URL: https://github.com/SSSD/sssd/pull/224 Author: pbrezina Title: #224: responders: do not leak selinux context on clients destruction Action: opened
PR body: """ The SELinux context created in get_client_cred is not talloc bound and we were leaking it if available with each client's destruction. Resolves: https://pagure.io/SSSD/sssd/issue/3360 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/224/head:pr224 git checkout pr224
From e88cb9da465dacebf5f73d963cd69fd6a428777c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Mon, 3 Apr 2017 12:56:01 +0200 Subject: [PATCH] responders: do not leak selinux context on clients destruction The SELinux context created in get_client_cred is not talloc bound and we were leaking it if available with each client's destruction. Resolves: https://pagure.io/SSSD/sssd/issue/3360 --- src/responder/common/responder_common.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 154d7dc..67e1dee 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -97,7 +97,7 @@ static errno_t get_client_cred(struct cli_ctx *cctx) SEC_CTX secctx; int ret; - cctx->creds = talloc(cctx, struct cli_creds); + cctx->creds = talloc_zero(cctx, struct cli_creds); if (!cctx->creds) return ENOMEM; #ifdef HAVE_UCRED @@ -464,6 +464,22 @@ static void client_fd_handler(struct tevent_context *ev, static errno_t setup_client_idle_timer(struct cli_ctx *cctx); +static int cli_ctx_destructor(struct cli_ctx *cctx) +{ + if (cctx->creds == NULL) { + return 0; + } + + if (cctx->creds->selinux_ctx == NULL) { + return 0; + } + + SELINUX_context_free(cctx->creds->selinux_ctx); + cctx->creds->selinux_ctx = NULL; + + return 0; +} + struct accept_fd_ctx { struct resp_ctx *rctx; bool is_private; @@ -520,6 +536,8 @@ static void accept_fd_handler(struct tevent_context *ev, return; } + talloc_set_destructor(cctx, cli_ctx_destructor); + len = sizeof(cctx->addr); cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len); if (cctx->cfd == -1) {
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org