
/etc/security/sepermit.conf	system_u:object_r:etc_t
/etc/security/sepermit.conf.rpmnew	system_u:object_r:etc_t
/etc/security/time.conf	system_u:object_r:etc_t
==22135== 
==22135== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 1)
==22135== malloc/free: in use at exit: 464 bytes in 19 blocks.
==22135== malloc/free: 62,395 allocs, 62,376 frees, 7,306,530 bytes allocated.
==22135== For counts of detected errors, rerun with: -v
==22135== searching for pointers to 19 not-freed blocks.
==22135== checked 78,424 bytes.
==22135== 
==22135== 32 bytes in 1 blocks are definitely lost in loss record 1 of 3
==22135==    at 0x4A0739E: malloc (vg_replace_malloc.c:207)
==22135==    by 0x3457E0DA34: (within /lib64/libselinux.so.1)
==22135==    by 0x3457E0C928: selabel_open (in /lib64/libselinux.so.1)
==22135==    by 0x3457E105A6: matchpathcon_init_prefix (in /lib64/libselinux.so.1)
==22135==    by 0x3457E1067E: matchpathcon (in /lib64/libselinux.so.1)
==22135==    by 0x400BE6: (within /usr/sbin/matchpathcon)
==22135==    by 0x400E95: (within /usr/sbin/matchpathcon)
==22135==    by 0x3456E1E479: (below main) (in /lib64/libc-2.7.90.so)
==22135== 
==22135== 
==22135== 72 bytes in 3 blocks are definitely lost in loss record 2 of 3
==22135==    at 0x4A0739E: malloc (vg_replace_malloc.c:207)
==22135==    by 0x3457E12453: (within /lib64/libselinux.so.1)
==22135==    by 0x3457E12943: selinux_raw_to_trans_context (in /lib64/libselinux.so.1)
==22135==    by 0x3457E0C7E9: (within /lib64/libselinux.so.1)
==22135==    by 0x3457E0C84D: selabel_lookup (in /lib64/libselinux.so.1)
==22135==    by 0x400BE6: (within /usr/sbin/matchpathcon)
==22135==    by 0x400E95: (within /usr/sbin/matchpathcon)
==22135==    by 0x3456E1E479: (below main) (in /lib64/libc-2.7.90.so)
==22135== 
==22135== 
==22135== 360 bytes in 15 blocks are definitely lost in loss record 3 of 3
==22135==    at 0x4A0739E: malloc (vg_replace_malloc.c:207)
==22135==    by 0x3456E822C1: strdup (in /lib64/libc-2.7.90.so)
==22135==    by 0x3457E12923: selinux_raw_to_trans_context (in /lib64/libselinux.so.1)
==22135==    by 0x3457E0C7E9: (within /lib64/libselinux.so.1)
==22135==    by 0x3457E0C84D: selabel_lookup (in /lib64/libselinux.so.1)
==22135==    by 0x400BE6: (within /usr/sbin/matchpathcon)
==22135==    by 0x400E95: (within /usr/sbin/matchpathcon)
==22135==    by 0x3456E1E479: (below main) (in /lib64/libc-2.7.90.so)
==22135== 
==22135== LEAK SUMMARY:
==22135==    definitely lost: 464 bytes in 19 blocks.
==22135==      possibly lost: 0 bytes in 0 blocks.
==22135==    still reachable: 0 bytes in 0 blocks.
==22135==         suppressed: 0 bytes in 0 blocks.

[-- Attachment #3: out.sig --]
[-- Type: application/pgp-signature, Size: 72 bytes --]

Re: libselinux/matchpathcon has a memory leak

[Eamon Walsh]

Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Looks like the selabel stuff is leaking.
>   

Try this patch please:

Index: libselinux/src/label_file.c
===================================================================
--- libselinux/src/label_file.c	(revision 2848)
+++ libselinux/src/label_file.c	(working copy)
@@ -490,9 +490,8 @@
 				goto finish;
 			}
 			if (NULL == (data->spec_arr =
-				     malloc(sizeof(spec_t) * data->nspec)))
+				     calloc(data->nspec, sizeof(spec_t))))
 				goto finish;
-			memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
 			maxnspec = data->nspec;
 			rewind(fp);
 			if (homedirfp)
@@ -504,7 +503,7 @@
 	free(line_buf);
 
 	/* Move exact pathname specifications to the end. */
-	spec_copy = malloc(sizeof(spec_t) * data->nspec);
+	spec_copy = calloc(data->nspec, sizeof(spec_t));
 	if (!spec_copy)
 		goto finish;
 	j = 0;
Index: libselinux/src/matchpathcon.c
===================================================================
--- libselinux/src/matchpathcon.c	(revision 2848)
+++ libselinux/src/matchpathcon.c	(working copy)
@@ -284,6 +284,8 @@
 
 int matchpathcon_init_prefix(const char *path, const char *subset)
 {
+	matchpathcon_fini();
+
 	if (!mycanoncon)
 		mycanoncon = default_canoncon;
 
