<br>Fix for bug reported to selinux list (<a href="http://www.nsa.gov/research/selinux/list-archive/1001/31388.shtml">http://www.nsa.gov/research/selinux/list-archive/1001/31388.shtml</a>). <br>Fixes the handling of cases where the sensitivity level of the context contains a mix of raw and <br>
translated levels (ex. s0-SystemHigh or SystemLow-s15:c0.c1023).<br>---<br><br> mcstrans.c |   87 +++++++++++++++++++++++++++++++++++++------------------------<br> 1 file changed, 54 insertions(+), 33 deletions(-)<br><br>
--- mcstrans-0.3.1/src/mcstrans.c    2009-02-16 13:01:15.000000000 -0600<br>+++ mcstrans-0.3.1/src/mcstrans.c.mixed-range    2010-07-12 16:54:08.921270080 -0500<br>@@ -1228,6 +1228,13 @@ trans_context(const security_context_t i<br>
                 ltrans = compute_trans_from_raw(lrange, domain);<br>                 if (ltrans)<br>                     add_cache(domain, lrange, ltrans);<br>+                else {<br>+                    ltrans = strdup(lrange);<br>
+                    if (! ltrans) {<br>+                        log_error(&quot;strdup failed %s&quot;, strerror(errno));<br>+                        exit(1);<br>+                    }<br>+                }<br>             }<br>
 <br>             utrans = find_in_hashtable(urange, domain, domain-&gt;raw_to_trans);<br>@@ -1235,24 +1242,30 @@ trans_context(const security_context_t i<br>                 utrans = compute_trans_from_raw(urange, domain);<br>
                 if (utrans)<br>                     add_cache(domain, urange, utrans);<br>+                else {<br>+                    utrans = strdup(urange);<br>+                    if (! utrans) {<br>+                        log_error(&quot;strdup failed %s&quot;, strerror(errno));<br>
+                         exit(1);<br>+                     }<br>+                 }<br>             }<br> <br>-            if (ltrans &amp;&amp; utrans) {<br>-                if (strcmp(ltrans, utrans) == 0) {<br>-                    if (asprintf(&amp;trans, &quot;%s&quot;, ltrans) &lt; 0) {<br>
-                        log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>-                        exit(1);<br>-                    }<br>-                } else {<br>-                    if (asprintf(&amp;trans, &quot;%s-%s&quot;, ltrans, utrans) &lt; 0) {<br>
-                        log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>-                        exit(1);<br>-                    }<br>+            if (strcmp(ltrans, utrans) == 0) {<br>+                if (asprintf(&amp;trans, &quot;%s&quot;, ltrans) &lt; 0) {<br>
+                    log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>+                    exit(1);<br>+                }<br>+            } else {<br>+                if (asprintf(&amp;trans, &quot;%s-%s&quot;, ltrans, utrans) &lt; 0) {<br>
+                    log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>+                    exit(1);<br>                 }<br>-                free(ltrans);<br>-                free(utrans);<br>-                break;<br>
             }<br>+            free(ltrans);<br>+            free(utrans);<br>+            *dashp = &#39;-&#39;;<br>+            break;<br>         }<br>         if (dashp)<br>             *dashp = &#39;-&#39;;<br>@@ -1333,6 +1346,12 @@ untrans_context(const security_context_t<br>
                     if (canonical)<br>                         free(canonical);<br>                     add_cache(domain, lraw, lrange);<br>+                } else {<br>+                    lraw = strdup(lrange);<br>+                    if (! lraw) {<br>
+                        log_error(&quot;strdup failed %s&quot;, strerror(errno));<br>+                        exit(1);<br>+                    }<br>                 }<br>             }<br> <br>@@ -1349,32 +1368,34 @@ untrans_context(const security_context_t<br>
                     if (canonical)<br>                         free(canonical);<br>                     add_cache(domain, uraw, urange);<br>+                } else {<br>+                    uraw = strdup(urange);<br>+                    if (! uraw) {<br>
+                        log_error(&quot;strdup failed %s&quot;, strerror(errno));<br>+                        exit(1);<br>+                    }<br>                 }<br>             }<br> <br> <br>-            if (lraw &amp;&amp; uraw) {<br>
-                if (strcmp(lraw, uraw) == 0) {<br>-                    if (asprintf(&amp;raw, &quot;%s&quot;, lraw) &lt; 0) {<br>-                        log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>-                        exit(1);<br>
-                    }<br>-                } else {<br>-                    if (asprintf(&amp;raw, &quot;%s-%s&quot;, lraw, uraw) &lt; 0) {<br>-                        log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>
-                        exit(1);<br>-                    }<br>+            if (strcmp(lraw, uraw) == 0) {<br>+                if (asprintf(&amp;raw, &quot;%s&quot;, lraw) &lt; 0) {<br>+                    log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>
+                    exit(1);<br>+                }<br>+            } else {<br>+                if (asprintf(&amp;raw, &quot;%s-%s&quot;, lraw, uraw) &lt; 0) {<br>+                    log_error(&quot;asprintf failed %s&quot;, strerror(errno));<br>
+                    exit(1);<br>                 }<br>-                free(lraw);<br>-                free(uraw);<br>-                break;<br>-            }<br>-            if (lraw)<br>-                free(lraw);<br>
-            if (uraw)<br>-                free(uraw);<br>+            }<br>+            free(lraw);<br>+            free(uraw);<br>             *dashp = &#39;-&#39;;<br>+            break;<br>         }<br>+        if (dashp)<br>
+            *dashp = &#39;-&#39;;<br>     }<br> <br>     if (raw) {<br><br>