libsepol: do not call a NULL function in additive_scopes_to_cil()

When hll/pp operates on an invalid policy module which defines blocks
with non-empty decl->symtab[SYM_COMMONS], additive_scopes_to_cil_map()
calls func_to_cil[SYM_COMMONS], which is NULL.

In additive_scopes_to_cil(), filter out NULL elements of func_to_cil
before calling additive_scopes_to_cil_map().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2016-11-22 23:23:38 +01:00 committed by Stephen Smalley
parent 8f9057c2ea
commit 52b3b625b6

View file

@ -3530,6 +3530,9 @@ static int additive_scopes_to_cil(int indent, struct policydb *pdb, struct avrul
struct avrule_decl *decl = stack_peek(decl_stack);
for (args.sym_index = 0; args.sym_index < SYM_NUM; args.sym_index++) {
if (func_to_cil[args.sym_index] == NULL) {
continue;
}
rc = hashtab_map(decl->symtab[args.sym_index].table, additive_scopes_to_cil_map, &args);
if (rc != 0) {
goto exit;