[2/5] libsepol/cil: destroy bitmap when __cil_permx_str_to_int() fails

Commit Message

Nicolas Iooss Feb. 19, 2017, 10:30 a.m. UTC

When __cil_permx_to_bitmap() calls __cil_permx_str_to_int() on an
invalid number, local variablt "bitmap" is left initialized when the
function returns and its memory is leaked.

This memory leak has been found by running clang's Address Sanitizer on
a set of policies generated by American Fuzzy Lop.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/cil/src/cil_post.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

James Carter Feb. 21, 2017, 6:55 p.m. UTC | #1

On 02/19/2017 05:30 AM, Nicolas Iooss wrote:
> When __cil_permx_to_bitmap() calls __cil_permx_str_to_int() on an
> invalid number, local variablt "bitmap" is left initialized when the
> function returns and its memory is leaked.
>
> This memory leak has been found by running clang's Address Sanitizer on
> a set of policies generated by American Fuzzy Lop.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

For this one I decided to move the ebitmap_init() call to right before the 
ebitmap_set_bit() call. This seemed to fit the style of the other functions in 
cil_post.c a bit better.

I applied the other four patches.

Thanks,
Jim

> ---
>  libsepol/cil/src/cil_post.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
> index 687962eae5ee..2de55b562b8f 100644
> --- a/libsepol/cil/src/cil_post.c
> +++ b/libsepol/cil/src/cil_post.c
> @@ -806,13 +806,13 @@ static int __cil_permx_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitm
>
>  	if (ebitmap_set_bit(bitmap, (unsigned int)val, 1)) {
>  		cil_log(CIL_ERR, "Failed to set permissionx bit\n");
> -		ebitmap_destroy(bitmap);
>  		goto exit;
>  	}
>
>  	return SEPOL_OK;
>
>  exit:
> +	ebitmap_destroy(bitmap);
>  	return rc;
>  }
>
>

Patch

diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index 687962eae5ee..2de55b562b8f 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -806,13 +806,13 @@  static int __cil_permx_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitm
 
 	if (ebitmap_set_bit(bitmap, (unsigned int)val, 1)) {
 		cil_log(CIL_ERR, "Failed to set permissionx bit\n");
-		ebitmap_destroy(bitmap);
 		goto exit;
 	}
 
 	return SEPOL_OK;
 
 exit:
+	ebitmap_destroy(bitmap);
 	return rc;
 }