diff --git libsepol-2.6/src/assertion.c libsepol-2.6/src/assertion.c index a4be880..121bf8c 100644 --- libsepol-2.6/src/assertion.c +++ libsepol-2.6/src/assertion.c @@ -222,7 +222,7 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void ebitmap_node_t *snode, *tnode; unsigned int i, j; - if (k->specified != AVTAB_ALLOWED) + if ((k->specified & AVTAB_ALLOWED) == 0) return 0; if (!match_any_class_permissions(avrule->perms, k->target_class, d->data)) @@ -455,7 +455,7 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a avrule_t *avrule = a->avrule; avtab_t *avtab = a->avtab; - if (k->specified != AVTAB_ALLOWED) + if ((k->specified & AVTAB_ALLOWED) == 0) goto exit; if (!match_any_class_permissions(avrule->perms, k->target_class, d->data)) diff --git libsepol-2.6/src/boolean_record.c libsepol-2.6/src/boolean_record.c index 8b64413..a194704 100644 --- libsepol-2.6/src/boolean_record.c +++ libsepol-2.6/src/boolean_record.c @@ -15,7 +15,7 @@ struct sepol_bool { struct sepol_bool_key { /* This boolean's name */ - const char *name; + char *name; }; int sepol_bool_key_create(sepol_handle_t * handle, @@ -30,7 +30,12 @@ int sepol_bool_key_create(sepol_handle_t * handle, return STATUS_ERR; } - tmp_key->name = name; + tmp_key->name = strdup(name); + if (!tmp_key->name) { + ERR(handle, "out of memory, " "could not create boolean key"); + free(tmp_key); + return STATUS_ERR; + } *key_ptr = tmp_key; return STATUS_SUCCESS; @@ -62,6 +67,9 @@ int sepol_bool_key_extract(sepol_handle_t * handle, void sepol_bool_key_free(sepol_bool_key_t * key) { + if (!key) + return; + free(key->name); free(key); } diff --git libsepol-2.6/src/expand.c libsepol-2.6/src/expand.c index 004a029..1d7558e 100644 --- libsepol-2.6/src/expand.c +++ libsepol-2.6/src/expand.c @@ -937,7 +937,7 @@ int mls_semantic_range_expand(mls_semantic_range_t * sr, mls_range_t * r, return -1; if (mls_semantic_level_expand(&sr->level[1], &r->level[1], p, h) < 0) { - mls_semantic_level_destroy(&sr->level[0]); + mls_level_destroy(&r->level[0]); return -1; } diff --git libsepol-2.6/src/iface_record.c libsepol-2.6/src/iface_record.c index 09adeb7..6d56835 100644 --- libsepol-2.6/src/iface_record.c +++ libsepol-2.6/src/iface_record.c @@ -20,7 +20,7 @@ struct sepol_iface { struct sepol_iface_key { /* Interface name */ - const char *name; + char *name; }; /* Key */ @@ -36,7 +36,12 @@ int sepol_iface_key_create(sepol_handle_t * handle, return STATUS_ERR; } - tmp_key->name = name; + tmp_key->name = strdup(name); + if (!tmp_key->name) { + ERR(handle, "out of memory, could not create interface key"); + free(tmp_key); + return STATUS_ERR; + } *key_ptr = tmp_key; return STATUS_SUCCESS; @@ -68,6 +73,9 @@ int sepol_iface_key_extract(sepol_handle_t * handle, void sepol_iface_key_free(sepol_iface_key_t * key) { + if (!key) + return; + free(key->name); free(key); } diff --git libsepol-2.6/src/user_record.c libsepol-2.6/src/user_record.c index c59c54b..d72d4c7 100644 --- libsepol-2.6/src/user_record.c +++ libsepol-2.6/src/user_record.c @@ -24,7 +24,7 @@ struct sepol_user { struct sepol_user_key { /* This user's name */ - const char *name; + char *name; }; int sepol_user_key_create(sepol_handle_t * handle, @@ -40,7 +40,12 @@ int sepol_user_key_create(sepol_handle_t * handle, return STATUS_ERR; } - tmp_key->name = name; + tmp_key->name = strdup(name); + if (!tmp_key->name) { + ERR(handle, "out of memory, could not create selinux user key"); + free(tmp_key); + return STATUS_ERR; + } *key_ptr = tmp_key; return STATUS_SUCCESS; @@ -71,6 +76,9 @@ int sepol_user_key_extract(sepol_handle_t * handle, void sepol_user_key_free(sepol_user_key_t * key) { + if (!key) + return; + free(key->name); free(key); }