topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-11-30 15:00:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

libsepol/cil: propagate failure of cil_fill_list()

Browse Source 
OSS-Fuzz found a Null-dereference READ in the CIL compiler when trying
to compile the following policy:

    (optional o (validatetrans x (eq t3 (a ()))))

With some logs, secilc reports:

    Invalid syntax
    Destroying Parse Tree
    Resolving AST
    Failed to resolve validatetrans statement at fuzz:1
    Disabling optional 'o' at tmp.cil:1

So there is an "Invalid syntax" error, but the compilation continues.
Fix this issue by stopping the compilation when cil_fill_list() reports
an error:

    Invalid syntax
    Bad expression tree for constraint
    Bad validatetrans declaration at tmp.cil:1

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29061
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2020-12-30 21:11:41 +01:00 committed by James Carter
parent 6c8fca1045
commit e2d018423d
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libsepol/cil/src/cil_build_ast.c
View File

@ -2713,7 +2713,11 @@ static int __cil_fill_constraint_leaf_expr(struct cil_tree_node *current, enum c
cil_list_append(*leaf_expr, CIL_STRING, current->next->next->data);
} else if (r_flavor == CIL_LIST) {
struct cil_list *sub_list;
cil_fill_list(current->next->next->cl_head, leaf_expr_flavor, &sub_list);
rc = cil_fill_list(current->next->next->cl_head, leaf_expr_flavor, &sub_list);
if (rc != SEPOL_OK) {
cil_list_destroy(leaf_expr, CIL_TRUE);
goto exit;
}
cil_list_append(*leaf_expr, CIL_LIST, sub_list);
} else {
cil_list_append(*leaf_expr, CIL_CONS_OPERAND, (void *)r_flavor);