1d4c1811b8
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/libsepol.git#459a123b94fc6faafea7ec93b0e9cb004219cd44
67 lines
2.2 KiB
Diff
67 lines
2.2 KiB
Diff
From c97d63c6b40c71c693d3b5bb25628869a95dff24 Mon Sep 17 00:00:00 2001
|
|
From: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
Date: Sat, 3 Oct 2020 15:56:58 +0200
|
|
Subject: [PATCH] libsepol: silence potential NULL pointer dereference warning
|
|
|
|
When find_avtab_node() is called with key->specified & AVTAB_XPERMS and
|
|
xperms=NULL, xperms is being dereferenced. This is detected as a
|
|
"NULL pointer dereference issue" by static analyzers.
|
|
|
|
Even though it does not make much sense to call find_avtab_node() in a
|
|
way which triggers the NULL pointer dereference issue, static analyzers
|
|
have a hard time with calls such as:
|
|
|
|
node = find_avtab_node(handle, avtab, &avkey, cond, NULL);
|
|
|
|
... where xperms=NULL.
|
|
|
|
So, make the function report an error instead of crashing.
|
|
|
|
Here is an example of report from clang's static analyzer:
|
|
https://558-118970575-gh.circle-artifacts.com/0/output-scan-build/2020-10-02-065849-6375-1/report-d86a57.html#EndPath
|
|
|
|
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
---
|
|
libsepol/src/expand.c | 23 ++++++++++++++---------
|
|
1 file changed, 14 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
|
|
index 19e48c507236..eac7e4507d02 100644
|
|
--- a/libsepol/src/expand.c
|
|
+++ b/libsepol/src/expand.c
|
|
@@ -1570,17 +1570,22 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
|
|
|
|
/* AVTAB_XPERMS entries are not necessarily unique */
|
|
if (key->specified & AVTAB_XPERMS) {
|
|
- node = avtab_search_node(avtab, key);
|
|
- while (node) {
|
|
- if ((node->datum.xperms->specified == xperms->specified) &&
|
|
- (node->datum.xperms->driver == xperms->driver)) {
|
|
- match = 1;
|
|
- break;
|
|
+ if (xperms == NULL) {
|
|
+ ERR(handle, "searching xperms NULL");
|
|
+ node = NULL;
|
|
+ } else {
|
|
+ node = avtab_search_node(avtab, key);
|
|
+ while (node) {
|
|
+ if ((node->datum.xperms->specified == xperms->specified) &&
|
|
+ (node->datum.xperms->driver == xperms->driver)) {
|
|
+ match = 1;
|
|
+ break;
|
|
+ }
|
|
+ node = avtab_search_node_next(node, key->specified);
|
|
}
|
|
- node = avtab_search_node_next(node, key->specified);
|
|
+ if (!match)
|
|
+ node = NULL;
|
|
}
|
|
- if (!match)
|
|
- node = NULL;
|
|
} else {
|
|
node = avtab_search_node(avtab, key);
|
|
}
|
|
--
|
|
2.29.0.rc2
|
|
|