From b6b3ed1fa4c6de12908a9f01d1689f156c3cd441 Mon Sep 17 00:00:00 2001 From: Pavel Raiskup Date: Wed, 1 Jul 2015 12:30:57 +0200 Subject: [PATCH] selinux-h: avoid double free after *getfilecon() Originally reported by Ben Shelton on bug-tar: http://lists.gnu.org/archive/html/bug-tar/2015-04/msg00009.html * lib/getfilecon.c (map_to_failure): Set the already freed '*con' pointer to NULL. Man getfilecon(3) says that any non-NULL '*con' parameter should be freed by freecon(3) (regardless the return value). --- ChangeLog | 9 +++++++++ lib/getfilecon.c | 1 + 2 files changed, 10 insertions(+) diff --git a/lib/getfilecon.c b/lib/getfilecon.c index 9ac69be..ef6adc8 100644 --- a/gnu/getfilecon.c +++ b/gnu/getfilecon.c @@ -57,6 +57,7 @@ map_to_failure (int ret, security_context_t *con) if (ret == 10 && strcmp (*con, "unlabeled") == 0) { freecon (*con); + *con = NULL; errno = ENODATA; return -1; } -- 2.7.4