From: Zhenyu Ye <yezhenyu2@huawei.com>
Date: Tue, 17 Aug 2021 02:55:24 +0000 (+0800)
Subject: security: fix use-after-free in virSecuritySELinuxReserveLabel
X-Git-Tag: v7.7.0-rc1~181
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f14d6ab537f34ededd7e5502e21275fa48ac24fb;p=thirdparty%2Flibvirt.git

security: fix use-after-free in virSecuritySELinuxReserveLabel

commit 2e668a61d5ae4("Fix error handling when adding MCS labels") uses
the 'pctx' in virReportError after it has been freed. Fix it.

Fixes: 2e668a61d5ae4cbd6f79e096d0c394f186e132bd
Signed-off-by: Zhenyu Ye <yezhenyu2@huawei.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
---

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 9ff35a7be5..0e5ea0366d 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -967,7 +967,6 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
     }
 
     ctx = context_new(pctx);
-    freecon(pctx);
     if (!ctx)
         goto error;
 
@@ -985,11 +984,13 @@ virSecuritySELinuxReserveLabel(virSecurityManager *mgr,
         goto error;
     }
 
+    freecon(pctx);
     context_free(ctx);
 
     return 0;
 
  error:
+    freecon(pctx);
     context_free(ctx);
     return -1;
 }