Nicolas Iooss 78d458d163 libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs ... OSS-Fuzz found a memory leak when trying to compile the following policy: (class CLASS (PERM ioctl)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category CAT) (categoryorder (CAT)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (CAT)) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (CAT)))) (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) (permissionx ioctl_test (ioctl CLASS (and (range 0x1600 0x19FF) (not (range 0x1750 0x175F))))) (allowx TYPE TYPE ioctl_test) (boolean BOOLEAN false) (booleanif (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (not (xor (eq BOOLEAN BOOLEAN) (and (eq BOOLEAN BOOLEAN) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) BOOLEAN ) ) ) (true (allow TYPE TYPE (CLASS (PERM))) ) ) When the CIL compiler reports "Conditional expression exceeded max allowable depth" because of the loooooong expression in the booleanif statement, cil_binary_create_allocated_pdb returns without freeing the memory which was allocated to store the keys and values of hash table avrulex_ioctl_table. Fix this by moving the freeing logic to a dedicated destructor function and calling it in the exit block of cil_binary_create_allocated_pdb. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28618 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>		2021-03-17 08:46:36 +01:00
..
include/cil	libsepol/cil: constify some strings	2021-01-05 10:33:24 -05:00
src	libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs	2021-03-17 08:46:36 +01:00
test	libsepol: Move secilc out of libsepol	2015-03-31 12:31:38 -04:00
.gitignore	Merge commit '76ba6eaa7333483a8cc0c73a7880f7acf99c2656'	2015-02-18 09:25:20 -05:00