Message ID | 20220829122840.qbxef3urreybaqxm@jmarcin-t14s-01 (mailing list archive) |
---|---|
State | Accepted |
Commit | c916f0884bd0 |
Headers | show |
Series | checkpolicy: avoid passing NULL pointer to memset() | expand |
On Mon, Aug 29, 2022 at 8:49 AM Juraj Marcin <juraj@jurajmarcin.com> wrote: > > Function `class_perm_node_init()` is called with `dest_perms` before it > is checked that its allocation succeeded. If the allocation fails, then > a NULL pointer is passed to `memset()` inside the > `class_perm_node_init()` function. > > Signed-off-by: Juraj Marcin <juraj@jurajmarcin.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > checkpolicy/policy_define.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > index f3b48870..54bb304b 100644 > --- a/checkpolicy/policy_define.c > +++ b/checkpolicy/policy_define.c > @@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) > src_perms = src->perms; > while (src_perms) { > dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t)); > - class_perm_node_init(dest_perms); > if (!dest_perms) { > yyerror("out of memory"); > return -1; > } > + class_perm_node_init(dest_perms); > + > if (!dest->perms) > dest->perms = dest_perms; > else > -- > 2.37.1 >
On Mon, Aug 29, 2022 at 2:50 PM James Carter <jwcart2@gmail.com> wrote: > > On Mon, Aug 29, 2022 at 8:49 AM Juraj Marcin <juraj@jurajmarcin.com> wrote: > > > > Function `class_perm_node_init()` is called with `dest_perms` before it > > is checked that its allocation succeeded. If the allocation fails, then > > a NULL pointer is passed to `memset()` inside the > > `class_perm_node_init()` function. > > > > Signed-off-by: Juraj Marcin <juraj@jurajmarcin.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > checkpolicy/policy_define.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > > index f3b48870..54bb304b 100644 > > --- a/checkpolicy/policy_define.c > > +++ b/checkpolicy/policy_define.c > > @@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) > > src_perms = src->perms; > > while (src_perms) { > > dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t)); > > - class_perm_node_init(dest_perms); > > if (!dest_perms) { > > yyerror("out of memory"); > > return -1; > > } > > + class_perm_node_init(dest_perms); > > + > > if (!dest->perms) > > dest->perms = dest_perms; > > else > > -- > > 2.37.1 > >
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index f3b48870..54bb304b 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) src_perms = src->perms; while (src_perms) { dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t)); - class_perm_node_init(dest_perms); if (!dest_perms) { yyerror("out of memory"); return -1; } + class_perm_node_init(dest_perms); + if (!dest->perms) dest->perms = dest_perms; else
Function `class_perm_node_init()` is called with `dest_perms` before it is checked that its allocation succeeded. If the allocation fails, then a NULL pointer is passed to `memset()` inside the `class_perm_node_init()` function. Signed-off-by: Juraj Marcin <juraj@jurajmarcin.com> --- checkpolicy/policy_define.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)