libsepol-2.6-2
- Fix neverallow bug when checking conditional policy - Destroy the expanded level when mls_semantic_level_expand() fails - Do not seg fault on sepol_*_key_free(NULL)
This commit is contained in:
Petr Lautrbach
parent
99653f4b76
commit
949825d574
@ -1,5 +1,27 @@
|
|||||||
|
diff --git libsepol-2.6/src/assertion.c libsepol-2.6/src/assertion.c
|
||||||
|
index a4be880..121bf8c 100644
|
||||||
|
--- libsepol-2.6/src/assertion.c
|
||||||
|
+++ libsepol-2.6/src/assertion.c
|
||||||
|
@@ -222,7 +222,7 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void
|
||||||
|
ebitmap_node_t *snode, *tnode;
|
||||||
|
unsigned int i, j;
|
||||||
|
|
||||||
|
- if (k->specified != AVTAB_ALLOWED)
|
||||||
|
+ if ((k->specified & AVTAB_ALLOWED) == 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
|
||||||
|
@@ -455,7 +455,7 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a
|
||||||
|
avrule_t *avrule = a->avrule;
|
||||||
|
avtab_t *avtab = a->avtab;
|
||||||
|
|
||||||
|
- if (k->specified != AVTAB_ALLOWED)
|
||||||
|
+ if ((k->specified & AVTAB_ALLOWED) == 0)
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
if (!match_any_class_permissions(avrule->perms, k->target_class, d->data))
|
||||||
diff --git libsepol-2.6/src/boolean_record.c libsepol-2.6/src/boolean_record.c
|
diff --git libsepol-2.6/src/boolean_record.c libsepol-2.6/src/boolean_record.c
|
||||||
index 8b64413..ebef7f1 100644
|
index 8b64413..a194704 100644
|
||||||
--- libsepol-2.6/src/boolean_record.c
|
--- libsepol-2.6/src/boolean_record.c
|
||||||
+++ libsepol-2.6/src/boolean_record.c
|
+++ libsepol-2.6/src/boolean_record.c
|
||||||
@@ -15,7 +15,7 @@ struct sepol_bool {
|
@@ -15,7 +15,7 @@ struct sepol_bool {
|
||||||
@ -25,16 +47,31 @@ index 8b64413..ebef7f1 100644
|
|||||||
|
|
||||||
*key_ptr = tmp_key;
|
*key_ptr = tmp_key;
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
@@ -62,6 +67,7 @@ int sepol_bool_key_extract(sepol_handle_t * handle,
|
@@ -62,6 +67,9 @@ int sepol_bool_key_extract(sepol_handle_t * handle,
|
||||||
|
|
||||||
void sepol_bool_key_free(sepol_bool_key_t * key)
|
void sepol_bool_key_free(sepol_bool_key_t * key)
|
||||||
{
|
{
|
||||||
|
+ if (!key)
|
||||||
|
+ return;
|
||||||
+ free(key->name);
|
+ free(key->name);
|
||||||
free(key);
|
free(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
diff --git libsepol-2.6/src/expand.c libsepol-2.6/src/expand.c
|
||||||
|
index 004a029..1d7558e 100644
|
||||||
|
--- libsepol-2.6/src/expand.c
|
||||||
|
+++ libsepol-2.6/src/expand.c
|
||||||
|
@@ -937,7 +937,7 @@ int mls_semantic_range_expand(mls_semantic_range_t * sr, mls_range_t * r,
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (mls_semantic_level_expand(&sr->level[1], &r->level[1], p, h) < 0) {
|
||||||
|
- mls_semantic_level_destroy(&sr->level[0]);
|
||||||
|
+ mls_level_destroy(&r->level[0]);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
diff --git libsepol-2.6/src/iface_record.c libsepol-2.6/src/iface_record.c
|
diff --git libsepol-2.6/src/iface_record.c libsepol-2.6/src/iface_record.c
|
||||||
index 09adeb7..c8b977c 100644
|
index 09adeb7..6d56835 100644
|
||||||
--- libsepol-2.6/src/iface_record.c
|
--- libsepol-2.6/src/iface_record.c
|
||||||
+++ libsepol-2.6/src/iface_record.c
|
+++ libsepol-2.6/src/iface_record.c
|
||||||
@@ -20,7 +20,7 @@ struct sepol_iface {
|
@@ -20,7 +20,7 @@ struct sepol_iface {
|
||||||
@ -60,16 +97,18 @@ index 09adeb7..c8b977c 100644
