| Message ID | tencent_90BF03402499B510C39EB8BC137D04294607@qq.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | libsemanage: fix use-after-free in parse_module_store() | expand |
On Mon, Jun 14, 2021 at 12:52 AM HuaxinLu <luhuaxin1@foxmail.com> wrote: > > The passing parameter "arg" of parse_module_store will be freed after > calling. A copy of parameter should be used instead of itself. > > Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsemanage/src/conf-parse.y | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y > index 9bf9364a..eac91344 100644 > --- a/libsemanage/src/conf-parse.y > +++ b/libsemanage/src/conf-parse.y > @@ -516,12 +516,12 @@ static int parse_module_store(char *arg) > char *s; > current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE; > if ((s = strchr(arg, ':')) == NULL) { > - current_conf->store_path = arg; > + current_conf->store_path = strdup(arg); > current_conf->server_port = 4242; > } else { > char *endptr; > *s = '\0'; > - current_conf->store_path = arg; > + current_conf->store_path = strdup(arg); > current_conf->server_port = strtol(s + 1, &endptr, 10); > if (*(s + 1) == '\0' || *endptr != '\0') { > return -2; > -- > 2.26.0 >
EJames Carter <jwcart2@gmail.com> writes: > On Mon, Jun 14, 2021 at 12:52 AM HuaxinLu <luhuaxin1@foxmail.com> wrote: >> >> The passing parameter "arg" of parse_module_store will be freed after >> calling. A copy of parameter should be used instead of itself. >> >> Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com> > > Acked-by: James Carter <jwcart2@gmail.com> Merged, thanks! >> --- >> libsemanage/src/conf-parse.y | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y >> index 9bf9364a..eac91344 100644 >> --- a/libsemanage/src/conf-parse.y >> +++ b/libsemanage/src/conf-parse.y >> @@ -516,12 +516,12 @@ static int parse_module_store(char *arg) >> char *s; >> current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE; >> if ((s = strchr(arg, ':')) == NULL) { >> - current_conf->store_path = arg; >> + current_conf->store_path = strdup(arg); >> current_conf->server_port = 4242; >> } else { >> char *endptr; >> *s = '\0'; >> - current_conf->store_path = arg; >> + current_conf->store_path = strdup(arg); >> current_conf->server_port = strtol(s + 1, &endptr, 10); >> if (*(s + 1) == '\0' || *endptr != '\0') { >> return -2; >> -- >> 2.26.0 >>
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y index 9bf9364a..eac91344 100644 --- a/libsemanage/src/conf-parse.y +++ b/libsemanage/src/conf-parse.y @@ -516,12 +516,12 @@ static int parse_module_store(char *arg) char *s; current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE; if ((s = strchr(arg, ':')) == NULL) { - current_conf->store_path = arg; + current_conf->store_path = strdup(arg); current_conf->server_port = 4242; } else { char *endptr; *s = '\0'; - current_conf->store_path = arg; + current_conf->store_path = strdup(arg); current_conf->server_port = strtol(s + 1, &endptr, 10); if (*(s + 1) == '\0' || *endptr != '\0') { return -2;
The passing parameter "arg" of parse_module_store will be freed after calling. A copy of parameter should be used instead of itself. Signed-off-by: HuaxinLu <luhuaxin1@foxmail.com> --- libsemanage/src/conf-parse.y | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)