[meta-selinux][dunfell][PATCH 2/3] libsepol: Security fix CVE-2021-36085

Home Messages Hashtags Subgroups

#54752

[meta-selinux][dunfell][PATCH 2/3] libsepol: Security fix CVE-2021-36085

Armin Kuster #54752 From: Armin Kuster <akuster@...> Source: https://github.com/SELinuxProject/selinux/ MR: 111857 Type: Security Fix Disposition: Backport from https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba ChangeID: e50ae65189351ee618db2b278ba7105a5728e4c4 Description: Affects: libsepol <= 3.2 Signed-off-by: Armin Kuster <akuster@...> --- .../selinux/libsepol/CVE-2021-36085.patch \| 38 +++++++++++++++++++ recipes-security/selinux/libsepol_3.0.bb \| 1 + 2 files changed, 39 insertions(+) create mode 100644 recipes-security/selinux/libsepol/CVE-2021-36085.patch diff --git a/recipes-security/selinux/libsepol/CVE-2021-36085.patch b/recipes-security/selinux/libsepol/CVE-2021-36085.patch new file mode 100644 index 0000000..4bd05eb --- /dev/null +++ b/recipes-security/selinux/libsepol/CVE-2021-36085.patch @@ -0,0 +1,38 @@ +From 2d35fcc7e9e976a2346b1de20e54f8663e8a6cba Mon Sep 17 00:00:00 2001 +From: James Carter <jwcart2@...> +Date: Thu, 8 Apr 2021 13:32:04 -0400 +Subject: [PATCH] libsepol/cil: Destroy classperm list when resetting map perms + +Map perms share the same struct as regular perms, but only the +map perms use the classperms field. This field is a pointer to a +list of classperms that is created and added to when resolving +classmapping rules, so the map permission doesn't own any of the +data in the list and this list should be destroyed when the AST is +reset. + +When resetting a perm, destroy the classperms list without destroying +the data in the list. + +Signed-off-by: James Carter <jwcart2@...> + +Upstream-Status: Backport +CVE: CVE-2021-36085 +Signed-off-by: Armin Kuster <akuster@...> + +--- + libsepol/cil/src/cil_reset_ast.c \| 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: libsepol-3.0/cil/src/cil_reset_ast.c +=================================================================== +--- libsepol-3.0.orig/cil/src/cil_reset_ast.c ++++ libsepol-3.0/cil/src/cil_reset_ast.c +@@ -34,7 +34,7 @@ static void cil_reset_class(struct cil_c + + static void cil_reset_perm(struct cil_perm perm) + { +- cil_reset_classperms_list(perm->classperms); ++ cil_list_destroy(&perm->classperms, CIL_FALSE); + } + + static inline void cil_reset_classperms(struct cil_classperms cp) diff --git a/recipes-security/selinux/libsepol_3.0.bb b/recipes-security/selinux/libsepol_3.0.bb index 537377b..b7a7071 100644 --- a/recipes-security/selinux/libsepol_3.0.bb +++ b/recipes-security/selinux/libsepol_3.0.bb @@ -10,4 +10,5 @@ SRC_URI += "\ file://0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch \ file://0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch \ file://CVE-2021-36084.patch \ + file://CVE-2021-36085.patch \ " -- 2.25.1
More All Messages By This Member

#54752

Join yocto@lists.yoctoproject.org to automatically receive all group messages.

Home Hashtags Subgroups Terms