|
|||||||
|
|
||||||
*key_ptr = tmp_key;
|
*key_ptr = tmp_key;
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
@@ -68,6 +73,7 @@ int sepol_iface_key_extract(sepol_handle_t * handle,
|
@@ -68,6 +73,9 @@ int sepol_iface_key_extract(sepol_handle_t * handle,
|
||||||
|
|
||||||
void sepol_iface_key_free(sepol_iface_key_t * key)
|
void sepol_iface_key_free(sepol_iface_key_t * key)
|
||||||
{
|
{
|
||||||
|
+ if (!key)
|
||||||
|
+ return;
|
||||||
+ free(key->name);
|
+ free(key->name);
|
||||||
free(key);
|
free(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
diff --git libsepol-2.6/src/user_record.c libsepol-2.6/src/user_record.c
|
diff --git libsepol-2.6/src/user_record.c libsepol-2.6/src/user_record.c
|
||||||
index c59c54b..e7e2fc2 100644
|
index c59c54b..d72d4c7 100644
|
||||||
--- libsepol-2.6/src/user_record.c
|
--- libsepol-2.6/src/user_record.c
|
||||||
+++ libsepol-2.6/src/user_record.c
|
+++ libsepol-2.6/src/user_record.c
|
||||||
@@ -24,7 +24,7 @@ struct sepol_user {
|
@@ -24,7 +24,7 @@ struct sepol_user {
|
||||||
@ -95,10 +134,12 @@ index c59c54b..e7e2fc2 100644
|
|||||||
|
|
||||||
*key_ptr = tmp_key;
|
*key_ptr = tmp_key;
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
@@ -71,6 +76,7 @@ int sepol_user_key_extract(sepol_handle_t * handle,
|
@@ -71,6 +76,9 @@ int sepol_user_key_extract(sepol_handle_t * handle,
|
||||||
|
|
||||||
void sepol_user_key_free(sepol_user_key_t * key)
|
void sepol_user_key_free(sepol_user_key_t * key)
|
||||||
{
|
{
|
||||||
|
+ if (!key)
|
||||||
|
+ return;
|
||||||
+ free(key->name);
|
+ free(key->name);
|
||||||
free(key);
|
free(key);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,14 +1,14 @@
|
|||||||
Summary: SELinux binary policy manipulation library
|
Summary: SELinux binary policy manipulation library
|
||||||
Name: libsepol
|
Name: libsepol
|
||||||
Version: 2.6
|
Version: 2.6
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libsepol-2.6.tar.gz
|
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/libsepol-2.6.tar.gz
|
||||||
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
|
||||||
# run:
|
# run:
|
||||||
# $ VERSION=2.6 ./make-fedora-selinux-patch.sh libsepol
|
# $ VERSION=2.6 ./make-fedora-selinux-patch.sh libsepol
|
||||||
# FIXME: HEAD https://github.com/fedora-selinux/selinux/commit/caefad506ca46db441952ab64ebfc6202897516b
|
# HEAD https://github.com/fedora-selinux/selinux/commit/601a1d1363fe4137ff3a2991c546f7a0ccfec4cb
|
||||||
Patch1: libsepol-fedora.patch
|
Patch1: libsepol-fedora.patch
|
||||||
URL: https://github.com/SELinuxProject/selinux/wiki
|
URL: https://github.com/SELinuxProject/selinux/wiki
|
||||||
BuildRequires: flex
|
BuildRequires: flex
|
||||||
@ -106,6 +106,11 @@ exit 0
|
|||||||
%{_libdir}/libsepol.so.1
|
%{_libdir}/libsepol.so.1
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 31 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-2
|
||||||
|
- Fix neverallow bug when checking conditional policy
|
||||||
|
- Destroy the expanded level when mls_semantic_level_expand() fails
|
||||||
|
- Do not seg fault on sepol_*_key_free(NULL)
|
||||||
|
|
||||||
* Sun Feb 12 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1
|
* Sun Feb 12 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1
|
||||||
- Update to upstream release 2016-10-14
|
- Update to upstream release 2016-10-14
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user