Index: libselinux/src/label.c
===================================================================
--- libselinux/src/label.c	(revision 2848)
+++ libselinux/src/label.c	(working copy)
@@ -95,7 +95,7 @@
 	if (compat_validate(rec, lr, "file_contexts", 0))
 		return NULL;
 
-	if (translating &&
+	if (translating && !lr->ctx_trans &&
 	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
 		return NULL;
 


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eamon Walsh wrote:
> Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Looks like the selabel stuff is leaking.
>>   
> 
> Try this patch please:
> 
> Index: libselinux/src/label_file.c
> ===================================================================
> --- libselinux/src/label_file.c    (revision 2848)
> +++ libselinux/src/label_file.c    (working copy)
> @@ -490,9 +490,8 @@
>                 goto finish;
>             }
>             if (NULL == (data->spec_arr =
> -                     malloc(sizeof(spec_t) * data->nspec)))
> +                     calloc(data->nspec, sizeof(spec_t))))
>                 goto finish;
> -            memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
>             maxnspec = data->nspec;
>             rewind(fp);
>             if (homedirfp)
> @@ -504,7 +503,7 @@
>     free(line_buf);
> 
>     /* Move exact pathname specifications to the end. */
> -    spec_copy = malloc(sizeof(spec_t) * data->nspec);
> +    spec_copy = calloc(data->nspec, sizeof(spec_t));
>     if (!spec_copy)
>         goto finish;
>     j = 0;
> Index: libselinux/src/matchpathcon.c
> ===================================================================
> --- libselinux/src/matchpathcon.c    (revision 2848)
> +++ libselinux/src/matchpathcon.c    (working copy)
> @@ -284,6 +284,8 @@
> 
> int matchpathcon_init_prefix(const char *path, const char *subset)
> {
> +    matchpathcon_fini();
> +
>     if (!mycanoncon)
>         mycanoncon = default_canoncon;
> 
> Index: libselinux/src/label.c
> ===================================================================
> --- libselinux/src/label.c    (revision 2848)
> +++ libselinux/src/label.c    (working copy)
> @@ -95,7 +95,7 @@
>     if (compat_validate(rec, lr, "file_contexts", 0))
>         return NULL;
> 
> -    if (translating &&
> +    if (translating && !lr->ctx_trans &&
>         selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
>         return NULL;
> 
> 
> 
I just published a similar patch.

Mine fixes one additional leak.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfZvhIACgkQrlYvE4MpobOWUwCcCDetcQ/oNP9e07/UTTdlcoV1
1ysAoIteN0R9U7JwVHD0nPBln0zzx/Tq
=8OWP
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Joshua Brindle]

Eamon Walsh wrote:
> Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Looks like the selabel stuff is leaking.
>>   
>
> Try this patch please:
>
> Index: libselinux/src/label_file.c
> ===================================================================
> --- libselinux/src/label_file.c    (revision 2848)
> +++ libselinux/src/label_file.c    (working copy)
> @@ -490,9 +490,8 @@
>                 goto finish;
>             }
>             if (NULL == (data->spec_arr =
> -                     malloc(sizeof(spec_t) * data->nspec)))
> +                     calloc(data->nspec, sizeof(spec_t))))
>                 goto finish;
> -            memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);

I don't think we should ever be using calloc or memset on structs, using 
malloc and an initializer avoids issues with the struct changing later.

>             maxnspec = data->nspec;
>             rewind(fp);
>             if (homedirfp)
> @@ -504,7 +503,7 @@
>     free(line_buf);
>
>     /* Move exact pathname specifications to the end. */
> -    spec_copy = malloc(sizeof(spec_t) * data->nspec);
> +    spec_copy = calloc(data->nspec, sizeof(spec_t));
>     if (!spec_copy)
>         goto finish;
>     j = 0;
> Index: libselinux/src/matchpathcon.c
> ===================================================================
> --- libselinux/src/matchpathcon.c    (revision 2848)
> +++ libselinux/src/matchpathcon.c    (working copy)
> @@ -284,6 +284,8 @@
>
> int matchpathcon_init_prefix(const char *path, const char *subset)
> {
> +    matchpathcon_fini();
> +

do we really want to trash all the state instead of attempting to use it?

>     if (!mycanoncon)
>         mycanoncon = default_canoncon;
>
> Index: libselinux/src/label.c
> ===================================================================
> --- libselinux/src/label.c    (revision 2848)
> +++ libselinux/src/label.c    (working copy)
> @@ -95,7 +95,7 @@
>     if (compat_validate(rec, lr, "file_contexts", 0))
>         return NULL;
>
> -    if (translating &&
> +    if (translating && !lr->ctx_trans &&
>         selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
>         return NULL;
>
>
>



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Stephen Smalley]

On Thu, 2008-03-13 at 19:24 -0400, Eamon Walsh wrote:
> Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Looks like the selabel stuff is leaking.
> >   
> 
> Try this patch please:
> 
> Index: libselinux/src/label_file.c
> ===================================================================
> --- libselinux/src/label_file.c	(revision 2848)
> +++ libselinux/src/label_file.c	(working copy)
> @@ -490,9 +490,8 @@
>  				goto finish;
>  			}
>  			if (NULL == (data->spec_arr =
> -				     malloc(sizeof(spec_t) * data->nspec)))
> +				     calloc(data->nspec, sizeof(spec_t))))
>  				goto finish;
> -			memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);

Fine as a cleanup, but wouldn't make a difference to this leak, so
that's a separate patch.

>  			maxnspec = data->nspec;
>  			rewind(fp);
>  			if (homedirfp)
> @@ -504,7 +503,7 @@
>  	free(line_buf);
>  
>  	/* Move exact pathname specifications to the end. */
> -	spec_copy = malloc(sizeof(spec_t) * data->nspec);
> +	spec_copy = calloc(data->nspec, sizeof(spec_t));

Unnecessary - if you look at the code that follows, it ensures that
every entry in spec_copy is initialized.

>  	if (!spec_copy)
>  		goto finish;
>  	j = 0;
> Index: libselinux/src/matchpathcon.c
> ===================================================================
> --- libselinux/src/matchpathcon.c	(revision 2848)
> +++ libselinux/src/matchpathcon.c	(working copy)
> @@ -284,6 +284,8 @@
>  
>  int matchpathcon_init_prefix(const char *path, const char *subset)
>  {
> +	matchpathcon_fini();

I think this burden belongs on the caller and shouldn't be silently done
here.

> +
>  	if (!mycanoncon)
>  		mycanoncon = default_canoncon;
>  
> Index: libselinux/src/label.c
> ===================================================================
> --- libselinux/src/label.c	(revision 2848)
> +++ libselinux/src/label.c	(working copy)
> @@ -95,7 +95,7 @@
>  	if (compat_validate(rec, lr, "file_contexts", 0))
>  		return NULL;
>  
> -	if (translating &&
> +	if (translating && !lr->ctx_trans &&
>  	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
>  		return NULL;

This is the only part applicable to the leak.

>  
> 
> 
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel J Walsh wrote:
> Looks like the selabel stuff is leaking.
I think if I call

matchpathcon("/etc", &scon)
matchpathcon("/etc", &scon)
matchpathcon("/etc", &scon)

It will leak.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfZuLcACgkQrlYvE4MpobO/pACgqvR1OLLm9WwSg6tk9b0Zmi2+
S4gAoLt23JGAfU/esg04pdPl+M3wil0s
=+Rlr
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The attached patch fixes the leaks.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfZu+0ACgkQrlYvE4MpobPbRQCeOFM6HzBGz2N3l56z+yvHEGwl
/7sAnjiJkOYsJFZcR8yXrVCdOl3iRFT5
=+kwB
-----END PGP SIGNATURE-----

[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 595 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.59/src/label.c
--- nsalibselinux/src/label.c	2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.59/src/label.c	2008-03-13 19:40:24.000000000 -0400
@@ -95,7 +95,7 @@
 	if (compat_validate(rec, lr, "file_contexts", 0))
 		return NULL;
 
-	if (translating &&
+	if (translating && (! lr->ctx_trans) &&
 	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
 		return NULL;
 
@@ -131,6 +131,7 @@
 void selabel_close(struct selabel_handle *rec)
 {
 	rec->func_close(rec);
+	free(rec->data);
 	free(rec);
 }
 

[-- Attachment #3: diff.sig --]
[-- Type: application/pgp-signature, Size: 72 bytes --]

Re: libselinux/matchpathcon has a memory leak

[Stephen Smalley]

On Thu, 2008-03-13 at 19:42 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> The attached patch fixes the leaks.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkfZu+0ACgkQrlYvE4MpobPbRQCeOFM6HzBGz2N3l56z+yvHEGwl
> /7sAnjiJkOYsJFZcR8yXrVCdOl3iRFT5
> =+kwB
> -----END PGP SIGNATURE-----
> plain text document attachment (diff)
> diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c libselinux-2.0.59/src/label.c
> --- nsalibselinux/src/label.c	2007-07-16 14:20:46.000000000 -0400
> +++ libselinux-2.0.59/src/label.c	2008-03-13 19:40:24.000000000 -0400
> @@ -95,7 +95,7 @@
>  	if (compat_validate(rec, lr, "file_contexts", 0))
>  		return NULL;
>  
> -	if (translating &&
> +	if (translating && (! lr->ctx_trans) &&

No parentheses required there.

