From: William Roberts <william.c.robe...@intel.com>
The newc variable is calloc'd and assigned to a new
owner during a loop. After the first assignment of newc
to newgenfs->head, the subsequent iteration could fail
before the newc is reseated with a new heap allocation
pointer. When the subsequent iteration fails, the
newc variable is freed. Later, an attempt it made to
free the same pointer assigned to newgenfs->head.
To correct this, clear newc after every loop iteration.
Signed-off-by: William Roberts <william.c.robe...@intel.com>
---
libsepol/src/policydb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 6a80f94..971793d 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2812,6 +2812,8 @@ static int genfs_read(policydb_t * p, struct policy_file
*fp)
l->next = newc;
else
newgenfs->head = newc;
+ /* clear newc after a new owner has the pointer */
+ newc = NULL;
}
}
--
1.9.1
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
