RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-17 10:06:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

checkpolicy: clone level only once

Browse Source 
In case of aliases clone the level only once to avoid leaking the fist
one.

Example policy:

    class p sid h class p{d}sensitivity d alias s0;dominance{s0}level d;level s0;

Reported-by: oss-fuzz (issue #67308)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2024-03-11 15:57:03 +01:00 committed by James Carter
parent b106fad29f
commit 0e1e30db35
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
checkpolicy/policy_define.c
View File

@ -1038,7 +1038,7 @@ static int clone_level(hashtab_key_t key __attribute__ ((unused)), hashtab_datum
level_datum_t *levdatum = (level_datum_t *) datum;
mls_level_t *level = (mls_level_t *) arg, *newlevel;
if (levdatum->level == level) {
if (levdatum->notdefined && levdatum->level == level) {
if (!levdatum->isalias) {
levdatum->notdefined = FALSE;
return 0;