Message ID | 20240122135507.63506-3-cgzones@googlemail.com (mailing list archive) |
---|---|
State | Accepted |
Commit | b75bf48b42d9 |
Delegated to: | Petr Lautrbach |
Headers | show |
Series | [01/15] checkpolicy: add libfuzz based fuzzer | expand |
On Mon, Jan 22, 2024 at 9:37 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Free identifiers removed from the queue but not yet owned by the policy > on errors. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > checkpolicy/policy_define.c | 32 ++++++++++++++++++++++++++++---- > 1 file changed, 28 insertions(+), 4 deletions(-) > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > index 260e609d..db7e9d0e 100644 > --- a/checkpolicy/policy_define.c > +++ b/checkpolicy/policy_define.c > @@ -342,6 +342,7 @@ static int read_classes(ebitmap_t *e_classes) > while ((id = queue_remove(id_queue))) { > if (!is_id_in_scope(SYM_CLASSES, id)) { > yyerror2("class %s is not within scope", id); > + free(id); > return -1; > } > cladatum = hashtab_search(policydbp->p_classes.table, id); > @@ -373,15 +374,18 @@ int define_default_user(int which) > while ((id = queue_remove(id_queue))) { > if (!is_id_in_scope(SYM_CLASSES, id)) { > yyerror2("class %s is not within scope", id); > + free(id); > return -1; > } > cladatum = hashtab_search(policydbp->p_classes.table, id); > if (!cladatum) { > yyerror2("unknown class %s", id); > + free(id); > return -1; > } > if (cladatum->default_user && cladatum->default_user != which) { > yyerror2("conflicting default user information for class %s", id); > + free(id); > return -1; > } > cladatum->default_user = which; > @@ -405,15 +409,18 @@ int define_default_role(int which) > while ((id = queue_remove(id_queue))) { > if (!is_id_in_scope(SYM_CLASSES, id)) { > yyerror2("class %s is not within scope", id); > + free(id); > return -1; > } > cladatum = hashtab_search(policydbp->p_classes.table, id); > if (!cladatum) { > yyerror2("unknown class %s", id); > + free(id); > return -1; > } > if (cladatum->default_role && cladatum->default_role != which) { > yyerror2("conflicting default role information for class %s", id); > + free(id); > return -1; > } > cladatum->default_role = which; > @@ -437,15 +444,18 @@ int define_default_type(int which) > while ((id = queue_remove(id_queue))) { > if (!is_id_in_scope(SYM_CLASSES, id)) { > yyerror2("class %s is not within scope", id); > + free(id); > return -1; > } > cladatum = hashtab_search(policydbp->p_classes.table, id); > if (!cladatum) { > yyerror2("unknown class %s", id); > + free(id); > return -1; > } > if (cladatum->default_type && cladatum->default_type != which) { > yyerror2("conflicting default type information for class %s", id); > + free(id); > return -1; > } > cladatum->default_type = which; > @@ -469,15 +479,18 @@ int define_default_range(int which) > while ((id = queue_remove(id_queue))) { > if (!is_id_in_scope(SYM_CLASSES, id)) { > yyerror2("class %s is not within scope", id); > + free(id); > return -1; > } > cladatum = hashtab_search(policydbp->p_classes.table, id); > if (!cladatum) { > yyerror2("unknown class %s", id); > + free(id); > return -1; > } > if (cladatum->default_range && cladatum->default_range != which) { > yyerror2("conflicting default range information for class %s", id); > + free(id); > return -1; > } > cladatum->default_range = which; > @@ -508,6 +521,7 @@ int define_common_perms(void) > comdatum = hashtab_search(policydbp->p_commons.table, id); > if (comdatum) { > yyerror2("duplicate declaration for common %s\n", id); > + free(id); > return -1; > } > comdatum = (common_datum_t *) malloc(sizeof(common_datum_t)); > @@ -770,12 +784,14 @@ int define_sens(void) > while ((id = queue_remove(id_queue))) { > if (id_has_dot(id)) { > yyerror("sensitivity aliases may not contain periods"); > - goto bad_alias; > + free(id); > + return -1; > } > aliasdatum = (level_datum_t *) malloc(sizeof(level_datum_t)); > if (!aliasdatum) { > yyerror("out of memory"); > - goto bad_alias; > + free(id); > + return -1; > } > level_datum_init(aliasdatum); > aliasdatum->isalias = TRUE; > @@ -940,12 +956,14 @@ int define_category(void) > while ((id = queue_remove(id_queue))) { > if (id_has_dot(id)) { > yyerror("category aliases may not contain periods"); > - goto bad_alias; > + free(id); > + return -1; > } > aliasdatum = (cat_datum_t *) malloc(sizeof(cat_datum_t)); > if (!aliasdatum) { > yyerror("out of memory"); > - goto bad_alias; > + free(id); > + return -1; > } > cat_datum_init(aliasdatum); > aliasdatum->isalias = TRUE; > @@ -3722,6 +3740,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > if (!is_id_in_scope(SYM_USERS, id)) { > yyerror2("user %s is not within scope", > id); > + free(id); > constraint_expr_destroy(expr); > return 0; > } > @@ -3733,6 +3752,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > id); > if (!user) { > yyerror2("unknown user %s", id); > + free(id); > constraint_expr_destroy(expr); > return 0; > } > @@ -3742,6 +3762,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > yyerror2("role %s is not within scope", > id); > constraint_expr_destroy(expr); > + free(id); > return 0; > } > role = > @@ -3753,6 +3774,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > if (!role) { > yyerror2("unknown role %s", id); > constraint_expr_destroy(expr); > + free(id); > return 0; > } > val = role->s.value; > @@ -3765,11 +3787,13 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > } else { > yyerror("invalid constraint expression"); > constraint_expr_destroy(expr); > + free(id); > return 0; > } > if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) { > yyerror("out of memory"); > ebitmap_destroy(&expr->names); > + free(id); > constraint_expr_destroy(expr); > return 0; > } > -- > 2.43.0 > >
On Tue, Feb 13, 2024 at 3:34 PM James Carter <jwcart2@gmail.com> wrote: > > On Mon, Jan 22, 2024 at 9:37 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Free identifiers removed from the queue but not yet owned by the policy > > on errors. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > checkpolicy/policy_define.c | 32 ++++++++++++++++++++++++++++---- > > 1 file changed, 28 insertions(+), 4 deletions(-) > > > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > > index 260e609d..db7e9d0e 100644 > > --- a/checkpolicy/policy_define.c > > +++ b/checkpolicy/policy_define.c > > @@ -342,6 +342,7 @@ static int read_classes(ebitmap_t *e_classes) > > while ((id = queue_remove(id_queue))) { > > if (!is_id_in_scope(SYM_CLASSES, id)) { > > yyerror2("class %s is not within scope", id); > > + free(id); > > return -1; > > } > > cladatum = hashtab_search(policydbp->p_classes.table, id); > > @@ -373,15 +374,18 @@ int define_default_user(int which) > > while ((id = queue_remove(id_queue))) { > > if (!is_id_in_scope(SYM_CLASSES, id)) { > > yyerror2("class %s is not within scope", id); > > + free(id); > > return -1; > > } > > cladatum = hashtab_search(policydbp->p_classes.table, id); > > if (!cladatum) { > > yyerror2("unknown class %s", id); > > + free(id); > > return -1; > > } > > if (cladatum->default_user && cladatum->default_user != which) { > > yyerror2("conflicting default user information for class %s", id); > > + free(id); > > return -1; > > } > > cladatum->default_user = which; > > @@ -405,15 +409,18 @@ int define_default_role(int which) > > while ((id = queue_remove(id_queue))) { > > if (!is_id_in_scope(SYM_CLASSES, id)) { > > yyerror2("class %s is not within scope", id); > > + free(id); > > return -1; > > } > > cladatum = hashtab_search(policydbp->p_classes.table, id); > > if (!cladatum) { > > yyerror2("unknown class %s", id); > > + free(id); > > return -1; > > } > > if (cladatum->default_role && cladatum->default_role != which) { > > yyerror2("conflicting default role information for class %s", id); > > + free(id); > > return -1; > > } > > cladatum->default_role = which; > > @@ -437,15 +444,18 @@ int define_default_type(int which) > > while ((id = queue_remove(id_queue))) { > > if (!is_id_in_scope(SYM_CLASSES, id)) { > > yyerror2("class %s is not within scope", id); > > + free(id); > > return -1; > > } > > cladatum = hashtab_search(policydbp->p_classes.table, id); > > if (!cladatum) { > > yyerror2("unknown class %s", id); > > + free(id); > > return -1; > > } > > if (cladatum->default_type && cladatum->default_type != which) { > > yyerror2("conflicting default type information for class %s", id); > > + free(id); > > return -1; > > } > > cladatum->default_type = which; > > @@ -469,15 +479,18 @@ int define_default_range(int which) > > while ((id = queue_remove(id_queue))) { > > if (!is_id_in_scope(SYM_CLASSES, id)) { > > yyerror2("class %s is not within scope", id); > > + free(id); > > return -1; > > } > > cladatum = hashtab_search(policydbp->p_classes.table, id); > > if (!cladatum) { > > yyerror2("unknown class %s", id); > > + free(id); > > return -1; > > } > > if (cladatum->default_range && cladatum->default_range != which) { > > yyerror2("conflicting default range information for class %s", id); > > + free(id); > > return -1; > > } > > cladatum->default_range = which; > > @@ -508,6 +521,7 @@ int define_common_perms(void) > > comdatum = hashtab_search(policydbp->p_commons.table, id); > > if (comdatum) { > > yyerror2("duplicate declaration for common %s\n", id); > > + free(id); > > return -1; > > } > > comdatum = (common_datum_t *) malloc(sizeof(common_datum_t)); > > @@ -770,12 +784,14 @@ int define_sens(void) > > while ((id = queue_remove(id_queue))) { > > if (id_has_dot(id)) { > > yyerror("sensitivity aliases may not contain periods"); > > - goto bad_alias; > > + free(id); > > + return -1; > > } > > aliasdatum = (level_datum_t *) malloc(sizeof(level_datum_t)); > > if (!aliasdatum) { > > yyerror("out of memory"); > > - goto bad_alias; > > + free(id); > > + return -1; > > } > > level_datum_init(aliasdatum); > > aliasdatum->isalias = TRUE; > > @@ -940,12 +956,14 @@ int define_category(void) > > while ((id = queue_remove(id_queue))) { > > if (id_has_dot(id)) { > > yyerror("category aliases may not contain periods"); > > - goto bad_alias; > > + free(id); > > + return -1; > > } > > aliasdatum = (cat_datum_t *) malloc(sizeof(cat_datum_t)); > > if (!aliasdatum) { > > yyerror("out of memory"); > > - goto bad_alias; > > + free(id); > > + return -1; > > } > > cat_datum_init(aliasdatum); > > aliasdatum->isalias = TRUE; > > @@ -3722,6 +3740,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > > if (!is_id_in_scope(SYM_USERS, id)) { > > yyerror2("user %s is not within scope", > > id); > > + free(id); > > constraint_expr_destroy(expr); > > return 0; > > } > > @@ -3733,6 +3752,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > > id); > > if (!user) { > > yyerror2("unknown user %s", id); > > + free(id); > > constraint_expr_destroy(expr); > > return 0; > > } > > @@ -3742,6 +3762,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > > yyerror2("role %s is not within scope", > > id); > > constraint_expr_destroy(expr); > > + free(id); > > return 0; > > } > > role = > > @@ -3753,6 +3774,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > > if (!role) { > > yyerror2("unknown role %s", id); > > constraint_expr_destroy(expr); > > + free(id); > > return 0; > > } > > val = role->s.value; > > @@ -3765,11 +3787,13 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) > > } else { > > yyerror("invalid constraint expression"); > > constraint_expr_destroy(expr); > > + free(id); > > return 0; > > } > > if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) { > > yyerror("out of memory"); > > ebitmap_destroy(&expr->names); > > + free(id); > > constraint_expr_destroy(expr); > > return 0; > > } > > -- > > 2.43.0 > > > >
