ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mkswap: possible to crash with SELinux relabeling support 

When fgetfilecon() is failed with -ENODATA, this process does not
exit.  However, "oldcontext" is not initialized in this case, so
context_new() will be called with uninitialized "oldcontext" at the
next.

Finally, it makes a segmentation fault, because context_new() have to
refer an incorrect memory region.

The attached patch fixes this matter using matchpathcon().  If we
cannot obtain actual file context due to -ENODATA, a context which is
returned by matchpathcon() is applied as oldcontext.  Then, the type
of the context is relabeled to "swapfile_t" explicitly.

Signed-off-by: KaiGai Kohei <kaigai@kaigai.gr.jp>
Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
KaiGai Kohei 2007-10-22 10:30:19 +02:00 committed by Karel Zak
parent 294940de30
commit 71bf788444
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
disk-utils/mkswap.c
View File

@ -738,12 +738,15 @@ the -f option to force it.\n"),
security_context_t oldcontext;
context_t newcontext;
if ((fgetfilecon(DEV, &oldcontext) < 0) &&
(errno != ENODATA)) {
fprintf(stderr, _("%s: %s: unable to obtain selinux file label: %s\n"),
program_name, device_name,
strerror(errno));
exit(1);
if (fgetfilecon(DEV, &oldcontext) < 0) {
if (errno != ENODATA) {
fprintf(stderr, _("%s: %s: unable to obtain selinux file label: %s\n"),
program_name, device_name,
strerror(errno));
exit(1);
}
if (matchpathcon(device_name, statbuf.st_mode, &oldcontext))
die(_("unable to matchpathcon()"));
}
if (!(newcontext = context_new(oldcontext)))
die(_("unable to create new selinux context"));