diff mbox series

[2/5] checkpolicy: check identifier before copying

Message ID 20250115131329.132477-1-cgoettsche@seltendoof.de (mailing list archive)
State New
Headers show
Series [1/5] libselinux: set errno in failure case | expand

Commit Message

Christian Göttsche Jan. 15, 2025, 1:13 p.m. UTC 
From: Christian Göttsche <cgzones@googlemail.com>

Avoid calling strdup(3) with a NULL pointer, which can happen with an
invalid policy context, e.g.:

    class C
    sid S
    class C { P }
    ;
    user U roles j;
    sid S s:l:q:q:q

Fixes: 6f2b689f ("checkpolicy: Fix MLS users in optional blocks")
Reported-by: oss-fuzz (issue 390004173)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 checkpolicy/policy_define.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 2f811b67..96a481f7 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -4437,6 +4437,7 @@  static int parse_semantic_categories(char *id, level_datum_t * levdatum __attrib
 
 int define_user(void)
 {
+	const char *username;
 	char *id;
 	user_datum_t *usrdatum, *usr_global;
 	level_datum_t *levdatum;
@@ -4463,7 +4464,13 @@  int define_user(void)
 		return 0;
 	}
 
-	id = strdup(queue_head(id_queue));
+	username = queue_head(id_queue);
+	if (!username) {
+		yyerror("no user name");
+		return -1;
+	}
+
+	id = strdup(username);
 
 	if ((usrdatum = declare_user()) == NULL) {
 		free(id);