diff mbox series

[5/9] libsepol: reset *p to NULL if sepol_module_package_create fails

Message ID 20190901180636.31586-6-nicolas.iooss@m4x.org (mailing list archive)
State Accepted
Headers show
Series Fix issues found by static analyzers | expand

Commit Message

Nicolas Iooss Sept. 1, 2019, 6:06 p.m. UTC 
semodule-utils/semodule_link/semodule_link.c contains:

    static sepol_module_package_t *load_module(char *filename)
    {
        /* ... */
        if (sepol_module_package_create(&p)) {
            /* ... */
            goto bad;

    /* ... */
    bad:
        sepol_module_package_free(p);

When sepol_module_package_create() fails while having successfully
allocated p, it currently frees p without setting it back to NULL. This
causes a use-after-free in load_module().

Prevent this use-after-free by setting sepol_module_package_create's
argument back to NULL when an error happens.

This issue has been found using Infer static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/src/module.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libsepol/src/module.c b/libsepol/src/module.c
index 219355f30d27..3b8a0a59ca68 100644
--- a/libsepol/src/module.c
+++ b/libsepol/src/module.c
@@ -124,8 +124,10 @@  int sepol_module_package_create(sepol_module_package_t ** p)
 		return -1;
 
 	rc = module_package_init(*p);
-	if (rc < 0)
+	if (rc < 0) {
 		free(*p);
+		*p = NULL;
+	}
 
 	return rc;
 }