mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-11-27 13:30:48 +00:00
libsepol/cil: Properly check for parameter when inserting name
File names for typetransition rules are stored in their own datums. This allows them to be passed as a parameter, but there needs to be a check in __cil_insert_name() so that parameter names are not mistaken for file name strings. This check did not verify that a matching parameter name had the flavor of CIL_NAME. Check that the parameter flavor is CIL_NAME and that the paramter name matches the file name to be stored in the datum. This bug was found by the secilc-fuzzer. Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
parent
b57535318a
commit
05d1c66aaa
@ -87,7 +87,8 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
|
||||
if (macro != NULL && macro->params != NULL) {
|
||||
struct cil_list_item *item;
|
||||
cil_list_for_each(item, macro->params) {
|
||||
if (((struct cil_param*)item->data)->str == key) {
|
||||
struct cil_param *param = item->data;
|
||||
if (param->flavor == CIL_NAME && param->str == key) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user