packages/checkpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
overweight 2019-09-30 10:35:06 -04:00
commit 0138473241
3 changed files with 112 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
0002-checkpolicy-destroy-the-class-datum-if-it-fails-to-initialize.patch Normal file
View File

@ -0,0 +1,29 @@
From daa00b28998af811f92aa821090f0ac2dd71f2bc Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 26 May 2018 18:15:07 +0200
Subject: [PATCH] checkpolicy: destroy the class datum if it fails to
initialize
require_class() allocate memory for its variable "class_datum_t *datum"
and calls symtab_init(&datum->permissions, PERM_SYMTAB_SIZE). If this
second call fails, datum is not freed.
Fix this memory leak.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
module_compiler.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/module_compiler.c b/module_compiler.c
index 155702f2..ada7cb2a 100644
--- a/module_compiler.c
+++ b/module_compiler.c
@@ -802,6 +802,7 @@ int require_class(int pass)
if ((datum = calloc(1, sizeof(*datum))) == NULL ||
symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
yyerror("Out of memory!");
+ class_datum_destroy(datum);
return -1;
}
ret =

BIN
checkpolicy-2.8.tar.gz Normal file
View File

Binary file not shown.

83
checkpolicy.spec Normal file
View File

@ -0,0 +1,83 @@
Name: checkpolicy
Version: 2.8
Release: 6
Summary: SELinux policy compiler
License: GPLv2
URL: https://github.com/SELinuxProject/selinux
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/checkpolicy-2.8.tar.gz
Patch6000: 0002-checkpolicy-destroy-the-class-datum-if-it-fails-to-initialize.patch
BuildRequires: gcc byacc bison flex flex-static libsepol-static >= 2.8-1 libselinux-devel >= 2.8-1 git
Conflicts: selinux-policy-base < 3.13.1-138
%description
checkpolicy is the SELinux policy compiler. It uses libsepol to
generate the binary policy.
(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)
%package_help
%prep
%autosetup -n %{name}-%{version} -p1 -Sgit
%build
make clean
make LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS"
make -C test LIBDIR="%{_libdir}" CFLAGS="%{optflags}" LDFLAGS="$RPM_LD_FLAGS"
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_bindir}
%make_install LIBDIR="%{_libdir}"
install test/dismod %{buildroot}%{_bindir}/sedismod
install test/dispol %{buildroot}%{_bindir}/sedispol
%pre
%preun
%post
%postun
%files
%defattr(-,root,root)
%license COPYING
%{_bindir}/*
%files help
%defattr(-,root,root)
%{_mandir}/*/*
%changelog
* Sat Sep 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.8-6
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:revise description
* Fri Aug 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.8-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:strengthen spec
* Tue Aug 20 2019 guoxiaoqi<guoxiaoqi2@huawei.com> - 2.8-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:rename patches
* Tue Jul 9 2019 zhangyujing <zhangyujing1@huawei.com> - 2.8-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Destroy the class datum if it fails to initialize
* Thu Jul 12 2018 openEuler Buildteam <buildteam@openeuler.org> - 2.8-2
- Package init