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 260e609d..db7e9d0e 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -342,6 +342,7 @@ static int read_classes(ebitmap_t *e_classes) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); @@ -373,15 +374,18 @@ int define_default_user(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_user && cladatum->default_user != which) { yyerror2("conflicting default user information for class %s", id); + free(id); return -1; } cladatum->default_user = which; @@ -405,15 +409,18 @@ int define_default_role(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_role && cladatum->default_role != which) { yyerror2("conflicting default role information for class %s", id); + free(id); return -1; } cladatum->default_role = which; @@ -437,15 +444,18 @@ int define_default_type(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_type && cladatum->default_type != which) { yyerror2("conflicting default type information for class %s", id); + free(id); return -1; } cladatum->default_type = which; @@ -469,15 +479,18 @@ int define_default_range(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_range && cladatum->default_range != which) { yyerror2("conflicting default range information for class %s", id); + free(id); return -1; } cladatum->default_range = which; @@ -508,6 +521,7 @@ int define_common_perms(void) comdatum = hashtab_search(policydbp->p_commons.table, id); if (comdatum) { yyerror2("duplicate declaration for common %s\n", id); + free(id); return -1; } comdatum = (common_datum_t *) malloc(sizeof(common_datum_t)); @@ -770,12 +784,14 @@ int define_sens(void) while ((id = queue_remove(id_queue))) { if (id_has_dot(id)) { yyerror("sensitivity aliases may not contain periods"); - goto bad_alias; + free(id); + return -1; } aliasdatum = (level_datum_t *) malloc(sizeof(level_datum_t)); if (!aliasdatum) { yyerror("out of memory"); - goto bad_alias; + free(id); + return -1; } level_datum_init(aliasdatum); aliasdatum->isalias = TRUE; @@ -940,12 +956,14 @@ int define_category(void) while ((id = queue_remove(id_queue))) { if (id_has_dot(id)) { yyerror("category aliases may not contain periods"); - goto bad_alias; + free(id); + return -1; } aliasdatum = (cat_datum_t *) malloc(sizeof(cat_datum_t)); if (!aliasdatum) { yyerror("out of memory"); - goto bad_alias; + free(id); + return -1; } cat_datum_init(aliasdatum); aliasdatum->isalias = TRUE; @@ -3722,6 +3740,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) if (!is_id_in_scope(SYM_USERS, id)) { yyerror2("user %s is not within scope", id); + free(id); constraint_expr_destroy(expr); return 0; } @@ -3733,6 +3752,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) id); if (!user) { yyerror2("unknown user %s", id); + free(id); constraint_expr_destroy(expr); return 0; } @@ -3742,6 +3762,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) yyerror2("role %s is not within scope", id); constraint_expr_destroy(expr); + free(id); return 0; } role = @@ -3753,6 +3774,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) if (!role) { yyerror2("unknown role %s", id); constraint_expr_destroy(expr); + free(id); return 0; } val = role->s.value; @@ -3765,11 +3787,13 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) } else { yyerror("invalid constraint expression"); constraint_expr_destroy(expr); + free(id); return 0; } if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) { yyerror("out of memory"); ebitmap_destroy(&expr->names); + free(id); constraint_expr_destroy(expr); return 0; }
Free identifiers removed from the queue but not yet owned by the policy on errors. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- checkpolicy/policy_define.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-)