security: fix use-after-free in virSecuritySELinuxReserveLabel

commit 2e668a61d5ae4("Fix error handling when adding MCS labels") uses
the 'pctx' in virReportError after it has been freed. Fix it.

Fixes: 2e668a61d5ae4cbd6f79e096d0c394f186e132bd
Signed-off-by: Zhenyu Ye <yezhenyu2@huawei.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9ff35a7be557643657e04135ac9f68ac853bdc7e..0e5ea0366dd5a8d89a7a3337e1ad37e301102e17 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -967,7 +967,6 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
     }
 
     ctx = context_new(pctx);
-    freecon(pctx);
     if (!ctx)
         goto error;
 
@@ -985,11 +984,13 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
         goto error;
     }
 
+    freecon(pctx);
     context_free(ctx);
 
     return 0;
 
  error:
+    freecon(pctx);
     context_free(ctx);
     return -1;
 }