libsepol: add missing oom checks

Check return values of memory allocation functions and propagate their failure. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
2025-01-01 11:12:08 +00:00 · 2022-03-31 16:44:52 +02:00 · 2022-03-31 16:44:52 +02:00 · 0233e4f6d5
commit 0233e4f6d5
parent 5d3c4430ee
4 changed files with 26 additions and 1 deletions
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@ -190,6 +190,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
 				}
 				if (!names) {
 					names = strdup("NO_IDENTIFIER");
+					if (!names) {
+						sepol_log_err("Out of memory");
+						goto exit;
+					}
 				}
 				if (strchr(names, ' ')) {
 					new_val = create_str("(%s %s (%s))", 3, op, attr1, names);
@ -568,6 +572,11 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
 		} else {
 			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
 			sid = strdup(unknown);
+			if (!sid) {
+				sepol_log_err("Out of memory");
+				rc = -1;
+				goto exit;
+			}
 		}
 		rc = strs_add_at_index(strs, sid, i);
 		if (rc != 0) {
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@ -187,6 +187,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
 				}
 				if (!names) {
 					names = strdup("NO_IDENTIFIER");
+					if (!names) {
+						sepol_log_err("Out of memory");
+						goto exit;
+					}
 				}
 				if (strchr(names, ' ')) {
 					new_val = create_str("%s %s { %s }", 3, attr1, op, names);
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@ -393,6 +393,8 @@ static int typealias_list_create(struct policydb *pdb)
 	}

 	typealias_lists = calloc(max_decl_id + 1, sizeof(*typealias_lists));
+	if (!typealias_lists)
+		goto exit;
 	typealias_lists_len = max_decl_id + 1;

 	rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb);
@ -1792,6 +1794,10 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
 				}
 				if (num_names == 0) {
 					names = strdup("NO_IDENTIFIER");
+					if (!names) {
+						rc = -1;
+						goto exit;
+					}
 				} else {
 					rc = name_list_to_string(name_list, num_names, &names);
 					if (rc != 0) {
@ -2556,6 +2562,11 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
 			goto exit;
 		}
 		item->sid_key = strdup(sid);
+		if (!item->sid_key) {
+			log_err("Out of memory");
+			rc = -1;
+			goto exit;
+		}
 		item->next = head;
 		head = item;
 	}
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@ -1252,7 +1252,8 @@ int policydb_index_others(sepol_handle_t * handle,
 	if (!p->type_val_to_struct)
 		return -1;

-	cond_init_bool_indexes(p);
+	if (cond_init_bool_indexes(p))
+		return -1;

 	for (i = SYM_ROLES; i < SYM_NUM; i++) {
 		free(p->sym_val_to_name[i]);