>  	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
>  		return NULL;
>  
> @@ -131,6 +131,7 @@
>  void selabel_close(struct selabel_handle *rec)
>  {
>  	rec->func_close(rec);
> +	free(rec->data);

Wrong layer - we don't know how rec->data was allocated here.
Needs to happen in label_file.c:close(), I think, at the end of it.

>  	free(rec);
>  }
>  
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen Smalley wrote:
> On Thu, 2008-03-13 at 19:42 -0400, Daniel J Walsh wrote:
> The attached patch fixes the leaks.
> 
plain text document attachment (diff)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/label.c
libselinux-2.0.59/src/label.c
- --- nsalibselinux/src/label.c	2007-07-16 14:20:46.000000000 -0400
+++ libselinux-2.0.59/src/label.c	2008-03-13 19:40:24.000000000 -0400
@@ -95,7 +95,7 @@
 	if (compat_validate(rec, lr, "file_contexts", 0))
 		return NULL;

- -	if (translating &&
+	if (translating && (! lr->ctx_trans) &&

> No parentheses required there.

ok


 	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
 		return NULL;

@@ -131,6 +131,7 @@
 void selabel_close(struct selabel_handle *rec)
 {
 	rec->func_close(rec);
+	free(rec->data);

> Wrong layer - we don't know how rec->data was allocated here.
> Needs to happen in label_file.c:close(), I think, at the end of it.

But reading that code, it looks like the memory was being zeroed out for
reuse?  That is why I did it here instead of in the close.
 	free(rec);
 }


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfamjcACgkQrlYvE4MpobNPbwCeMFxneOjYOcXZhcjw1dJ+bH8h
k30AoLcyCWc8L8n6n4fzZVD3wYuf8Cqe
=QnyD
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Eamon Walsh]

Here is a new version of the patch.

The clearing out of the data instead of freeing it is a leftover from 
when that was a global variable.  That was the cause of the leak I 
thought was the result of a missing matchpathcon_fini().

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
---

Index: src/label_file.c
===================================================================
--- src/label_file.c	(revision 2848)
+++ src/label_file.c	(working copy)
@@ -562,7 +562,7 @@
 	if (data->stem_arr)
 		free(data->stem_arr);
 	
-	memset(data, 0, sizeof(*data));
+	free(data);
 }
 
 static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
Index: src/label.c
===================================================================
--- src/label.c	(revision 2848)
+++ src/label.c	(working copy)
@@ -95,7 +95,7 @@
 	if (compat_validate(rec, lr, "file_contexts", 0))
 		return NULL;
 
-	if (translating &&
+	if (translating && !lr->ctx_trans &&
 	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
 		return NULL;
 




-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Stephen Smalley]

On Fri, 2008-03-14 at 15:27 -0400, Eamon Walsh wrote:
> Here is a new version of the patch.
> 
> The clearing out of the data instead of freeing it is a leftover from 
> when that was a global variable.  That was the cause of the leak I 
> thought was the result of a missing matchpathcon_fini().
> 
> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>

Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>

Merge at will.

> ---
> 
> Index: src/label_file.c
> ===================================================================
> --- src/label_file.c	(revision 2848)
> +++ src/label_file.c	(working copy)
> @@ -562,7 +562,7 @@
>  	if (data->stem_arr)
>  		free(data->stem_arr);
>  	
> -	memset(data, 0, sizeof(*data));
> +	free(data);
>  }
>  
>  static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
> Index: src/label.c
> ===================================================================
> --- src/label.c	(revision 2848)
> +++ src/label.c	(working copy)
> @@ -95,7 +95,7 @@
>  	if (compat_validate(rec, lr, "file_contexts", 0))
>  		return NULL;
>  
> -	if (translating &&
> +	if (translating && !lr->ctx_trans &&
>  	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
>  		return NULL;
>  
> 
> 
> 
> 
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

First Attempt at root login on console always FAILS ??

