fapolicyd/fapolicyd-infinite-loop.patch

From baf402ccaf16bc993ce34d4e4ed08aa283cd2c94 Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Fri, 18 Jul 2025 10:55:12 +0200
Subject: [PATCH] Fix an infinite loop

- either malloc fail or corruped data from lmdb can cause
"fapolicyd -D" to hang in infinite loop

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
 src/cli/fapolicyd-cli.c | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/src/cli/fapolicyd-cli.c b/src/cli/fapolicyd-cli.c
index 0c72733c..7eddf4e2 100644
--- a/src/cli/fapolicyd-cli.c
+++ b/src/cli/fapolicyd-cli.c
@@ -185,33 +185,35 @@ static int do_dump_db(void)
 		goto txn_abort;
 	}
 	do {
-		char *path, *data, sha[65];
+		char *path = NULL, *data = NULL, sha[65];
 		unsigned int tsource;
 		off_t size;
 		const char *source;
 
-		path = malloc(key.mv_size+1);
+		path = malloc(key.mv_size + 1);
 		if (!path)
-			continue;
+			goto next_record;
+
 		memcpy(path, key.mv_data, key.mv_size);
 		path[key.mv_size] = 0;
-		data = malloc(val.mv_size+1);
-		if (!data) {
-			free(path);
-			continue;
-		}
+		data = malloc(val.mv_size + 1);
+
+		if (!data)
+			goto next_record;
+
 		memcpy(data, val.mv_data, val.mv_size);
 		data[val.mv_size] = 0;
-		if (sscanf(data, DATA_FORMAT, &tsource, &size, sha) != 3) {
-			free(data);
-			free(path);
-			continue;
-		}
+
+		if (sscanf(data, DATA_FORMAT, &tsource, &size, sha) != 3)
+			goto next_record;
+
 		source = lookup_tsource(tsource);
 		printf("%s %s %lu %s\n", source, path, size, sha);
+
+next_record:
 		free(data);
 		free(path);
-		// Try to get the duplicate. If doesn't exist, get the next one
+		// Try to get the duplicate. If it doesn't exist, get the next one
 		rc = mdb_cursor_get(cursor, &key, &val, MDB_NEXT_DUP);
 		if (rc == MDB_NOTFOUND)
 			rc = mdb_cursor_get(cursor, &key, &val, MDB_NEXT_NODUP);