tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libsepol/cil: Properly check parse tree when printing error messages

Browse source 
The function cil_tree_get_next_path() does not check whether the
parse tree node that stores the high-level language file path of a
src_info rule actually exists before trying to read the path. This
can result in a NULL dereference.

Check that all of the parse tree nodes of a src_info rule exist
before reading the data from them.

This bug was found by the secilc-fuzzer.

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2021-08-27 10:07:30 -04:00
parent ba23ba0683
commit 4469c9796e
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
libsepol/cil/src/cil_tree.c
View file

@ -62,7 +62,10 @@ struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **
while (node) {
if (node->flavor == CIL_NODE && node->data == NULL) {
if (node->cl_head->data == CIL_KEY_SRC_INFO && node->cl_head->next != NULL && node->cl_head->next->next != NULL) {
if (node->cl_head && node->cl_head->data == CIL_KEY_SRC_INFO) {
if (!node->cl_head->next || !node->cl_head->next->next || !node->cl_head->next->next->next) {
goto exit;
}
/* Parse Tree */
*info_kind = node->cl_head->next->data;
rc = cil_string_to_uint32(node->cl_head->next->next->data, hll_line, 10);