diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-04-02 22:11:59 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-04-04 11:05:01 +0200 |
commit | 1a088724c4d70edfbecab4252c1644100374f0f0 (patch) | |
tree | 748e5f9d0ecce3d009b7fb65c39ca5ea16dcf9db | |
parent | d97ff9abd276e9216e5868be37c3762d208b36c0 (diff) | |
download | sssd-1a088724c4d70edfbecab4252c1644100374f0f0.tar.gz sssd-1a088724c4d70edfbecab4252c1644100374f0f0.tar.xz sssd-1a088724c4d70edfbecab4252c1644100374f0f0.zip |
IPA: Fix SELinux mapping order memory hierarchy
https://fedorahosted.org/sssd/ticket/2300
The list of SELinux mapping orders was allocated on tmp_ctx and parsed
into an array. The array itself was correctly allocated on mem_ctx but
its contents remained on tmp_ctx, leading to a use-after-free error.
This patch fixes the memory hierarchy so that both the array and its
contents are allocated on mem_ctx.
(cherry picked from commit 355b8a655cfcc4e783077d12f76b55da1d23fb87)
Reviewed-by: Sumit Bose <sbose@redhat.com>
-rw-r--r-- | src/providers/ipa/ipa_selinux.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 7f5916191..b7cbe445f 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -557,21 +557,15 @@ static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order, goto done; } - order = talloc_strdup(tmp_ctx, map_order); - if (order == NULL) { - ret = ENOMEM; - goto done; - } - len = strlen(order); - /* The "order" string contains one or more SELinux user records * separated by $. Now we need to create an array of string from * this one string. First find out how many elements in the array * will be. This way only one alloc will be necessary for the array */ order_count = 1; + len = strlen(map_order); for (i = 0; i < len; i++) { - if (order[i] == '$') order_count++; + if (map_order[i] == '$') order_count++; } order_array = talloc_array(tmp_ctx, char *, order_count); @@ -580,6 +574,12 @@ static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order, goto done; } + order = talloc_strdup(order_array, map_order); + if (order == NULL) { + ret = ENOMEM; + goto done; + } + /* Now fill the array with pointers to the original string. Also * use binary zeros to make multiple string out of the one. */ |