diff mbox series

checkpolicy: free role identifier in define_role_dom()

Message ID 20230706162120.25610-1-cgzones@googlemail.com (mailing list archive)
State Rejected
Delegated to: Petr Lautrbach
Headers show
Series checkpolicy: free role identifier in define_role_dom() | expand

Commit Message

Christian Göttsche July 6, 2023, 4:21 p.m. UTC
Free the role identifier in case the role has been already defined
beforehand, since in that case the identifier is not stored via
declare_symbol().

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
Triggered by the checkpolicy round-trip patch in the GitHub CI.
---
 checkpolicy/policy_define.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

James Carter July 14, 2023, 5:34 p.m. UTC | #1
On Thu, Jul 6, 2023 at 12:34 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Free the role identifier in case the role has been already defined
> beforehand, since in that case the identifier is not stored via
> declare_symbol().
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

The right answer here is to just remove role dominance from
checkpolicy. I've sent a patch to the list.
Thanks,
Jim

> ---
> Triggered by the checkpolicy round-trip patch in the GitHub CI.
> ---
>  checkpolicy/policy_define.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index cef8f3c4..e10c92ff 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -3045,7 +3045,11 @@ role_datum_t *define_role_dom(role_datum_t * r)
>                         yyerror("Out of memory!");
>                         goto cleanup;
>                 }
> +       } else {
> +               free(role_id);
> +               role_id = NULL;
>         }
> +
>         if (r) {
>                 ebitmap_t types;
>                 ebitmap_init(&types);
> --
> 2.40.1
>
diff mbox series

Patch

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index cef8f3c4..e10c92ff 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -3045,7 +3045,11 @@  role_datum_t *define_role_dom(role_datum_t * r)
 			yyerror("Out of memory!");
 			goto cleanup;
 		}
+	} else {
+		free(role_id);
+		role_id = NULL;
 	}
+
 	if (r) {
 		ebitmap_t types;
 		ebitmap_init(&types);