From patchwork Wed Sep  7 08:08:46 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Janis Danisevskis <jdanis@android.com>
X-Patchwork-Id: 9319205
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	EFC1860752 for <patchwork-selinux@patchwork.kernel.org>;
	Wed,  7 Sep 2016 12:34:30 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E564729279
	for <patchwork-selinux@patchwork.kernel.org>;
	Wed,  7 Sep 2016 12:34:30 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D9C772927B; Wed,  7 Sep 2016 12:34:30 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.7 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=no version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9E9AF29279
	for <patchwork-selinux@patchwork.kernel.org>;
	Wed,  7 Sep 2016 12:34:29 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.30,296,1470700800"; d="scan'208";a="19036952"
IronPort-PHdr: =?us-ascii?q?9a23=3AW3L80RU3A0fdmbTuLz2/EFuAqp/V8LGtZVwlr6E/?=
	=?us-ascii?q?grcLSJyIuqrYZxCPt8tkgFKBZ4jH8fUM07OQ6PG5HzJZqsvY+DBaKdoXBkdD0Z?=
	=?us-ascii?q?1X1yUbQ+e9QXXhK/DrayFoVO9jb3RCu0+BDE5OBczlbEfTqHDhpRQbGxH4KBYn?=
	=?us-ascii?q?br+tQt2asc272qiI9oHJZE0Q3XzmMOo0ckz98FyZ9pFPx9AzcuBpklqBi0ALUt?=
	=?us-ascii?q?we/XlvK1OXkkS0zeaL17knzR5tvek8/dVLS6TwcvdwZ7VZCDM7LzJ9v5Wz5lH+?=
	=?us-ascii?q?Vw/H2l8wGiVTy0IJUED560ThU5PwtDbqnvZs0ymde8vtRPY7Xirmp7xmQRnkki?=
	=?us-ascii?q?AGO3s98XrLotBhh6Jc5hS6rlpwxJCQKJqZL9Jib6jdepUcXmMHUcFPE2RDHYi1?=
	=?us-ascii?q?dZdVJ/YQNuZf6Y/mrh0BqgXtKxOrAbbNwzlJnTfa1Ks7yOk/CgLHx0R0Hd4Htn?=
	=?us-ascii?q?XPhNzzOL0VUOzzx67Nm2aQJ8hK0CvwvdCbOisqpuuBCPcpKcc=3D?=
X-IPAS-Result: =?us-ascii?q?A2HfBADlB9BX/wHyM5BdGwEBAQMBAQEWAQEBAwEBAYMOAQE?=
	=?us-ascii?q?BAQEegVO6NSCHZkwBAQEBAQEBAQIBAlsngjIEAxMFBTk8AQEBAQEBIwINXwIBA?=
	=?us-ascii?q?wECDygGAQEMIAwCAwkBARcIIQgIAwEtAwEFAQsRBwcLBRgEAYgoohaBMj4yila?=
	=?us-ascii?q?FLgEBBYdeDB0IEIQUgguIYBEBhXiIM5Erjz+JTiWFZo8JMYERVIJbDRuBTm8Bg?=
	=?us-ascii?q?zZ4gScBAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 07 Sep 2016 12:34:26 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u87CWDbi022124;
	Wed, 7 Sep 2016 08:32:14 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u878A7oS066530 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Wed, 7 Sep 2016 04:10:07 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u878A1rw023167
	for <selinux@tycho.nsa.gov>; Wed, 7 Sep 2016 04:10:07 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1AiAQCtys9Xfy9SfUpdGgEBAQECAQEBAYMtAQEBAQGBcbYqhBGGHAKBZEwBAgEBAQEBAhMBAQkLCwkXhRMCAQMSLgEBNwEPIDE0AQUBHAcSIogooiKBMj4yilaFLgEBBYdbAQEBAQEBBAIBHAgQhBSCC4tYC4MHiDORKo8/iU6GC48JMYERgy8NG4FObwGGMQEBAQ
X-IPAS-Result: 
 A1AiAQCtys9Xfy9SfUpdGgEBAQECAQEBAYMtAQEBAQGBcbYqhBGGHAKBZEwBAgEBAQEBAhMBAQkLCwkXhRMCAQMSLgEBNwEPIDE0AQUBHAcSIogooiKBMj4yilaFLgEBBYdbAQEBAQEBBAIBHAgQhBSCC4tYC4MHiDORKo8/iU6GC48JMYERgy8NG4FObwGGMQEBAQ
X-IronPort-AV: E=Sophos;i="5.30,295,1470715200"; d="scan'208";a="5688380"
Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	([10.208.41.37])
	by goalie.tycho.ncsc.mil with ESMTP; 07 Sep 2016 04:10:06 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3A5uQSRxxmmyE+vTrXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0OwRIJqq85mqBkHD//Il1AaPBtSCrawdw6qO6ua7CDRGuc7A+Fk5M7V0Hycfjs?=
	=?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?=
	=?us-ascii?q?K/jvHcaK1oLshrn0pcSbI10RwmHsOfUqdFT+hD6Sn/FeuZFlJKc1x0mBiVpzUM?=
	=?us-ascii?q?MS+1lVI0mOlQ33/Ma68c0r2S1Rv/U865wICv2iLOwQBIZVBzU+Mm0z+Naj9Vya?=
