From 2ed3ac5190cd8f92d671e00837a360bd92cf150c Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 6 May 2015 08:40:12 +0200
Subject: SELINUX: Avoid disconnecting disconnected handle
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves:
    https://fedorahosted.org/sssd/ticket/2649

libsemanage is very strict about its API usage and actually doesn't
allow disconnecting a handle that is not connected. The unpatched code
would fail with:

    selinux_child: handle.c:231: semanage_disconnect: Assertion `sh !=
    ((void *)0) && sh->funcs != ((void *)0) && sh->funcs->disconnect !=
    ((void *)0)' failed.

If semanage_connect() failed.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 589a8760b38d9e2dfa278764af12d59e1487fe07)
---
 src/util/sss_semanage.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
index 01a2f41d8..d1d03988c 100644
--- a/src/util/sss_semanage.c
+++ b/src/util/sss_semanage.c
@@ -70,8 +70,13 @@ static void sss_semanage_error_callback(void *varg,
 
 static void sss_semanage_close(semanage_handle_t *handle)
 {
-    /* Calling disconnect on a disconnected handle is safe */
-    semanage_disconnect(handle);
+    if (handle == NULL) {
+        return;     /* semanage uses asserts */
+    }
+
+    if (semanage_is_connected(handle)) {
+        semanage_disconnect(handle);
+    }
     semanage_handle_destroy(handle);
 }
 
-- 
cgit