From 68e819640a248c8b1cf04c436f95a8b7e7f5c0c3 Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Mon, 11 Sep 2023 16:54:11 +0800
Subject: [PATCH] backport upstream patch

---
 ...d-check-for-calloc-in-check_booleans.patch | 33 +++++++++++++++++++
 libselinux.spec                               |  6 +++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 backport-libselinux-add-check-for-calloc-in-check_booleans.patch

diff --git a/backport-libselinux-add-check-for-calloc-in-check_booleans.patch b/backport-libselinux-add-check-for-calloc-in-check_booleans.patch
new file mode 100644
index 0000000..a1f6cb3
--- /dev/null
+++ b/backport-libselinux-add-check-for-calloc-in-check_booleans.patch
@@ -0,0 +1,33 @@
+From d8edd363be3184c5738438fde937fd5ebc2d4923 Mon Sep 17 00:00:00 2001
+From: Huaxin Lu <luhuaxin1@huawei.com>
+Date: Mon, 19 Jun 2023 07:17:02 +0800
+Subject: [PATCH] libselinux: add check for calloc in check_booleans
+
+Check the return value of calloc() to avoid null pointer reference.
+
+Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
+Acked-by: Petr Lautrbach <lautrbach@redhat.com>
+---
+ src/audit2why.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/audit2why.c b/src/audit2why.c
+index ba1a66eb..8c4c07d5 100644
+--- a/src/audit2why.c
++++ b/src/audit2why.c
+@@ -149,6 +149,12 @@ static int check_booleans(struct boolean_t **bools)
+ 
+ 	if (fcnt > 0) {
+ 		*bools = calloc(sizeof(struct boolean_t), fcnt + 1);
++		if (!*bools) {
++			PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
++			free(foundlist);
++			return 0;
++		}
++
+ 		struct boolean_t *b = *bools;
+ 		for (i = 0; i < fcnt; i++) {
+ 			int ctr = foundlist[i];
+-- 
+2.27.0
+
diff --git a/libselinux.spec b/libselinux.spec
index 6d8164a..0c66289 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -3,7 +3,7 @@
 
 Name:    libselinux
 Version: 3.3
-Release: 3
+Release: 4
 License: Public Domain
 Summary: SELinux library and simple utilities
 Url:     https://github.com/SELinuxProject/selinux/wiki
@@ -26,6 +26,7 @@ Patch6013: backport-libselinux-filter-arguments-with-path-separators.patch
 Patch6014: backport-libselinux-fix-some-memory-issues-in-db_init.patch
 Patch6015: backport-libselinux-add-check-for-malloc.patch
 Patch6016: backport-libselinux-restore-use-fixed-sized-integer-for-hash-index.patch
+Patch6017: backport-libselinux-add-check-for-calloc-in-check_booleans.patch
 
 Patch9000: do-malloc-trim-after-load-policy.patch
 
@@ -146,6 +147,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 %{_mandir}/ru/man8/*
 
 %changelog
+* Mon Sep 11 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 3.3-4
+- backport upstream patch
+
 * Tue Jun 13 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 3.3-3
 - backport upstream patches
 
-- 
Gitee