rpms / libsepol

Clone
Source Code
GIT

Files

  1.   3e8ea426c32c1afb91dd3738352b644ce0d7d266
  2.   0008-libsepol-silence-potential-NULL-pointer-dereference-.patch
Blob Blame History Raw 
From c97d63c6b40c71c693d3b5bb25628869a95dff24 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 3 Oct 2020 15:56:58 +0200
Subject: [PATCH] libsepol: silence potential NULL pointer dereference warning

When find_avtab_node() is called with key->specified & AVTAB_XPERMS and
xperms=NULL, xperms is being dereferenced. This is detected as a
"NULL pointer dereference issue" by static analyzers.

Even though it does not make much sense to call find_avtab_node() in a
way which triggers the NULL pointer dereference issue, static analyzers
have a hard time with calls such as:

    node = find_avtab_node(handle, avtab, &avkey, cond, NULL);

... where xperms=NULL.

So, make the function report an error instead of crashing.

Here is an example of report from clang's static analyzer:
https://558-118970575-gh.circle-artifacts.com/0/output-scan-build/2020-10-02-065849-6375-1/report-d86a57.html#EndPath

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/src/expand.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 19e48c507236..eac7e4507d02 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -1570,17 +1570,22 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
 
 	/* AVTAB_XPERMS entries are not necessarily unique */
 	if (key->specified & AVTAB_XPERMS) {
-		node = avtab_search_node(avtab, key);
-		while (node) {
-			if ((node->datum.xperms->specified == xperms->specified) &&
-				(node->datum.xperms->driver == xperms->driver)) {
-				match = 1;
-				break;
+		if (xperms == NULL) {
+			ERR(handle, "searching xperms NULL");
+			node = NULL;
+		} else {
+			node = avtab_search_node(avtab, key);
+			while (node) {
+				if ((node->datum.xperms->specified == xperms->specified) &&
+					(node->datum.xperms->driver == xperms->driver)) {
+					match = 1;
+					break;
+				}
+				node = avtab_search_node_next(node, key->specified);
 			}
-			node = avtab_search_node_next(node, key->specified);
+			if (!match)
+				node = NULL;
 		}
-		if (!match)
-			node = NULL;
 	} else {
 		node = avtab_search_node(avtab, key);
 	}
-- 
2.29.0.rc2
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.