From a53ccf39c2793cb5a5894948de41242feea1ea31 Mon Sep 17 00:00:00 2001
From: William Roberts <w.roberts@sta.samsung.com>
Date: Mon, 17 Sep 2012 12:53:44 -0700
Subject: [PATCH] Fix check_seapp segfault and undefined linking err

When LINK_SEPOL_STATIC was not defined, symbol
log_warning was trying to be resolved by the linker.
That symbol was not defined as it should have been
log_warn and not log_warning.

When a key would be validated in key_map_validate(), an
unchecked key, like user, could cuase a segfault when
the se_key was getting free'd no matter what at the end
of the function, even if no se_key was alloc'd.

Change-Id: If334ba7350e6d2ad1fa9bed142bb2fabe7caa057
---
 check_seapp/check_seapp.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/check_seapp/check_seapp.c b/check_seapp/check_seapp.c
index 5865bd0ab..d3a5dda8b 100644
--- a/check_seapp/check_seapp.c
+++ b/check_seapp/check_seapp.c
@@ -277,15 +277,18 @@ static int key_map_validate(key_map *m, int lineno) {
 			log_error("Could not check selinux boolean, error: %s\n",
 					strerror(errno));
 			rc = 0;
-			goto bool_err;
+			sepol_bool_key_free(se_key);
+			goto out;
 		}
 
 		if(!resp) {
 			log_error("Could not find selinux boolean \"%s\" on line: %d in file: %s\n",
 					value, lineno, out_file_name);
 			rc = 0;
-			goto bool_err;
+			sepol_bool_key_free(se_key);
+			goto out;
 		}
+		sepol_bool_key_free(se_key);
 	}
 	else if (!strcasecmp(key, "type") || !strcasecmp(key, "domain")) {
 
@@ -296,7 +299,6 @@ static int key_map_validate(key_map *m, int lineno) {
 		}
 		goto out;
 	}
-
 	else if (!strcasecmp(key, "level")) {
 
 		ret = sepol_mls_check(pol.handle, pol.db, value);
@@ -308,9 +310,6 @@ static int key_map_validate(key_map *m, int lineno) {
 		}
 	}
 
-bool_err:
-	sepol_bool_key_free(se_key);
-
 out:
 	log_info("Key map validate returning: %d\n", rc);
 	return rc;
@@ -619,7 +618,7 @@ static void init() {
 	log_info("Output file set to: %s\n", (out_file_name == NULL) ? "stdout" : out_file_name);
 
 #if !defined(LINK_SEPOL_STATIC)
-	log_warning("LINK_SEPOL_STATIC is not defined\n""Not checking types!");
+	log_warn("LINK_SEPOL_STATIC is not defined\n""Not checking types!");
 #endif
 
 }
-- 
GitLab