diff --git a/backport-CVE-2021-36086.patch b/backport-CVE-2021-36086.patch new file mode 100644 index 0000000000000000000000000000000000000000..a6e98999472c7aee8125b53fd2bcde514da72f47 --- /dev/null +++ b/backport-CVE-2021-36086.patch @@ -0,0 +1,36 @@ +From c49a8ea09501ad66e799ea41b8154b6770fec2c8 Mon Sep 17 00:00:00 2001 +From: James Carter +Date: Thu, 8 Apr 2021 13:32:06 -0400 +Subject: [PATCH] libsepol/cil: cil_reset_classperms_set() should not reset + classpermission + +In struct cil_classperms_set, the set field is a pointer to a +struct cil_classpermission which is looked up in the symbol table. +Since the cil_classperms_set does not create the cil_classpermission, +it should not reset it. + +Set the set field to NULL instead of resetting the classpermission +that it points to. + +Signed-off-by: James Carter +--- + libsepol/cil/src/cil_reset_ast.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c +index 89f91e568..1d9ca704e 100644 +--- a/libsepol/cil/src/cil_reset_ast.c ++++ b/libsepol/cil/src/cil_reset_ast.c +@@ -59,7 +59,11 @@ static void cil_reset_classpermission(struct cil_classpermission *cp) + + static void cil_reset_classperms_set(struct cil_classperms_set *cp_set) + { +- cil_reset_classpermission(cp_set->set); ++ if (cp_set == NULL) { ++ return; ++ } ++ ++ cp_set->set = NULL; + } + + static inline void cil_reset_classperms_list(struct cil_list *cp_list) diff --git a/libsepol.spec b/libsepol.spec index e81bac4db8f6bb46869bc8e6240fe2ed86e4091f..6ffc85cf2cb16f3dab7250fcfc8da038977dc355 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -1,6 +1,6 @@ Name: libsepol Version: 3.1 -Release: 7 +Release: 8 Summary: SELinux binary policy manipulation library License: LGPLv2+ URL: https://github.com/SELinuxProject/selinux/wiki/Releases @@ -47,6 +47,7 @@ Patch37: backport-libsepol-cil-fix-NULL-pointer-dereference-in-__cil_i.pa Patch38: backport-libsepol-cil-Properly-check-for-parameter-when-inser.patch Patch39: backport-libsepol-cil-Reset-expandtypeattribute-rules-when-re.patch Patch40: backport-libsepol-cil-do-not-allow-0-in-quoted-strings.patch +Patch41: backport-CVE-2021-36086.patch BuildRequires: gcc flex @@ -106,6 +107,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install %{_mandir}/man3/* %changelog +* Thu Jul 7 2022 panxiaohe - 3.1-8 +- fix CVE-2021-36086 + * Tue Feb 15 2022 panxiaohe - 3.1-7 - libsepol/cil: do not allow \0 in quoted strings