[Hasan Rezaul-CHR010]

[-- Attachment #1: Type: text/plain, Size: 1941 bytes --]

Hi All,

I am getting an irritating problem on my Linux card (running selinux in
permissive mode), that I didn't use to see before, and am not sure whats
causing it :

When I reset my Linux Card, once it boots up, and I get the login
prompt, my first attempt at logging in as root on the console, ALWAYS
fails ! My second attempt and afterwards ALWAYS succeeds !

unknown host login: root
password: root
Login Failure
unknown host login: root
Password: root
root@unknown host#



This didn't used to happen before, and I am not sure what's causing it.
I do know that if I disable selinux, the problem goes away !  I am
guessing the problem is somewhere in between PAM and SELinux. Any
suggestions on what may be causing it ?  I have versions:

checkpolicy     1.34.1
libselinux         1.34.7
libsemanage     1.10.3
libsepol            1.16.1
policycoreutils  1.34.6


Contents of  /etc/pam.d/login file
------------------------------------------------

# Begin /etc/pam.d/login
auth        required       pam_tally.so onerr=fail deny=3
unlock_time=300
auth        requisite      pam_securetty.so
auth        requisite      pam_nologin.so
auth        required       pam_env.so
auth        required       pam_unix.so
account     required       pam_tally.so onerr=fail
account     required       pam_access.so
account     required       pam_unix.so
# pam_selinux.so close should be the first session rule
session     required       pam_selinux.so close
session     required       pam_loginuid.so
session     required       pam_motd.so
session     required       pam_limits.so
session     optional       pam_mail.so     dir=/var/mail standard
session     optional       pam_lastlog.so
session     required       pam_unix.so
# pam_selinux.so open should only be followed by sessions to be executed
in the
user context
session     required       pam_selinux.so open
# End /etc/pam.d/login

[-- Attachment #2: Type: text/html, Size: 6358 bytes --]

Re: First Attempt at root login on console always FAILS ??

[Stephen Smalley]

On Fri, 2008-03-14 at 18:15 -0400, Hasan Rezaul-CHR010 wrote:
> Hi All,
> 
> I am getting an irritating problem on my Linux card (running selinux
> in permissive mode), that I didn’t use to see before, and am not sure
> whats causing it :
> 
> When I reset my Linux Card, once it boots up, and I get the login
> prompt, my first attempt at logging in as root on the console, ALWAYS
> fails ! My second attempt and afterwards ALWAYS succeeds !
> 
> unknown host login: root 
> password: root 
> Login Failure 
> unknown host login: root 
> Password: root 
> root@unknown host#
> 
> 
> 
> This didn’t used to happen before, and I am not sure what's causing
> it. I do know that if I disable selinux, the problem goes away !  I am
> guessing the problem is somewhere in between PAM and SELinux. Any
> suggestions on what may be causing it ?  I have versions:
> 
> checkpolicy     1.34.1 
> libselinux         1.34.7 
> libsemanage     1.10.3 
> libsepol            1.16.1 
> policycoreutils  1.34.6
> 
> 
> Contents of  /etc/pam.d/login file 
> ------------------------------------------------
> 
> # Begin /etc/pam.d/login 
> auth        required       pam_tally.so onerr=fail deny=3
> unlock_time=300 
> auth        requisite      pam_securetty.so 
> auth        requisite      pam_nologin.so 
> auth        required       pam_env.so 
> auth        required       pam_unix.so 
> account     required       pam_tally.so onerr=fail 
> account     required       pam_access.so 
> account     required       pam_unix.so 
> # pam_selinux.so close should be the first session rule 
> session     required       pam_selinux.so close 
> session     required       pam_loginuid.so 
> session     required       pam_motd.so 
> session     required       pam_limits.so 
> session     optional       pam_mail.so     dir=/var/mail standard 
> session     optional       pam_lastlog.so 
> session     required       pam_unix.so 
> # pam_selinux.so open should only be followed by sessions to be
> executed in the 
> user context 
> session     required       pam_selinux.so open 
> # End /etc/pam.d/login

The pam_selinux entries look ok, assuming the version of pam_selinux you
are using actually supports the close/open arguments.  The rest of your
pam config though is rather different from the stock Fedora one.

Do you get any output in /var/log/secure or elsewhere that identifies
what pam module is encountering an error?

If not, can you comment out or make optional some of the pam modules to
help identify where the failure is occurring, e.g. pam_tally and
pam_access? 

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: First Attempt at root login on console always FAILS ??

[Hasan Rezaul-CHR010]

[-- Attachment #1: Type: text/plain, Size: 4763 bytes --]

Hi Stephen & Dan,

>From the /var/log/ files, I am not sure what pam module is having
problems ?!?  All I get, is a "System error" in the /var/log/secure file
!