	=?us-ascii?q?FVPOtU0nVX8KnxZyDgPE9EuyHsup83iyiu0owySePMvrXZgoSD+i6OFtUxauhy?=
	=?us-ascii?q?AZc3Yi/WjRhtZ3ja4epBO6uzRj0oXUZ8eTL/M4caTDOZsBSXFpQtdaVysHBJi1?=
	=?us-ascii?q?KYQIEa5JP/lTppPh/XMSvBC+Ak+qH+qpxThW1VHs2qhv8e0nEBqO8AUmHskDrm?=
	=?us-ascii?q?/Xrc69YKUeWOa014HByznZaPJanzz67d6bIVgavfiQUOcoIoLqwk41GlaA0A2d?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GWAQCtys9Xfy9SfUpdGgEBAQECAQEBA?=
	=?us-ascii?q?RYBAQEDAQEBgw4BAQEBAYFxtiqEEYYcAoFkTAEBAQEBAQEBAgECEAEBCQsLCRc?=
	=?us-ascii?q?xgjIEARUFBTk8AQEBAQEBIwINXwIBAxIuAQE3AQ8gMTQBBQEcBxIiiCiiIoEyP?=
	=?us-ascii?q?jKKVoUuAQEFh1sBAQEBAQEEAgEcCBCEFIILi1gLgweIM5Eqjz+JToYLjwkxgRG?=
	=?us-ascii?q?DLw0bgU5vAYRxgUABAQE?=
X-IPAS-Result: =?us-ascii?q?A0GWAQCtys9Xfy9SfUpdGgEBAQECAQEBARYBAQEDAQEBgw4?=
	=?us-ascii?q?BAQEBAYFxtiqEEYYcAoFkTAEBAQEBAQEBAgECEAEBCQsLCRcxgjIEARUFBTk8A?=
	=?us-ascii?q?QEBAQEBIwINXwIBAxIuAQE3AQ8gMTQBBQEcBxIiiCiiIoEyPjKKVoUuAQEFh1s?=
	=?us-ascii?q?BAQEBAQEEAgEcCBCEFIILi1gLgweIM5Eqjz+JToYLjwkxgRGDLw0bgU5vAYRxg?=
	=?us-ascii?q?UABAQE?=
X-IronPort-AV: E=Sophos;i="5.30,295,1470700800"; d="scan'208";a="19031051"
Received: from mail-wm0-f47.google.com ([74.125.82.47])
	by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256;
	07 Sep 2016 08:10:06 +0000
Received: by mail-wm0-f47.google.com with SMTP id w12so17120424wmf.0
	for <selinux@tycho.nsa.gov>; Wed, 07 Sep 2016 01:10:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=android.com; s=20120917;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=RDBkMYxFJ5CEBujj0lcJnTgaKT2c8Wad5v73osG4eho=;
	b=RZUHizpQWXO5KNsKWiRDhQmnUaEIT92othJhBhX2gUZpkD/3hDLWnt0C9sgOWzGISq
	0cajyTc9ELAXxzXuSLKCup4XLLtlUwczzxUwoopC0WskgUVGXPQw0otp8NAQHprwSA7v
	5EGaqqSEpUx++ILoUPbm8jBOLezKqRuBcU8bqEQRR4xV6d0iW7BM35XT3Nbmgyf3zncl
	JzzvFBVWyxWX95TI4o7F9SFtI0nH2kWx1IrMkb6buzCTjGKojGZIx0TOGv4ZuTs9iLHN
	Cqo/1xxDSVzVPZC89SmUalxg0LnQ3gwwYV4INTGdL7CAaUTGiJRmXHH++HrknUfDIww8
	empg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=RDBkMYxFJ5CEBujj0lcJnTgaKT2c8Wad5v73osG4eho=;
	b=RGGh+nmv53TZmbWK9QroUTjIae49o3P6CWnn4frUAPN8fgE70KfBdAFgU7ZQWhsCZI
	qHkFrzz+1CPsz0htbi9OCfyx1Aud6e26lqMt1+Dt/FCNMkAlLngfuvfFjNS5vgACzte4
	eZYFFo0wN/BBHCYH5oaEh+u+CvJ7zXuDq0zom55ii9MWXgFGmIs93lck3UAj4SCG18UM
	wXoyzKgU3ZrlUcC1mOrRrF9SYmhp3tCkY766Ic620MBo88JUK58feEvNV1LDR50KeInr
	2dEkHNwowEGeg8sSM9zCcHC9bRgo1G5mMbRhiqWO0sDjck3c90HnKwMXAhg8upneLIER
	3gSw==
X-Gm-Message-State: 
 AE9vXwMqcsLYG4m/O0r2Z+FEaqcQ7ujeJrbVy7L3ocZsNq+diuVB1m8OL7AYyF/LZnq6SA==
X-Received: by 10.28.154.131 with SMTP id c125mr2693824wme.48.1473235805305;
	Wed, 07 Sep 2016 01:10:05 -0700 (PDT)
Received: from jdanis.lon.corp.google.com ([100.120.40.90])
	by smtp.gmail.com with ESMTPSA id
	m133sm2908479wmg.0.2016.09.07.01.10.04
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 07 Sep 2016 01:10:04 -0700 (PDT)
From: Janis Danisevskis <jdanis@android.com>
To: selinux@tycho.nsa.gov, seandroid-list@tycho.nsa.gov, sds@tycho.nsa.gov,
	jwcart2@tycho.nsa.gov
Subject: [PATCH 2/2] libselinux: fix memory leak on pcre2
Date: Wed,  7 Sep 2016 09:08:46 +0100
Message-Id: <1473235726-62661-2-git-send-email-jdanis@android.com>
X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020
In-Reply-To: <1473235726-62661-1-git-send-email-jdanis@android.com>
References: <1473235726-62661-1-git-send-email-jdanis@android.com>
X-Mailman-Approved-At: Wed, 07 Sep 2016 08:24:42 -0400
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: William Roberts <william.c.roberts@intel.com>

