From 2752043dabf2f1368375121b502bd25680741cdf Mon Sep 17 00:00:00 2001 From: James Carter Date: Wed, 29 Nov 2023 12:28:20 -0500 Subject: [PATCH] libsepol/cil: Clear AST node after destroying bad filecon rule Commit fb0a4ce1 (libsepol/cil: Allow paths in filecon rules to be passed as arguments) changed when the new AST node data would be set to point to the new filecon struct when creating a filecon rule. This causes cil_destroy_filecon() to be called twice on the filecon struct if there is an error when creating the filecon rule. If there is an error when creating a filecon rule, call cil_clear_node() after destroying the filecon struct. Reported-by: oss-fuzz (issue 64385) Signed-off-by: James Carter --- libsepol/cil/src/cil_build_ast.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index be260a31..56dac891 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -4197,6 +4197,7 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru exit: cil_tree_log(parse_current, CIL_ERR, "Bad filecon declaration"); cil_destroy_filecon(filecon); + cil_clear_node(ast_node); return rc; }