diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-06 08:40:12 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-11 10:00:37 +0200 |
| commit | 589a8760b38d9e2dfa278764af12d59e1487fe07 (patch) | |
| tree | ec052967290019a564511cb1bd4685b5288322f0 /src/util | |
| parent | ea422c7061072c125eb53b40d7f3ca444d886913 (diff) | |
| download | sssd-589a8760b38d9e2dfa278764af12d59e1487fe07.tar.gz sssd-589a8760b38d9e2dfa278764af12d59e1487fe07.tar.xz sssd-589a8760b38d9e2dfa278764af12d59e1487fe07.zip | |
SELINUX: Avoid disconnecting disconnected handle
Resolves:
https://fedorahosted.org/sssd/ticket/2649
libsemanage is very strict about its API usage and actually doesn't
allow disconnecting a handle that is not connected. The unpatched code
would fail with:
selinux_child: handle.c:231: semanage_disconnect: Assertion `sh !=
((void *)0) && sh->funcs != ((void *)0) && sh->funcs->disconnect !=
((void *)0)' failed.
If semanage_connect() failed.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/sss_semanage.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c index 01a2f41d8..d1d03988c 100644 --- a/src/util/sss_semanage.c +++ b/src/util/sss_semanage.c @@ -70,8 +70,13 @@ static void sss_semanage_error_callback(void *varg, static void sss_semanage_close(semanage_handle_t *handle) { - /* Calling disconnect on a disconnected handle is safe */ - semanage_disconnect(handle); + if (handle == NULL) { + return; /* semanage uses asserts */ + } + + if (semanage_is_connected(handle)) { + semanage_disconnect(handle); + } semanage_handle_destroy(handle); } |