From 936533d6dc80e332ef9bee6c3e7e0e87607fb4e9 Mon Sep 17 00:00:00 2001
From: luhuaxin <1539327763@qq.com>
Date: Thu, 17 Jun 2021 20:36:30 +0800
Subject: [PATCH] fix use after free in parse_module_store

---
 ...use-after-free-in-parse_module_store.patch | 34 +++++++++++++++++++
 libsemanage.spec                              |  7 +++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 libsemanage-Fix-use-after-free-in-parse_module_store.patch

diff --git a/libsemanage-Fix-use-after-free-in-parse_module_store.patch b/libsemanage-Fix-use-after-free-in-parse_module_store.patch
new file mode 100644
index 0000000..5f8096a
--- /dev/null
+++ b/libsemanage-Fix-use-after-free-in-parse_module_store.patch
@@ -0,0 +1,34 @@
+From 58acebb85887cb25d729ac9cab51e63a8f5b7918 Mon Sep 17 00:00:00 2001
+From: luhuaxin <1539327763@qq.com>
+Date: Wed, 9 Jun 2021 21:32:32 +0800
+Subject: [PATCH] libsemanage: Fix use after free in parse_module_store
+
+The passed arg will be freed after this function call.
+
+Signed-off-by: luhuaxin <1539327763@qq.com>
+---
+ src/conf-parse.y | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/conf-parse.y b/src/conf-parse.y
+index 9bf9364..eac9134 100644
+--- a/src/conf-parse.y
++++ b/src/conf-parse.y
+@@ -516,12 +516,12 @@ static int parse_module_store(char *arg)
+ 		char *s;
+ 		current_conf->store_type = SEMANAGE_CON_POLSERV_REMOTE;
+ 		if ((s = strchr(arg, ':')) == NULL) {
+-			current_conf->store_path = arg;
++			current_conf->store_path = strdup(arg);
+ 			current_conf->server_port = 4242;
+ 		} else {
+ 			char *endptr;
+ 			*s = '\0';
+-			current_conf->store_path = arg;
++			current_conf->store_path = strdup(arg);
+ 			current_conf->server_port = strtol(s + 1, &endptr, 10);
+ 			if (*(s + 1) == '\0' || *endptr != '\0') {
+ 				return -2;
+-- 
+1.8.3.1
+
diff --git a/libsemanage.spec b/libsemanage.spec
index ca595cb..082278d 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -3,7 +3,7 @@
 
 Name:    libsemanage
 Version: 3.1
-Release: 4
+Release: 5
 License: LGPLv2+
 Summary: SELinux binary policy manipulation library
 URL:     https://github.com/SELinuxProject/selinux/wiki
@@ -11,6 +11,7 @@ Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/li
 Source1: semanage.conf
 
 Patch9000: fix-test-failure-with-secilc.patch
+Patch9001: libsemanage-Fix-use-after-free-in-parse_module_store.patch
 
 BuildRequires: gcc python3-devel bison flex bzip2-devel audit-libs-devel
 BuildRequires: libselinux-devel >= %{libselinux_version} swig  libsepol-devel >= %{libsepol_version}
@@ -104,6 +105,9 @@ make test
 
 
 %changelog
+* Thu Jul 17 2021 luhuaxin <1539327763@qq.com> - 3.1-5
+- fix use after free in semanage config parse
+
 * Sat May 22 2021 Hugel<gengqihu1@huawei.com> - 3.1-4
 - enabel make test
 
@@ -121,3 +125,4 @@ make test
 
 * Thu Sep 5 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.9-1
 - Package init
+libsemanage-Fix-use-after-free-in-parse_module_store.patch
-- 
Gitee