RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Initialize avtab_datum on declaration 

avtab_datum.xperms was not always initialized before being used.

Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_binary.c:977:2: var_decl: Declaring variable "avtab_datum" without initializer.
libsepol-3.7/cil/src/cil_binary.c:1059:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
 \# 1057|   			}
 \# 1058|   		}
 \# 1059|-> 		rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
 \# 1060|   	}

Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_binary.c:1348:2: var_decl: Declaring variable "avtab_datum" without initializer.
libsepol-3.7/cil/src/cil_binary.c:1384:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
 \# 1382|   	} else {
 \# 1383|   		avtab_datum.data = data;
 \# 1384|-> 		rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
 \# 1385|   	}
 \# 1386|

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Vit Mojzis 2024-10-23 15:43:15 +02:00 committed by James Carter
parent e7bbd67be6
commit 0dac9813e1
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libsepol/cil/src/cil_binary.c
View File

@ -975,7 +975,7 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
{
int rc = SEPOL_OK;
avtab_key_t avtab_key;
avtab_datum_t avtab_datum;
avtab_datum_t avtab_datum = { .data = res, .xperms = NULL };
avtab_ptr_t existing;
avtab_key.source_type = src;
@ -997,8 +997,6 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
goto exit;
}
avtab_datum.data = res;
existing = avtab_search_node(&pdb->te_avtab, &avtab_key);
if (existing) {
/* Don't add duplicate type rule and warn if they conflict.
@ -1346,7 +1344,7 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
{
int rc = SEPOL_OK;
avtab_key_t avtab_key;
avtab_datum_t avtab_datum;
avtab_datum_t avtab_datum = { .data = data, .xperms = NULL };
avtab_datum_t *avtab_dup = NULL;
avtab_key.source_type = src;
@ -1372,7 +1370,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
if (!cond_node) {
avtab_dup = avtab_search(&pdb->te_avtab, &avtab_key);
if (!avtab_dup) {
avtab_datum.data = data;
rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
} else {
if (kind == CIL_AVRULE_DONTAUDIT)
@ -1381,7 +1378,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
avtab_dup->data |= data;
}
} else {
avtab_datum.data = data;
rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
}