Introduced a malloc on pcre_version(). Libselinux
expected this to be static, just use a static
internal buffer.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libselinux/src/label_file.c           | 13 ++++++++-----
 libselinux/src/regex.c                | 20 +++++++-------------
 libselinux/utils/sefcontext_compile.c |  8 +++++---
 3 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 6698624..110db11 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -111,6 +111,7 @@ static int load_mmap(struct selabel_handle *rec, const char *path,
 	struct mmap_area *mmap_area;
 	uint32_t i, magic, version;
 	uint32_t entry_len, stem_map_len, regex_array_len;
+	const char *reg_version;
 
 	if (isbinary) {
 		len = strlen(path);
@@ -174,11 +175,13 @@ static int load_mmap(struct selabel_handle *rec, const char *path,
 	if (rc < 0 || version > SELINUX_COMPILED_FCONTEXT_MAX_VERS)
 		return -1;
 
+	reg_version = regex_version();
+	if (!reg_version)
+		return -1;
+
 	if (version >= SELINUX_COMPILED_FCONTEXT_PCRE_VERS) {
-		if (!regex_version()) {
-			return -1;
-		}
-		len = strlen(regex_version());
+
+		len = strlen(reg_version);
 
 		rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t));
 		if (rc < 0)
@@ -200,7 +203,7 @@ static int load_mmap(struct selabel_handle *rec, const char *path,
 		}
 
 		str_buf[entry_len] = '\0';
-		if ((strcmp(str_buf, regex_version()) != 0)) {
+		if ((strcmp(str_buf, reg_version) != 0)) {
 			free(str_buf);
 			return -1;
 		}
diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c
index 6b92b04..c880bfa 100644
--- a/libselinux/src/regex.c
+++ b/libselinux/src/regex.c
@@ -49,19 +49,13 @@ err:	regex_data_free(*regex);
 
 char const * regex_version(void) {
 #ifdef USE_PCRE2
-	static int initialized = 0;
-	static char * version_string = NULL;
-	size_t version_string_len;
-	if (!initialized) {
-		version_string_len = pcre2_config(PCRE2_CONFIG_VERSION, NULL);
-		version_string = (char*) malloc(version_string_len);
-		if (!version_string) {
-			return NULL;
-		}
-		pcre2_config(PCRE2_CONFIG_VERSION, version_string);
-		initialized = 1;
-	}
-	return version_string;
+	static char version_buf[256];
+	size_t len = pcre2_config(PCRE2_CONFIG_VERSION, NULL);
+	if (len <= 0 || len > sizeof(version_buf))
+		return NULL;
+
+	pcre2_config(PCRE2_CONFIG_VERSION, version_buf);
+	return version_buf;
 #else
 	return pcre_version();
 #endif
diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
index 8ff73f4..b6b8d92 100644
--- a/libselinux/utils/sefcontext_compile.c
+++ b/libselinux/utils/sefcontext_compile.c
@@ -101,6 +101,7 @@ static int write_binary_file(struct saved_data *data, int fd)
 	uint32_t section_len;
 	uint32_t i;
 	int rc;
+	const char *reg_version;
 
 	bin_file = fdopen(fd, "w");
 	if (!bin_file) {
@@ -120,13 +121,14 @@ static int write_binary_file(struct saved_data *data, int fd)
 		goto err;
 
 	/* write version of the regex back-end */
-	if (!regex_version())
+	reg_version = regex_version();
+	if (!reg_version)
 		goto err;
-	section_len = strlen(regex_version());
+	section_len = strlen(reg_version);
 	len = fwrite(&section_len, sizeof(uint32_t), 1, bin_file);
 	if (len != 1)
 		goto err;
-	len = fwrite(regex_version(), sizeof(char), section_len, bin_file);
+	len = fwrite(reg_version, sizeof(char), section_len, bin_file);
 	if (len != section_len)
 		goto err;