From: Petr Lautrbach <lautrbach@redhat.com>
To: selinux@vger.kernel.org
Subject: Re: Regression in 5876aca0484f ("libselinux: free data on selabel open failure")
Date: Tue, 09 Jul 2024 16:37:31 +0200 [thread overview]
Message-ID: <8734oi8wd0.fsf@redhat.com> (raw)
In-Reply-To: <875xte98hr.fsf@redhat.com>
Petr Lautrbach <lautrbach@redhat.com> writes:
> Hello,
>
> Katerina Koukiou https://bugzilla.redhat.com/show_bug.cgi?id=2295428
> discovered a regression in libselinux [1] which can be demonstrated by
> running `matchpathcon` on a system with SELinux disabled and without any
> SELinux policy installed.
>
> Fedora reproducer:
>
> $ toolbox create
> $ toolbox enter
> toolbox$ matchpatchcon /abc
>
> Before 5876aca0484f:
>
> $ matchpathcon /abc
> Error while opening file contexts database: No such file or directory
>
> After 5876aca0484f:
>
> $ matchpathcon /abc
> [1] 761709 segmentation fault (core dumped) matchpathcon /abc
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff7f9a7b8 in closef (rec=0x405a10) at label_file.c:915
> warning: Source file is more recent than executable.
> 915 free(spec->lr.ctx_trans);
The following patch fixes this particular problem:
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 2732972e61cf..59c9f2ef3442 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -942,6 +942,7 @@ static void closef(struct selabel_handle *rec)
free(last_area);
}
free(data);
+ rec->data = NULL;
}
// Finds all the matches of |key| in the given context. Returns the result in
> (gdb) bt full
> #0 0x00007ffff7f9a7b8 in closef (rec=0x405a10) at label_file.c:915
> data = 0x405a80
> area = 0x6ffffdf48
> last_area = 0x7fffffffdc90
> spec = 0x405
> stem = 0x2
> i = 0
> #1 0x00007ffff7f968b7 in selabel_close (rec=0x405a10) at label.c:364
> No locals.
> #2 0x00007ffff7f9648d in selabel_open (backend=0, opts=0x7fffffffdd80, nopts=6) at label.c:228
> rec = 0x405a10
> #3 0x00000000004015e7 in main (argc=2, argv=0x7fffffffdf48) at matchpathcon.c:131
> i = 32767
> force_mode = 0
> header = 1
> opt = -1
> verify = 0
> notrans = 0
> error = 0
> quiet = 0
> hnd = 0x7fffffffde20
> options = {{type = 0, value = 0x0}, {type = 0, value = 0x0}, {type = 0, value = 0x0}, {type = 0,
> value = 0x0}, {type = 0, value = 0x0}, {type = 0, value = 0x0}}
>
>
> As a workaround, it's necessary to install SElinux policy
>
> toolbox$ sudo dnf install selinux-policy-targeted
> toolbox$ $ matchpathcon /abc
> /abc system_u:object_r:etc_runtime_t:s0
>
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=2295428
prev parent reply other threads:[~2024-07-09 14:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-09 10:15 Regression in 5876aca0484f ("libselinux: free data on selabel open failure") Petr Lautrbach
2024-07-09 14:37 ` Petr Lautrbach [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8734oi8wd0.fsf@redhat.com \
--to=lautrbach@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.