Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1484905 - cil_strpool.c: cil_strpool_tab variable is not properly destroyed
Summary: cil_strpool.c: cil_strpool_tab variable is not properly destroyed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libsepol
Version: 27
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-24 13:54 UTC by Jan Zarsky
Modified: 2017-12-19 19:50 UTC (History)
5 users (show)

Fixed In Version: libsepol-2.7-2.fc27
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-19 19:50:18 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Reproducer (933 bytes, text/x-csrc)
2017-08-24 13:54 UTC, Jan Zarsky
no flags Details

Description Jan Zarsky 2017-08-24 13:54:53 UTC
Created attachment 1317701 [details]
Reproducer

Description of problem:
In function cil_strpool_destroy, the cil_strpool_tab variable is freed (using cil_strpool_destroy), but it is not set back to NULL. So when the cil_strpool_init function is called again it assumes that cil_strpool_tab was initialized. Other cil_strpool functions then work with invalid data and this causes segfaults.

Version-Release number of selected component (if applicable):
libsepol-2.7-1.fc27.x86_64

How reproducible:
always

Steps to Reproduce:
1. Download reproducer (see attachment)
2. $ gcc cil_strpool_bug.c -o cil_strpool_bug -lsemanage
3. # ./cil_strpool_bug
Segmentation fault (core dumped)

Additional info:
Works with libsepol-2.6-2.fc26.x86_64
Commit that caused the bug: https://github.com/SELinuxProject/selinux/commit/d7cb38ff8714e1817e4ff35c1ded4d84a0b62f2a

Comment 2 Fedora Update System 2017-12-14 12:22:35 UTC
secilc-2.7-2.fc27 checkpolicy-2.7-2.fc27 policycoreutils-2.7-3.fc27 libsemanage-2.7-2.fc27 libselinux-2.7-3.fc27 libsepol-2.7-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-290cd03a8c

Comment 3 Fedora Update System 2017-12-15 11:28:44 UTC
checkpolicy-2.7-2.fc27, libselinux-2.7-3.fc27, libsemanage-2.7-2.fc27, libsepol-2.7-2.fc27, policycoreutils-2.7-3.fc27, secilc-2.7-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-290cd03a8c

Comment 4 Fedora Update System 2017-12-19 19:50:18 UTC
checkpolicy-2.7-2.fc27, libselinux-2.7-3.fc27, libsemanage-2.7-2.fc27, libsepol-2.7-2.fc27, policycoreutils-2.7-3.fc27, secilc-2.7-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.