So I reset the card, when I try to login the first time on the console
as root, I get "Login incorrect", and the second time, the login is
successful. This is 100% reproducible.  Selinux is running in
"Permissive" mode.


unknown_host login: root
Password:

Login incorrect
Unknown_host login: root
Password:

Last login: Mon Mar 17 21:45:52 GMT 2008 on ttyS0
root@hapWibbSc3:/root> 


Here are excerpts from the necessary files:

/var/log/secure
----------------------

Mar 17 21:45:45 unknown sshd[1087]: Server listening on 0.0.0.0 port 22.
Mar 17 21:45:49 unknown login[2103]: FAILED LOGIN (1) on 'ttyS0' FOR
`root', System error
Mar 17 21:45:52 unknown login[2103]: pam_unix(login:session): session
opened for user root by LOGIN(uid=0)
Mar 17 21:45:52 unknown login[2951]: ROOT LOGIN  on 'ttyS0'



/var/log/messages/
----------------------------

Mar 17 21:45:49 unknown kernel: SELinux: initialized (dev dm-5, type
ext3), uses xattr
Mar 17 21:45:49 unknown kernel: SELinux: initialized (dev tmpfs, type
tmpfs), uses transition SIDs
Mar 17 21:45:49 unknown kernel: SELinux: initialized (dev tmpfs, type
tmpfs), uses transition SIDs
Mar 17 21:45:49 unknown kernel: audit(1205790341.507:8): avc:  denied  {
read } for  pid=743 comm="pam_console_app" name="mnt" dev=dm-3 ino=47105
scontext=system_u:system_r:pam_console_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir


/var/log/dmesg
----------------------

audit(1205790341.507:8): avc:  denied  { read } for  pid=743
comm="pam_console_app" name="mnt" dev=dm-3 ino=47105
scontext=system_u:system_r:pam_console_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir 



-----Original Message-----
From: Stephen Smalley [mailto:sds@tycho.nsa.gov] 
Sent: Monday, March 17, 2008 7:22 AM
To: Hasan Rezaul-CHR010
Cc: SE Linux
Subject: Re: First Attempt at root login on console always FAILS ??


On Fri, 2008-03-14 at 18:15 -0400, Hasan Rezaul-CHR010 wrote:
> Hi All,
> 
> I am getting an irritating problem on my Linux card (running selinux 
> in permissive mode), that I didn't use to see before, and am not sure 
> whats causing it :
> 
> When I reset my Linux Card, once it boots up, and I get the login 
> prompt, my first attempt at logging in as root on the console, ALWAYS 
> fails ! My second attempt and afterwards ALWAYS succeeds !
> 
> unknown host login: root
> password: root
> Login Failure
> unknown host login: root
> Password: root
> root@unknown host#
> 
> 
> 
> This didn't used to happen before, and I am not sure what's causing 
> it. I do know that if I disable selinux, the problem goes away !  I am

> guessing the problem is somewhere in between PAM and SELinux. Any 
> suggestions on what may be causing it ?  I have versions:
> 
> checkpolicy     1.34.1 
> libselinux         1.34.7 
> libsemanage     1.10.3 
> libsepol            1.16.1 
> policycoreutils  1.34.6
> 
> 
> Contents of  /etc/pam.d/login file
> ------------------------------------------------
> 
> # Begin /etc/pam.d/login 
> auth        required       pam_tally.so onerr=fail deny=3
> unlock_time=300 
> auth        requisite      pam_securetty.so 
> auth        requisite      pam_nologin.so 
> auth        required       pam_env.so 
> auth        required       pam_unix.so 
> account     required       pam_tally.so onerr=fail 
> account     required       pam_access.so 
> account     required       pam_unix.so 
> # pam_selinux.so close should be the first session rule 
> session     required       pam_selinux.so close 
> session     required       pam_loginuid.so 
> session     required       pam_motd.so 
> session     required       pam_limits.so 
> session     optional       pam_mail.so     dir=/var/mail standard 
> session     optional       pam_lastlog.so 
> session     required       pam_unix.so 
> # pam_selinux.so open should only be followed by sessions to be 
> executed in the user context
> session     required       pam_selinux.so open 
> # End /etc/pam.d/login

The pam_selinux entries look ok, assuming the version of pam_selinux you
are using actually supports the close/open arguments.  The rest of your
pam config though is rather different from the stock Fedora one.

Do you get any output in /var/log/secure or elsewhere that identifies
what pam module is encountering an error?

If not, can you comment out or make optional some of the pam modules to
help identify where the failure is occurring, e.g. pam_tally and
pam_access? 

--
Stephen Smalley
National Security Agency


[-- Attachment #2: Type: text/html, Size: 12946 bytes --]

Re: First Attempt at root login on console always FAILS ??

