Re: [PATCH 5/5] libselinux: remove unused variable usercon

In general this series looks fine. However, checkpatch.pl is complaining about DOS line endings in your patches: For example: ERROR: DOS line endings #325: FILE: libselinux/src/label_file.h:281: +^I^Iint alloc_stems = data->alloc_stems * 2 + 16;^M$ On Fri, Apr 13, 2018 at 1:34 PM, Nicolas Io

[PATCH 2/5] libsepol: ensure the level context is not empty

When load_users() parses an invalid line with an empty level context (ie. nothing between "level" and "range" keywords), it allocates memory with malloc(0) and uses it. The behavior of malloc() in this case is an unspecified behavior: it might return NULL, which would lead to a segmentation fault.

[PATCH 1/5] libsepol: do not dereference NULL if stack_init fails

In cond_expr_to_cil(), when stack_init() fails to allocate a stack, the function calls stack_pop() with stack = NULL. Then stack_pop() dereferences the pointer ("if (stack->pos == -1) {"), which is NULL. Fix this by moving the stack cleaning loop in a "if (stack != NULL)" block. This issue is rep

[PATCH 4/5] libselinux: fix memory leak in getconlist

In getconlist.c's main(), "level" is duplicated from an optional argument without being ever freed. clang's static analyzer warns about this memory leak. Free the allocated memory properly in order to remove a warning reported by clang's static analyzer. Signed-off-by: Nicolas Iooss --- libseli

[PATCH 5/5] libselinux: remove unused variable usercon

In getconlist.c, main() does not use usercon. Remove this variable. Signed-off-by: Nicolas Iooss --- libselinux/utils/getconlist.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c index abfe2c742bfb..5ac0ca85075c

[PATCH 3/5] libselinux: label_file: fix memory management in store_stem()

If store_stem() fails to expand the memory allocated on data->stem_arr, some things go wrong: * the memory referenced by "buf" is leaked, * data->alloc_stems has been increased without data->stem_arr having been expanded. So the next time store_stem() is called, the function will behave as if t

[PATCH] selinux-testsuite: Enhance inet_socket tests

Enhance the tests as follows: 1) Determine number of tests to run with current config. 2) Add CALIPSO STREAM tests (DGRAM not supported in kernel. See [1]). 3) Add support for CIPSO TAGS 1 & 2. Closes [2]. 4) Run scripts using /bin/sh. 5) Shorten sleep time as more tests. [1] https://github.com/SE