rpms/checkpolicy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

checkpolicy-2.8-3

Browse Source 
- Check the result value of hashtable_search
- Destroy the class datum if it fails to initialize
This commit is contained in:
Petr Lautrbach 2019-01-21 20:30:01 +01:00
parent 3be8c4c38c
commit f7ff2dd875
2 changed files with 37 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
checkpolicy-fedora.patch
View File

@ -0,0 +1,28 @@
diff --git checkpolicy-2.8/module_compiler.c checkpolicy-2.8/module_compiler.c
index 155702f..ada7cb2 100644
--- checkpolicy-2.8/module_compiler.c
+++ checkpolicy-2.8/module_compiler.c
@@ -802,6 +802,7 @@ int require_class(int pass)
if ((datum = calloc(1, sizeof(*datum))) == NULL ||
symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
yyerror("Out of memory!");
+ class_datum_destroy(datum);
return -1;
}
ret =
diff --git checkpolicy-2.8/policy_define.c checkpolicy-2.8/policy_define.c
index d8788a6..ece10e7 100644
--- checkpolicy-2.8/policy_define.c
+++ checkpolicy-2.8/policy_define.c
@@ -1107,6 +1107,11 @@ int define_level(void)
(cat_datum_t *) hashtab_search(policydbp->p_cats.
table,
(hashtab_key_t) id);
+ if (!cdatum) {
+ yyerror2("unknown category %s", id);
+ free(id);
+ return -1;
+ }
range_start = range_end = cdatum->s.value - 1;
}

14
checkpolicy.spec
View File

@ -1,17 +1,17 @@
%define libselinuxver 2.8-1 %define libselinuxver 2.8-7
%define libsepolver 2.8-1 %define libsepolver 2.8-3
Summary: SELinux policy compiler Summary: SELinux policy compiler
Name: checkpolicy Name: checkpolicy
Version: 2.8 Version: 2.8
Release: 2%{?dist} Release: 3%{?dist}
License: GPLv2 License: GPLv2
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/checkpolicy-2.8.tar.gz Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/checkpolicy-2.8.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run: # run:
# $ VERSION=2.8 ./make-fedora-selinux-patch.sh checkpolicy # $ VERSION=2.8 ./make-fedora-selinux-patch.sh checkpolicy
# HEAD https://github.com/fedora-selinux/selinux/commit/0e84c8fe6bb895d22f706be1c8f59119c6427f64 # HEAD https://github.com/fedora-selinux/selinux/commit/10767636b5d9b8f3fa3cf3815e860f4ca4fcb247
# Patch1: checkpolicy-fedora.patch Patch1: checkpolicy-fedora.patch
Conflicts: selinux-policy-base < 3.13.1-138 Conflicts: selinux-policy-base < 3.13.1-138
BuildRequires: gcc BuildRequires: gcc
BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver} BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver}
@ -56,6 +56,10 @@ install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
%{_bindir}/sedispol %{_bindir}/sedispol
%changelog %changelog
* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
- Check the result value of hashtable_search
- Destroy the class datum if it fails to initialize
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild