Bug 1390909

Summary: selabel_lookup() segfaults when path is NULL
Product: Red Hat Enterprise Linux 6 Reporter: Jan Zarsky <jzarsky>
Component: libselinuxAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WONTFIX QA Contact: Jan Zarsky <jzarsky>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.9CC: lvrabec, mgrepl, mmalik, plautrba, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-02 16:59:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Zarsky 2016-11-02 08:54:53 UTC 
Description of problem:
functions selabel_lookup and selabel_lookup_raw 

Version-Release number of selected component (if applicable):
libselinux-2.0.94-7.el6.x86_64

Steps to Reproduce:
1. Run this program:
#include <stdio.h>
#include <selinux/selinux.h>
#include <selinux/label.h>

int main (int argc, char **argv) {
    struct selabel_handle *hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);

    security_context_t selabel_context;

    // path == NULL
    selabel_lookup(hnd, &selabel_context, NULL, 0);

    freecon(selabel_context);
    selabel_close(hnd);
}

Actual results:
Segmentation fault

Expected results:
errno == EINVAL

Additional info:
This bug is fixed in 7.3, upstream fix is here: https://github.com/SELinuxProject/selinux/commit/16a37c9f94c1e2dfb865e17e4200d2824d4971f5
Comment 2 Petr Lautrbach 2016-11-02 16:59:48 UTC 
Red Hat Enterprise Linux version 6 is entering the Production 2 phase of its lifetime and this bug doesn't meet the criteria for it, i.e. only high severity issues will be fixed. Please see https://access.redhat.com/support/policy/updates/errata/ for further information.

This issue is fixed in Red Hat Enterprise Linux version 7