topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-12-11 13:26:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

libsepol/cil: fix NULL pointer dereference when copying classpermission/set

Browse Source 
When copying classpermission or classpermissionset statements, we did
not properly initialize the new structs. This would cause a segfault
when one used either of these statements inside a tunableif block, e.g.

  (tunableif foo
    (true
      (classpermissionset cps (cls (perm1 perm2))))
    (false
      (classpermissionset cps (cls (perm1)))))

Reported-by: Dominick Grift <dac.override@gmail.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This commit is contained in:
Steve Lawrence 2015-09-09 15:09:29 -04:00 committed by James Carter
parent 8f13ce624d
commit 1fe89056ea
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libsepol/cil/src/cil_copy_ast.c
View File

@ -282,6 +282,8 @@ int cil_copy_classpermission(__attribute__((unused)) struct cil_db *db, void *da
}
}
cil_classpermission_init(&new);
cil_copy_classperms_list(orig->classperms, &new->classperms);
*copy = new;
@ -294,6 +296,8 @@ int cil_copy_classpermissionset(__attribute__((unused)) struct cil_db *db, void
struct cil_classpermissionset *orig = data;
struct cil_classpermissionset *new = NULL;
cil_classpermissionset_init(&new);
new->set_str = orig->set_str;
cil_copy_classperms_list(orig->classperms, &new->classperms);