libsepol: silence potential NULL pointer dereference warning

When find_avtab_node() is called with key->specified & AVTAB_XPERMS and xperms=NULL, xperms is being dereferenced. This is detected as a "NULL pointer dereference issue" by static analyzers. Even though it does not make much sense to call find_avtab_node() in a way which triggers the NULL pointer dereference issue, static analyzers have a hard time with calls such as: node = find_avtab_node(handle, avtab, &avkey, cond, NULL); ... where xperms=NULL. So, make the function report an error instead of crashing. Here is an example of report from clang's static analyzer: https://558-118970575-gh.circle-artifacts.com/0/output-scan-build/2020-10-02-065849-6375-1/report-d86a57.html#EndPath Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2020-10-03 15:56:58 +02:00 · 2020-10-03 15:56:58 +02:00 · c97d63c6b4
commit c97d63c6b4
parent 64387cb373
1 changed files with 15 additions and 10 deletions
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@ -1570,17 +1570,22 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,

 	/* AVTAB_XPERMS entries are not necessarily unique */
 	if (key->specified & AVTAB_XPERMS) {
-		node = avtab_search_node(avtab, key);
-		while (node) {
-			if ((node->datum.xperms->specified == xperms->specified) &&
-				(node->datum.xperms->driver == xperms->driver)) {
-				match = 1;
-				break;
-			}
-			node = avtab_search_node_next(node, key->specified);
-		}
-		if (!match)
+		if (xperms == NULL) {
+			ERR(handle, "searching xperms NULL");
 			node = NULL;
+		} else {
+			node = avtab_search_node(avtab, key);
+			while (node) {
+				if ((node->datum.xperms->specified == xperms->specified) &&
+					(node->datum.xperms->driver == xperms->driver)) {
+					match = 1;
+					break;
+				}
+				node = avtab_search_node_next(node, key->specified);
+			}
+			if (!match)
+				node = NULL;
+		}
 	} else {
 		node = avtab_search_node(avtab, key);
 	}