diff mbox

[1/1] libsepol/cil: call cil_reset_context() when context is not NULL

Message ID 20170605114741.12279-1-nicolas.iooss@m4x.org (mailing list archive)
State Not Applicable
Headers show

Commit Message

Nicolas Iooss June 5, 2017, 11:47 a.m. UTC 
cil_reset_context() dereferences its argument, which is thus expected
not to be NULL. The if statement in cil_reset_ibpkeycon() verified the
opposite condition. Fix this.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/cil/src/cil_reset_ast.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

James Carter June 5, 2017, 3:58 p.m. UTC | #1 
On 06/05/2017 07:47 AM, Nicolas Iooss wrote:
> cil_reset_context() dereferences its argument, which is thus expected
> not to be NULL. The if statement in cil_reset_ibpkeycon() verified the
> opposite condition. Fix this.
> 
> This issue has been found using clang's static analyzer.
> 
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Thanks for the report.

> ---
>   libsepol/cil/src/cil_reset_ast.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
> index 73034a97956b..dd047c8e0409 100644
> --- a/libsepol/cil/src/cil_reset_ast.c
> +++ b/libsepol/cil/src/cil_reset_ast.c
> @@ -290,7 +290,7 @@ static void cil_reset_filecon(struct cil_filecon *filecon)
>   
>   static void cil_reset_ibpkeycon(struct cil_ibpkeycon *ibpkeycon)
>   {
> -	if (!ibpkeycon->context)
> +	if (ibpkeycon->context)
>   		cil_reset_context(ibpkeycon->context);
>   }
>   
> 

The real issue is that it should be checking ibpkeycon->context_str instead.

I have merged a fix crediting you with reporting the issue.

Jim
diff mbox

Patch

diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index 73034a97956b..dd047c8e0409 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -290,7 +290,7 @@  static void cil_reset_filecon(struct cil_filecon *filecon)
 
 static void cil_reset_ibpkeycon(struct cil_ibpkeycon *ibpkeycon)
 {
-	if (!ibpkeycon->context)
+	if (ibpkeycon->context)
 		cil_reset_context(ibpkeycon->context);
 }