| Message ID | 20231129174246.188157-1-jwcart2@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 2752043dabf2 |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | libsepol/cil: Clear AST node after destroying bad filecon rule | expand |
On Wed, Nov 29, 2023 at 12:42 PM James Carter <jwcart2@gmail.com> wrote: > > Commit fb0a4ce1 (libsepol/cil: Allow paths in filecon rules to be > passed as arguments) changed when the new AST node data would be set > to point to the new filecon struct when creating a filecon rule. > This causes cil_destroy_filecon() to be called twice on the filecon > struct if there is an error when creating the filecon rule. > > If there is an error when creating a filecon rule, call > cil_clear_node() after destroying the filecon struct. > > Reported-by: oss-fuzz (issue 64385) > Signed-off-by: James Carter <jwcart2@gmail.com> I plan on merging this patch soon, unless there are any objections. Jim > --- > libsepol/cil/src/cil_build_ast.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c > index be260a31..56dac891 100644 > --- a/libsepol/cil/src/cil_build_ast.c > +++ b/libsepol/cil/src/cil_build_ast.c > @@ -4197,6 +4197,7 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru > exit: > cil_tree_log(parse_current, CIL_ERR, "Bad filecon declaration"); > cil_destroy_filecon(filecon); > + cil_clear_node(ast_node); > return rc; > } > > -- > 2.43.0 >
On Tue, Dec 12, 2023 at 9:11 AM James Carter <jwcart2@gmail.com> wrote: > > On Wed, Nov 29, 2023 at 12:42 PM James Carter <jwcart2@gmail.com> wrote: > > > > Commit fb0a4ce1 (libsepol/cil: Allow paths in filecon rules to be > > passed as arguments) changed when the new AST node data would be set > > to point to the new filecon struct when creating a filecon rule. > > This causes cil_destroy_filecon() to be called twice on the filecon > > struct if there is an error when creating the filecon rule. > > > > If there is an error when creating a filecon rule, call > > cil_clear_node() after destroying the filecon struct. > > > > Reported-by: oss-fuzz (issue 64385) > > Signed-off-by: James Carter <jwcart2@gmail.com> > > I plan on merging this patch soon, unless there are any objections. > Jim > This has been merged. Jim > > --- > > libsepol/cil/src/cil_build_ast.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c > > index be260a31..56dac891 100644 > > --- a/libsepol/cil/src/cil_build_ast.c > > +++ b/libsepol/cil/src/cil_build_ast.c > > @@ -4197,6 +4197,7 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru > > exit: > > cil_tree_log(parse_current, CIL_ERR, "Bad filecon declaration"); > > cil_destroy_filecon(filecon); > > + cil_clear_node(ast_node); > > return rc; > > } > > > > -- > > 2.43.0 > >
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index be260a31..56dac891 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4197,6 +4197,7 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru exit: cil_tree_log(parse_current, CIL_ERR, "Bad filecon declaration"); cil_destroy_filecon(filecon); + cil_clear_node(ast_node); return rc; }
Commit fb0a4ce1 (libsepol/cil: Allow paths in filecon rules to be passed as arguments) changed when the new AST node data would be set to point to the new filecon struct when creating a filecon rule. This causes cil_destroy_filecon() to be called twice on the filecon struct if there is an error when creating the filecon rule. If there is an error when creating a filecon rule, call cil_clear_node() after destroying the filecon struct. Reported-by: oss-fuzz (issue 64385) Signed-off-by: James Carter <jwcart2@gmail.com> --- libsepol/cil/src/cil_build_ast.c | 1 + 1 file changed, 1 insertion(+)