| Message ID | 20250108163149.104958-2-cgoettsche@seltendoof.de (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [1/2] libsepol/cil: free nlmsg hashtable on error | expand |
On Wed, Jan 8, 2025 at 11:32 AM Christian Göttsche <cgoettsche@seltendoof.de> wrote: > > From: Christian Göttsche <cgzones@googlemail.com> > > Free the hashtable for nlmsg xperm rules similar to the ioctl hashtable. > > Fixes: 1fd41f48 ("libsepol/cil: add support for xperms in conditional policies") > Reported-by: oss-fuzz (issue 388376332) > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> For these two patches: Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/cil/src/cil_binary.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > index 070bf525..e84188a0 100644 > --- a/libsepol/cil/src/cil_binary.c > +++ b/libsepol/cil/src/cil_binary.c > @@ -2616,6 +2616,8 @@ int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct c > return SEPOL_OK; > > exit: > + hashtab_map(avrulex_nlmsg_table, __cil_avrulex_xperm_destroy, NULL); > + hashtab_destroy(avrulex_nlmsg_table); > hashtab_map(avrulex_ioctl_table, __cil_avrulex_xperm_destroy, NULL); > hashtab_destroy(avrulex_ioctl_table); > if (tmp_cond) { > -- > 2.47.1 > >
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 070bf525..e84188a0 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -2616,6 +2616,8 @@ int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct c return SEPOL_OK; exit: + hashtab_map(avrulex_nlmsg_table, __cil_avrulex_xperm_destroy, NULL); + hashtab_destroy(avrulex_nlmsg_table); hashtab_map(avrulex_ioctl_table, __cil_avrulex_xperm_destroy, NULL); hashtab_destroy(avrulex_ioctl_table); if (tmp_cond) {