[Bug 1851] New: ssh_selinux_setfscreatecon segfaults if SELinux support is compiled in but is disabled at run-time

Thu Jan 27 23:09:38 EST 2011

https://bugzilla.mindrot.org/show_bug.cgi?id=1851

           Summary: ssh_selinux_setfscreatecon segfaults if SELinux
                    support is compiled in but is disabled at run-time
           Product: Portable OpenSSH
           Version: 5.7p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: cjwatson at debian.org

Created attachment 1984
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1984
more error checks in ssh_selinux_setfscreatecon

The Debian/Ubuntu OpenSSH packages are compiled with SELinux support,
but SELinux isn't necessarily available at run-time.  If it's
unavailable, then ssh_selinux_setfscreatecon may crash because it does
not either (a) check ssh_selinux_enabled or (b) check the return value
of matchpathcon.  I suspect it should do both, although I'm not sure
whether any error message is necessary if matchpathcon fails - does
this just mean that the configuration doesn't specify any particular
context?  (I'm not an SELinux expert.)

Patch attached which at least clears up the crash.

(BTW, the indentation in ssh_selinux_setfscreatecon is non-standard.)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.