[1/5] libsepol: do not call a NULL function in additive_scopes_to_cil()

Commit Message

Nicolas Iooss Nov. 22, 2016, 10:23 p.m. UTC

When hll/pp operates on an invalid policy module which defines blocks
with non-empty decl->symtab[SYM_COMMONS], additive_scopes_to_cil_map()
calls func_to_cil[SYM_COMMONS], which is NULL.

In additive_scopes_to_cil(), filter out NULL elements of func_to_cil
before calling additive_scopes_to_cil_map().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/src/module_to_cil.c | 3 +++
 1 file changed, 3 insertions(+)

Patch

diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index b7d3b5eb57eb..ab3ac03d7895 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -3530,6 +3530,9 @@  static int additive_scopes_to_cil(int indent, struct policydb *pdb, struct avrul
 	struct avrule_decl *decl = stack_peek(decl_stack);
 
 	for (args.sym_index = 0; args.sym_index < SYM_NUM; args.sym_index++) {
+		if (func_to_cil[args.sym_index] == NULL) {
+			continue;
+		}
 		rc = hashtab_map(decl->symtab[args.sym_index].table, additive_scopes_to_cil_map, &args);
 		if (rc != 0) {
 			goto exit;