RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-04-11 04:01:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

checkpolicy: abort on mismatched declarations

Browse Source 
In case a type or role gets re-declared as an attribute abort parsing
immediately. Since yyerror() is called the variable policydb_errors is
increased and will signal an error later on.

Reported-by: oss-fuzz (issue 398527873)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2025-02-25 15:33:10 +01:00 committed by James Carter
parent 9cfc7b9fff
commit 20aa2f8d58
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
checkpolicy/module_compiler.c
View File

@ -291,6 +291,7 @@ static int create_role(uint32_t scope, unsigned char isattr, role_datum_t **role
if (*role && (isattr != (*role)->flavor)) {
yyerror2("Identifier %s used as both an attribute and a role",
id);
*role = NULL;
free(id);
role_datum_destroy(datum);
free(datum);
@ -428,6 +429,7 @@ static int create_type(uint32_t scope, unsigned char isattr, type_datum_t **type
if (*type && (isattr != (*type)->flavor)) {
yyerror2("Identifier %s used as both an attribute and a type",
id);
*type = NULL;
free(id);
return -1;
}