From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 13 Oct 2014 13:25:09 +0000 (+0200)
Subject: selinux: fix potential double free crash in child process
X-Git-Tag: v217~216
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=5e78424f4a27c07be50e246308035c877f204038;hp=3e883473a0f36c220fc45ecf61d6878c9ac308b4

selinux: fix potential double free crash in child process

Before returning from function we should reset ret to NULL, thus cleanup
function is nop.

Also context_str() returns pointer to a string containing context but not a
copy, hence we must make copy it explicitly.
---

diff --git a/src/shared/label.c b/src/shared/label.c
index b6af38d82..69d461618 100644
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -334,7 +334,7 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
         }
 
         freecon(mycon);
-        mycon = context_str(bcon);
+        mycon = strdup(context_str(bcon));
         if (!mycon) {
                 r = -errno;
                 goto out;
@@ -348,6 +348,7 @@ int label_get_child_mls_label(int socket_fd, const char *exe, char **label) {
         }
 
         *label = ret;
+        ret = NULL;
         r = 0;
 
 out: