From 103471a467c0fa719aad6bf83b9b1df148cc0800 Mon Sep 17 00:00:00 2001
From: markeryang <yanglongkang@h-partners.com>
Date: Mon, 1 Sep 2025 07:17:27 +0000
Subject: [PATCH] backport upstream patches

(cherry picked from commit cf8427345a68523f7f67a0af97ec2ab4dbd168d6)
---
 ...-selinux-free-memory-in-error-branch.patch | 104 ++++++++++++++++++
 libselinux.spec                               |   6 +-
 2 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 backport-selinux-free-memory-in-error-branch.patch

diff --git a/backport-selinux-free-memory-in-error-branch.patch b/backport-selinux-free-memory-in-error-branch.patch
new file mode 100644
index 0000000..52444c1
--- /dev/null
+++ b/backport-selinux-free-memory-in-error-branch.patch
@@ -0,0 +1,104 @@
+From 48f66b6aaad256cf196754cf96fb331773a6e5d4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 18 Oct 2024 17:12:58 +0200
+Subject: [PATCH] selinux: free memory in error branch
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Free the allocated line if it fails to parse via process_line() for the
+X or media database.
+
+Also declare the line_buf parameter of process_line() const, so it is
+more obvious it is not modified or free'd.
+
+Reported-by: clang-analyzer
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ src/label_media.c | 6 +++---
+ src/label_x.c     | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/label_media.c b/src/label_media.c
+index df4c2b6..621f800 100644
+--- a/src/label_media.c
++++ b/src/label_media.c
+@@ -30,12 +30,12 @@ struct saved_data {
+ 	spec_t *spec_arr;
+ };
+ 
+-static int process_line(const char *path, char *line_buf, int pass,
++static int process_line(const char *path, const char *line_buf, int pass,
+ 			unsigned lineno, struct selabel_handle *rec)
+ {
+ 	struct saved_data *data = (struct saved_data *)rec->data;
+ 	int items;
+-	char *buf_p;
++	const char *buf_p;
+ 	char *key, *context;
+ 
+ 	buf_p = line_buf;
+@@ -131,10 +131,11 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
+ 				goto finish;
+ 			memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ 			maxnspec = data->nspec;
+-			rewind(fp);
++			status = fseek(fp, 0L, SEEK_SET);
++			if (status == -1)
++				goto finish;
+ 		}
+ 	}
+-	free(line_buf);
+ 
+ 	status = digest_add_specfile(rec->digest, fp, NULL, sb.st_size, path);
+ 	if (status)
+@@ -143,6 +144,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
+ 	digest_gen_hash(rec->digest);
+ 
+ finish:
++	free(line_buf);
+ 	fclose(fp);
+ 	return status;
+ }
+diff --git a/src/label_x.c b/src/label_x.c
+index e9b489b..85839f4 100644
+--- a/src/label_x.c
++++ b/src/label_x.c
+@@ -32,12 +32,12 @@ struct saved_data {
+ 	spec_t *spec_arr;
+ };
+ 
+-static int process_line(const char *path, char *line_buf, int pass,
++static int process_line(const char *path, const char *line_buf, int pass,
+ 			unsigned lineno, struct selabel_handle *rec)
+ {
+ 	struct saved_data *data = (struct saved_data *)rec->data;
+ 	int items;
+-	char *buf_p;
++	const char *buf_p;
+ 	char *type, *key, *context;
+ 
+ 	buf_p = line_buf;
+@@ -158,10 +158,11 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
+ 				goto finish;
+ 			memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ 			maxnspec = data->nspec;
+-			rewind(fp);
++			status = fseek(fp, 0L, SEEK_SET);
++			if (status == -1)
++				goto finish;
+ 		}
+ 	}
+-	free(line_buf);
+ 
+ 	status = digest_add_specfile(rec->digest, fp, NULL, sb.st_size, path);
+ 	if (status)
+@@ -170,6 +171,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
+ 	digest_gen_hash(rec->digest);
+ 
+ finish:
++	free(line_buf);
+ 	fclose(fp);
+ 	return status;
+ }
diff --git a/libselinux.spec b/libselinux.spec
index 8e7a5f6..9a849da 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -3,7 +3,7 @@
 
 Name:    libselinux
 Version: 3.5
-Release: 5
+Release: 6
 License: Public Domain
 Summary: SELinux library and simple utilities
 Url:     https://github.com/SELinuxProject/selinux/wiki
@@ -25,6 +25,7 @@ Patch0013: backport-libselinux-set-free-d-data-to-NULL.patch
 Patch0014: backport-libselinux-matchpathcon-RESOURCE_LEAK-Variable-con.patch
 Patch0015: backport-libselinux-Close-old-selabel-handle-when-setting-a-n.patch
 Patch0016: backport-libselinux-initialize-regex-arch-string-in-a-thread-.patch
+Patch0017: backport-selinux-free-memory-in-error-branch.patch
 
 Patch9000: do-malloc-trim-after-load-policy.patch
 
@@ -145,6 +146,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 %{_mandir}/ru/man8/*
 
 %changelog
+* Mon Sep 01 2025 yanglongkang <yanglongkang@h-partners.com> - 3.5-6
+- backport upstream patches
+
 * Thu Aug 14 2025 hugel <gengqihu2@h-partners.com> - 3.5-5
 - backport upstream patches
 
-- 
Gitee