summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-04-02 22:11:59 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-04-03 18:29:50 +0200
commitac93a2d27415abd730aa1063b1689def8be9dbe9 (patch)
tree46d388de08a91d8333763bdb761dc0f2641b6eb4 /src
parentc410cb395e5999dc90b5e228a02990bcdd0f22ab (diff)
downloadsssd-ac93a2d27415abd730aa1063b1689def8be9dbe9.tar.gz
sssd-ac93a2d27415abd730aa1063b1689def8be9dbe9.tar.xz
sssd-ac93a2d27415abd730aa1063b1689def8be9dbe9.zip
IPA: Fix SELinux mapping order memory hierarchy
https://fedorahosted.org/sssd/ticket/2300 The list of SELinux mapping orders was allocated on tmp_ctx and parsed into an array. The array itself was correctly allocated on mem_ctx but its contents remained on tmp_ctx, leading to a use-after-free error. This patch fixes the memory hierarchy so that both the array and its contents are allocated on mem_ctx. (cherry picked from commit 355b8a655cfcc4e783077d12f76b55da1d23fb87) Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src')
-rw-r--r--src/providers/ipa/ipa_selinux.c16
1 files changed, 8 insertions, 8 deletions
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 7f5916191..b7cbe445f 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -557,21 +557,15 @@ static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order,
goto done;
}
- order = talloc_strdup(tmp_ctx, map_order);
- if (order == NULL) {
- ret = ENOMEM;
- goto done;
- }
- len = strlen(order);
-
/* The "order" string contains one or more SELinux user records
* separated by $. Now we need to create an array of string from
* this one string. First find out how many elements in the array
* will be. This way only one alloc will be necessary for the array
*/
order_count = 1;
+ len = strlen(map_order);
for (i = 0; i < len; i++) {
- if (order[i] == '$') order_count++;
+ if (map_order[i] == '$') order_count++;
}
order_array = talloc_array(tmp_ctx, char *, order_count);
@@ -580,6 +574,12 @@ static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order,
goto done;
}
+ order = talloc_strdup(order_array, map_order);
+ if (order == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
/* Now fill the array with pointers to the original string. Also
* use binary zeros to make multiple string out of the one.
*/