mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-14 01:10:49 +00:00
libsepol: cil: show an error when cil_expr_to_string() fails
cil_tree_print_expr() calls cil_expr_to_string() in order to compute a string expression into expr_str. If this function fails, expr_str is left unitialized but its value is dereferenced with: cil_log(CIL_INFO, "%s)", expr_str); Prevent such an issue by checking cil_expr_to_string()'s return value before using expr_str. This issue has been found with clang's static analyzer. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
3217d717c8
commit
2bd82070ef
@ -503,15 +503,19 @@ exit:
|
||||
void cil_tree_print_expr(struct cil_list *datum_expr, struct cil_list *str_expr)
|
||||
{
|
||||
char *expr_str;
|
||||
int rc;
|
||||
|
||||
cil_log(CIL_INFO, "(");
|
||||
|
||||
if (datum_expr != NULL) {
|
||||
cil_expr_to_string(datum_expr, &expr_str);
|
||||
rc = cil_expr_to_string(datum_expr, &expr_str);
|
||||
} else {
|
||||
cil_expr_to_string(str_expr, &expr_str);
|
||||
rc = cil_expr_to_string(str_expr, &expr_str);
|
||||
}
|
||||
if (rc < 0) {
|
||||
cil_log(CIL_INFO, "ERROR)");
|
||||
return;
|
||||
}
|
||||
|
||||
cil_log(CIL_INFO, "%s)", expr_str);
|
||||
free(expr_str);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user