From f14d6ab537f34ededd7e5502e21275fa48ac24fb Mon Sep 17 00:00:00 2001 From: Zhenyu Ye Date: Tue, 17 Aug 2021 10:55:24 +0800 Subject: [PATCH] security: fix use-after-free in virSecuritySELinuxReserveLabel commit 2e668a61d5ae4("Fix error handling when adding MCS labels") uses the 'pctx' in virReportError after it has been freed. Fix it. Fixes: 2e668a61d5ae4cbd6f79e096d0c394f186e132bd Signed-off-by: Zhenyu Ye Reviewed-by: Martin Kletzander --- src/security/security_selinux.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 9ff35a7be5..0e5ea0366d 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -967,7 +967,6 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr, } ctx = context_new(pctx); - freecon(pctx); if (!ctx) goto error; @@ -985,11 +984,13 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr, goto error; } + freecon(pctx); context_free(ctx); return 0; error: + freecon(pctx); context_free(ctx); return -1; } -- 2.47.3