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hasan Rezaul-CHR010 wrote:
> Hi Stephen & Dan,
> 
> From the /var/log/ files, I am not sure what pam module is having
> problems ?!?  All I get, is a "System error" in the /var/log/secure file
> !
> 
> So I reset the card, when I try to login the first time on the console
> as root, I get "Login incorrect", and the second time, the login is
> successful. This is 100% reproducible.  Selinux is running in
> "Permissive" mode.
> 
> 
> unknown_host login: root
> Password:
> 
> Login incorrect
> Unknown_host login: root
> Password:
> 
> Last login: Mon Mar 17 21:45:52 GMT 2008 on ttyS0
> root@hapWibbSc3:/root> 
> 
> 
> Here are excerpts from the necessary files:
> 
> /var/log/secure
> ----------------------
> 
> Mar 17 21:45:45 unknown sshd[1087]: Server listening on 0.0.0.0 port 22.
> Mar 17 21:45:49 unknown login[2103]: FAILED LOGIN (1) on 'ttyS0' FOR
> `root', System error
> Mar 17 21:45:52 unknown login[2103]: pam_unix(login:session): session
> opened for user root by LOGIN(uid=0)
> Mar 17 21:45:52 unknown login[2951]: ROOT LOGIN  on 'ttyS0'
> 
> 
> 
> /var/log/messages/
> ----------------------------
> 
> Mar 17 21:45:49 unknown kernel: SELinux: initialized (dev dm-5, type
> ext3), uses xattr
> Mar 17 21:45:49 unknown kernel: SELinux: initialized (dev tmpfs, type
> tmpfs), uses transition SIDs
> Mar 17 21:45:49 unknown kernel: SELinux: initialized (dev tmpfs, type
> tmpfs), uses transition SIDs
> Mar 17 21:45:49 unknown kernel: audit(1205790341.507:8): avc:  denied  {
> read } for  pid=743 comm="pam_console_app" name="mnt" dev=dm-3 ino=47105
> scontext=system_u:system_r:pam_console_t:s0
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> 
> 
> /var/log/dmesg
> ----------------------
> 
> audit(1205790341.507:8): avc:  denied  { read } for  pid=743
> comm="pam_console_app" name="mnt" dev=dm-3 ino=47105
> scontext=system_u:system_r:pam_console_t:s0
> tcontext=system_u:object_r:file_t:s0 tclass=dir 
>
Still not sure why you are not able to log in, but it looks like you
have an SELinux labeling problem.  You should not see file_t files on
your system, you probably need to relabel.  fixfiles restore



> 
> 
> -----Original Message-----
> From: Stephen Smalley [mailto:sds@tycho.nsa.gov] 
> Sent: Monday, March 17, 2008 7:22 AM
> To: Hasan Rezaul-CHR010
> Cc: SE Linux
> Subject: Re: First Attempt at root login on console always FAILS ??
> 
> 
> On Fri, 2008-03-14 at 18:15 -0400, Hasan Rezaul-CHR010 wrote:
>> Hi All,
>>
>> I am getting an irritating problem on my Linux card (running selinux 
>> in permissive mode), that I didn't use to see before, and am not sure 
>> whats causing it :
>>
>> When I reset my Linux Card, once it boots up, and I get the login 
>> prompt, my first attempt at logging in as root on the console, ALWAYS 
>> fails ! My second attempt and afterwards ALWAYS succeeds !
>>
>> unknown host login: root
>> password: root
>> Login Failure
>> unknown host login: root
>> Password: root
>> root@unknown host#
>>
>>
>>
>> This didn't used to happen before, and I am not sure what's causing 
>> it. I do know that if I disable selinux, the problem goes away !  I am
> 
>> guessing the problem is somewhere in between PAM and SELinux. Any 
>> suggestions on what may be causing it ?  I have versions:
>>
>> checkpolicy     1.34.1 
>> libselinux         1.34.7 
>> libsemanage     1.10.3 
>> libsepol            1.16.1 
>> policycoreutils  1.34.6
>>
>>
>> Contents of  /etc/pam.d/login file
>> ------------------------------------------------
>>
>> # Begin /etc/pam.d/login 
>> auth        required       pam_tally.so onerr=fail deny=3
>> unlock_time=300 
>> auth        requisite      pam_securetty.so 
>> auth        requisite      pam_nologin.so 
>> auth        required       pam_env.so 
>> auth        required       pam_unix.so 
>> account     required       pam_tally.so onerr=fail 
>> account     required       pam_access.so 
>> account     required       pam_unix.so 
>> # pam_selinux.so close should be the first session rule 
>> session     required       pam_selinux.so close 
>> session     required       pam_loginuid.so 
>> session     required       pam_motd.so 
>> session     required       pam_limits.so 
>> session     optional       pam_mail.so     dir=/var/mail standard 
>> session     optional       pam_lastlog.so 
>> session     required       pam_unix.so 
>> # pam_selinux.so open should only be followed by sessions to be 
>> executed in the user context
>> session     required       pam_selinux.so open 
>> # End /etc/pam.d/login
> 
> The pam_selinux entries look ok, assuming the version of pam_selinux you
> are using actually supports the close/open arguments.  The rest of your
> pam config though is rather different from the stock Fedora one.
> 
> Do you get any output in /var/log/secure or elsewhere that identifies
> what pam module is encountering an error?
> 
> If not, can you comment out or make optional some of the pam modules to
> help identify where the failure is occurring, e.g. pam_tally and
> pam_access? 
> 
> --
> Stephen Smalley
> National Security Agency
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkffsc8ACgkQrlYvE4MpobMtzwCggiMDiXjA/h5j603dpQp9e6wV
X4QAn16io7LYkP8X8BpblToKkAFkAZ/G
=vOTe
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: First Attempt at root login on console always FAILS ??

