Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1484905

Summary: cil_strpool.c: cil_strpool_tab variable is not properly destroyed
Product: [Fedora] Fedora Reporter: Jan Zarsky <jzarsky>
Component: libsepolAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 27CC: dwalsh, mgrepl, plautrba, pmoore, vmojzis
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libsepol-2.7-2.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-19 19:50:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Reproducer none

Description Jan Zarsky 2017-08-24 13:54:53 UTC 
Created attachment 1317701 [details]
Reproducer

Description of problem:
In function cil_strpool_destroy, the cil_strpool_tab variable is freed (using cil_strpool_destroy), but it is not set back to NULL. So when the cil_strpool_init function is called again it assumes that cil_strpool_tab was initialized. Other cil_strpool functions then work with invalid data and this causes segfaults.

Version-Release number of selected component (if applicable):
libsepol-2.7-1.fc27.x86_64

How reproducible:
always

Steps to Reproduce:
1. Download reproducer (see attachment)
2. $ gcc cil_strpool_bug.c -o cil_strpool_bug -lsemanage
3. # ./cil_strpool_bug
Segmentation fault (core dumped)

Additional info:
Works with libsepol-2.6-2.fc26.x86_64
Commit that caused the bug: https://github.com/SELinuxProject/selinux/commit/d7cb38ff8714e1817e4ff35c1ded4d84a0b62f2a
Comment 1 Jan Zarsky 2017-08-29 06:40:46 UTC 
upstream fix: https://github.com/SELinuxProject/selinux/commit/1346746d82373bbc4516a830e7f17352b929fa35
Comment 2 Fedora Update System 2017-12-14 12:22:35 UTC 
secilc-2.7-2.fc27 checkpolicy-2.7-2.fc27 policycoreutils-2.7-3.fc27 libsemanage-2.7-2.fc27 libselinux-2.7-3.fc27 libsepol-2.7-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-290cd03a8c
Comment 3 Fedora Update System 2017-12-15 11:28:44 UTC 
checkpolicy-2.7-2.fc27, libselinux-2.7-3.fc27, libsemanage-2.7-2.fc27, libsepol-2.7-2.fc27, policycoreutils-2.7-3.fc27, secilc-2.7-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-290cd03a8c
Comment 4 Fedora Update System 2017-12-19 19:50:18 UTC 
checkpolicy-2.7-2.fc27, libselinux-2.7-3.fc27, libsemanage-2.7-2.fc27, libsepol-2.7-2.fc27, policycoreutils-2.7-3.fc27, secilc-2.7-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.