mkswap: possible to crash with SELinux relabeling support

When fgetfilecon() is failed with -ENODATA, this process does not
exit.  However, "oldcontext" is not initialized in this case, so
context_new() will be called with uninitialized "oldcontext" at the
next.

Finally, it makes a segmentation fault, because context_new() have to
refer an incorrect memory region.

The attached patch fixes this matter using matchpathcon().  If we
cannot obtain actual file context due to -ENODATA, a context which is
returned by matchpathcon() is applied as oldcontext.  Then, the type
of the context is relabeled to "swapfile_t" explicitly.

Signed-off-by: KaiGai Kohei <kaigai@kaigai.gr.jp>
Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c
index 6af1ff7bb51b779ca7fb213b171132a91ba58bc2..2394368b721326ab0144cb07254ebd6e82dabc30 100644 (file)
--- a/disk-utils/mkswap.c
+++ b/disk-utils/mkswap.c
@@ -738,12 +738,15 @@ the -f option to force it.\n"),
                security_context_t oldcontext;
                context_t newcontext;
 
-               if ((fgetfilecon(DEV, &oldcontext) < 0) &&
-                   (errno != ENODATA)) {
-                       fprintf(stderr, _("%s: %s: unable to obtain selinux file label: %s\n"),
-                                       program_name, device_name,
-                                       strerror(errno));
-                       exit(1);
+               if (fgetfilecon(DEV, &oldcontext) < 0) {
+                       if (errno != ENODATA) {
+                               fprintf(stderr, _("%s: %s: unable to obtain selinux file label: %s\n"),
+                                               program_name, device_name,
+                                               strerror(errno));
+                               exit(1);
+                       }
+                       if (matchpathcon(device_name, statbuf.st_mode, &oldcontext))
+                               die(_("unable to matchpathcon()"));
                }
                if (!(newcontext = context_new(oldcontext)))
                        die(_("unable to create new selinux context"));