RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-04-01 23:08:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: refuse to load policies with no block

Browse Source 
Some functions assumes that p->global is not NULL. For example
range_read() contains:

    p->global->enabled->range_tr_rules = rtr;

However p->global may currently be NULL when loading a policy module
with no avrule block. Avoid a NULL pointer dereference by making such a
policy invalid.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2017-04-07 22:44:30 +02:00 committed by Stephen Smalley
parent 9d3091a6d3
commit 42e32227da
1 changed files with 4 additions and 0 deletions

4
libsepol/src/policydb.c
View File

@ -4044,6 +4044,10 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
goto bad;
}
if (p->global == NULL) {
ERR(fp->handle, "no avrule block in policy");
goto bad;
}
for (i = 0; i < info->sym_num; i++) {
if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
goto bad;