External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-26 14:35:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: SELinux: fix the transaction model's list append

Browse Source 
The problem is in the way how the list item is created prior to
appending it to the transaction list - the @path argument is just a
shallow copy instead of deep copy of the hostdev device's path.
Unfortunately, the hostdev devices from which the @path is extracted, in
order to add them into the transaction list, are only temporary and
freed before the buildup of the qemu namespace, thus making the @path
attribute in the transaction list NULL, causing 'permission denied' or
'double free' or 'unknown cause' errors.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1413773

Signed-off-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
Erik Skultety 2017-01-17 12:22:14 +01:00
parent df7f42d5be
commit 7e8b2da74f
1 changed files with 27 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/security/security_selinux.c
View File

@ -81,8 +81,8 @@ struct _virSecuritySELinuxCallbackData {
typedef struct _virSecuritySELinuxContextItem virSecuritySELinuxContextItem; typedef struct _virSecuritySELinuxContextItem virSecuritySELinuxContextItem;
typedef virSecuritySELinuxContextItem *virSecuritySELinuxContextItemPtr; typedef virSecuritySELinuxContextItem *virSecuritySELinuxContextItemPtr;
struct _virSecuritySELinuxContextItem { struct _virSecuritySELinuxContextItem {
const char *path; char *path;
const char *tcon; char *tcon;
bool optional; bool optional;
}; };
@ -105,27 +105,42 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityManagerPtr mgr,
virThreadLocal contextList; virThreadLocal contextList;
static void
virSecuritySELinuxContextItemFree(virSecuritySELinuxContextItemPtr item)
{
if (!item)
return;
VIR_FREE(item->path);
VIR_FREE(item->tcon);
VIR_FREE(item);
}
static int static int
virSecuritySELinuxContextListAppend(virSecuritySELinuxContextListPtr list, virSecuritySELinuxContextListAppend(virSecuritySELinuxContextListPtr list,
const char *path, const char *path,
const char *tcon, const char *tcon,
bool optional) bool optional)
{ {
virSecuritySELinuxContextItemPtr item; int ret = -1;
virSecuritySELinuxContextItemPtr item = NULL;
if (VIR_ALLOC(item) < 0) if (VIR_ALLOC(item) < 0)
return -1; return -1;
item->path = path; if (VIR_STRDUP(item->path, path) < 0 || VIR_STRDUP(item->tcon, tcon) < 0)
item->tcon = tcon; goto cleanup;
item->optional = optional; item->optional = optional;
if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0) { if (VIR_APPEND_ELEMENT(list->items, list->nItems, item) < 0)
VIR_FREE(item); goto cleanup;
return -1;
}
return 0; ret = 0;
cleanup:
virSecuritySELinuxContextItemFree(item);
return ret;
} }
static void static void
@ -138,7 +153,8 @@ virSecuritySELinuxContextListFree(void *opaque)
return; return;
for (i = 0; i < list->nItems; i++) for (i = 0; i < list->nItems; i++)
VIR_FREE(list->items[i]); virSecuritySELinuxContextItemFree(list->items[i]);
VIR_FREE(list); VIR_FREE(list);
} }