[Stephen Smalley]

On Mon, 2008-03-17 at 18:09 -0400, Hasan Rezaul-CHR010 wrote:
> Hi Stephen & Dan,
> 
> From the /var/log/ files, I am not sure what pam module is having
> problems ?!?  All I get, is a "System error" in the /var/log/secure
> file !
> 
> So I reset the card, when I try to login the first time on the console
> as root, I get "Login incorrect", and the second time, the login is
> successful. This is 100% reproducible.  Selinux is running in
> "Permissive" mode.

This means that one of your pam auth modules failed with a system error.

I'd suggest commenting out some of those pam modules, as I suggested
earlier.  In particular, pam_tally is often a source of problems (and an
easy denial of service).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: First Attempt at root login on console always FAILS ??

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hasan Rezaul-CHR010 wrote:
> Hi All,
> 
> I am getting an irritating problem on my Linux card (running selinux in
> permissive mode), that I didn't use to see before, and am not sure whats
> causing it :
> 
> When I reset my Linux Card, once it boots up, and I get the login
> prompt, my first attempt at logging in as root on the console, ALWAYS
> fails ! My second attempt and afterwards ALWAYS succeeds !
> 
> unknown host login: root
> password: root
> Login Failure
> unknown host login: root
> Password: root
> root@unknown host#
> 
> 
> 
> This didn't used to happen before, and I am not sure what's causing it.
> I do know that if I disable selinux, the problem goes away !  I am
> guessing the problem is somewhere in between PAM and SELinux. Any
> suggestions on what may be causing it ?  I have versions:
> 
> checkpolicy     1.34.1
> libselinux         1.34.7
> libsemanage     1.10.3
> libsepol            1.16.1
> policycoreutils  1.34.6
> 
> 
> Contents of  /etc/pam.d/login file
> ------------------------------------------------
> 
> # Begin /etc/pam.d/login
> auth        required       pam_tally.so onerr=fail deny=3
> unlock_time=300
> auth        requisite      pam_securetty.so
> auth        requisite      pam_nologin.so
> auth        required       pam_env.so
> auth        required       pam_unix.so
> account     required       pam_tally.so onerr=fail
> account     required       pam_access.so
> account     required       pam_unix.so
> # pam_selinux.so close should be the first session rule
> session     required       pam_selinux.so close
> session     required       pam_loginuid.so
> session     required       pam_motd.so
> session     required       pam_limits.so
> session     optional       pam_mail.so     dir=/var/mail standard
> session     optional       pam_lastlog.so
> session     required       pam_unix.so
> # pam_selinux.so open should only be followed by sessions to be executed
> in the
> user context
> session     required       pam_selinux.so open
> # End /etc/pam.d/login
> 
I would doubt this has anything to do with SELinux, especially when you
are in permissive mode.  Does /var/log/secure show you anything?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfeegUACgkQrlYvE4MpobMriACdGK3iBx7qnKdM8m1ilfMo09Dm
cxgAn2oTzMMGj3U7iqv6kKLmiqABFzFA
=rBSn
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux/matchpathcon has a memory leak

[Stephen Smalley]

On Fri, 2008-03-14 at 15:27 -0400, Eamon Walsh wrote:
> Here is a new version of the patch.
> 
> The clearing out of the data instead of freeing it is a leftover from 
> when that was a global variable.  That was the cause of the leak I 
> thought was the result of a missing matchpathcon_fini().
> 
> Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>

Merged.  Note that the Fedora patch must be reverted or you'll get a
double free when re-basing to this one.

> ---
> 
> Index: src/label_file.c
> ===================================================================
> --- src/label_file.c	(revision 2848)
> +++ src/label_file.c	(working copy)
> @@ -562,7 +562,7 @@
>  	if (data->stem_arr)
>  		free(data->stem_arr);
>  	
> -	memset(data, 0, sizeof(*data));
> +	free(data);
>  }
>  
>  static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
> Index: src/label.c
> ===================================================================
> --- src/label.c	(revision 2848)
> +++ src/label.c	(working copy)
> @@ -95,7 +95,7 @@
>  	if (compat_validate(rec, lr, "file_contexts", 0))
>  		return NULL;
>  
> -	if (translating &&
> +	if (translating && !lr->ctx_trans &&
>  	    selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
>  		return NULL;
>  
> 
> 
> 
> 
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.