From patchwork Thu Oct 27 11:52:36 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vit Mojzis <vmojzis@redhat.com>
X-Patchwork-Id: 9399239
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	BBF5260233 for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 27 Oct 2016 11:59:13 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 992F22A1D1
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 27 Oct 2016 11:59:13 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8E0CF2A1D4; Thu, 27 Oct 2016 11:59:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0DD5F2A1D1
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 27 Oct 2016 11:59:02 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.31,404,1473120000"; d="scan'208";a="264403"
IronPort-PHdr: =?us-ascii?q?9a23=3AjwSpHxbcUXLCA2frF952kyr/LSx+4OfEezUN459i?=
	=?us-ascii?q?sYplN5qZpci/bnLW6fgltlLVR4KTs6sC0LuM9f+5EjZQqb+681k6OKRWUBEEjc?=
	=?us-ascii?q?hE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZv?=
	=?us-ascii?q?IaytQ8iJ3p7xiLn5oc2bSj4LrQL1Wal1IhSyoFeZnegtqqwmFJwMzADUqGBDYe?=
	=?us-ascii?q?VcyDAgD1uSmxHh+pX4p8Y7oGxtofZpy+psGeW/Jvx5HvRkC2E9PmQ04tD7nQXS?=
	=?us-ascii?q?RguIoH0HWyMZlQQbLRLC6UTEX4u5lyz4pOtmkH2EOMr0X7EvcS6v46diVFnjjy?=
	=?us-ascii?q?JRZG1xy33elsEl1PETmxmmvREqhteMbQ=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2EABQC26xFY/wHyM5BcHAEBBAEBCgEBGAEFAQsBgn8BAQE?=
	=?us-ascii?q?BAR1Ycgu0M4Y/JguIAVMBAQEBAQEBAQIBAl8ogjMEAxMFBTkQVQINZgI3FCAOA?=
	=?us-ascii?q?wkCFwghCAgDASkEFR8LBRgEiDMOv1wBHwWGPYhuEQFohRMFjkqLTIYtiXUCige?=
	=?us-ascii?q?FeQJJkENUX4ULcAGGNXiBMQEBAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP; 27 Oct 2016 11:58:41 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u9RBve8x011358;
	Thu, 27 Oct 2016 07:57:54 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u9RBvZF1116828 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Thu, 27 Oct 2016 07:57:35 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u9RBuRBg011312
	for <selinux@tycho.nsa.gov>; Thu, 27 Oct 2016 07:57:35 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1CJAAB56hFYhxy3hNFcGwEBAQMBAQEJAQEBgyoBAQEBAXVyC6cLAY0ngjOEFhcQhXuCBlMBAgEBAQEBAhMBAQEKCwkJHYYSMF5DiFQOv0oBKwWGPYlohRMFjkqLTIYtiXUCigeFeQJJkEOBM4JJY4FfPDQBiF4BAQE
X-IPAS-Result: 
 A1CJAAB56hFYhxy3hNFcGwEBAQMBAQEJAQEBgyoBAQEBAXVyC6cLAY0ngjOEFhcQhXuCBlMBAgEBAQEBAhMBAQEKCwkJHYYSMF5DiFQOv0oBKwWGPYlohRMFjkqLTIYtiXUCigeFeQJJkEOBM4JJY4FfPDQBiF4BAQE
X-IronPort-AV: E=Sophos;i="5.31,404,1473134400"; d="scan'208";a="5789011"
Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	([10.208.41.37])
	by goalie.tycho.ncsc.mil with ESMTP; 27 Oct 2016 07:55:55 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3Azb4zThFGmHkJ2pFqu3bIQ51GYnF86YWxBRYc798d?=
	=?us-ascii?q?s5kLTJ75pMywAkXT6L1XgUPTWs2DsrQf2rCQ7PmrAzxIyK3CmUhKSIZLWR4BhJ?=
	=?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?=
	=?us-ascii?q?brysXNWD1YLojqvoq9X6WEZhvHKFe7R8LRG7/036l/I9ps9cEJs30QbDuXBSeu?=
	=?us-ascii?q?5blitCLFOXmAvgtI/rpMYwu3cYh/V07MNEUKPnb4wkXLdYC3IgKGlz68r15jfZ?=
	=?us-ascii?q?Sg7a2HoAGkARkAhJGECR8hT9XIXwqQPgu+Z90TXcNsrzG+NnEQ++5rtmHUe7wB?=
	=?us-ascii?q?wMMCQ0pTna?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EAAQCO6hFYhxy3hNFcHAEBBAEBCgEBF?=
	=?us-ascii?q?gEBAQMBAQEJAQEBgn8BAQEBAXVyC6cLAY0ngjOEFhcQhXuCBlMBAQEBAQEBAQI?=
	=?us-ascii?q?BAhABAQEKCwkJHTCCMxiDFygIXkOIVA6/SgErBYY9iWiFEwWOSotMhi2JdQKKB?=
	=?us-ascii?q?4V5AkmQQ4EzgyyBXzw0AYheAQEB?=
X-IPAS-Result: =?us-ascii?q?A0EAAQCO6hFYhxy3hNFcHAEBBAEBCgEBFgEBAQMBAQEJAQE?=
	=?us-ascii?q?Bgn8BAQEBAXVyC6cLAY0ngjOEFhcQhXuCBlMBAQEBAQEBAQIBAhABAQEKCwkJH?=
	=?us-ascii?q?TCCMxiDFygIXkOIVA6/SgErBYY9iWiFEwWOSotMhi2JdQKKB4V5AkmQQ4Ezgyy?=
	=?us-ascii?q?BXzw0AYheAQEB?=
X-IronPort-AV: E=Sophos;i="5.31,404,1473120000"; d="scan'208";a="264318"
Received: from unknown (HELO mx1.redhat.com) ([209.132.183.28])
	by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	27 Oct 2016 11:55:40 +0000
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id C05DC90907
	for <selinux@tycho.nsa.gov>; Thu, 27 Oct 2016 11:53:10 +0000 (UTC)
Received: from Thinkpad_450.brq.redhat.com ([10.40.3.114])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u9RBr4wl022334; Thu, 27 Oct 2016 07:53:10 -0400
From: Vit Mojzis <vmojzis@redhat.com>
To: selinux@tycho.nsa.gov
Subject: [PATCH] libselinux: fix pointer handling in realpath_not_final
Date: Thu, 27 Oct 2016 13:52:36 +0200
Message-Id: <1477569156-12380-1-git-send-email-vmojzis@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.29]); Thu, 27 Oct 2016 11:53:10 +0000 (UTC)
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: vmojzis <vmojzis@redhat.com>

Loop designed for stripping leading "//" was changing
the only pointer referencing block of memory allocated
by "strdup", resulting in "free()" failure. The loop
had no effect because "realpath" is used later on.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1376598

Signed-off-by: vmojzis <vmojzis@redhat.com>
---
 libselinux/src/matchpathcon.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
index 724eb65..58b4144 100644
--- a/libselinux/src/matchpathcon.c
+++ b/libselinux/src/matchpathcon.c
@@ -389,12 +389,6 @@ int realpath_not_final(const char *name, char *resolved_path)
 		goto out;
 	}
 
-	/* strip leading // */
-	while (tmp_path[len] && tmp_path[len] == '/' &&
-	       tmp_path[len+1] && tmp_path[len+1] == '/') {
-		tmp_path++;
-		len++;
-	}
 	last_component = strrchr(tmp_path, '/');
 
 	if (last_component == tmp_path) {