RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsepol/mls: Do not destroy context on memory error 

In case of malloc error, ctx1, or ctx2 may be pointing to uninitialized
space and context_destroy should not be used on it.

Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/src/mls.c:673:2: alloc_fn: Calling "malloc" which returns uninitialized memory.
libsepol-3.7/src/mls.c:673:2: assign: Assigning: "ctx1" = "malloc(64UL)", which points to uninitialized data.
libsepol-3.7/src/mls.c:699:2: uninit_use_in_call: Using uninitialized value "ctx1->range.level[0].cat.node" when calling "context_destroy".
 \#  697|   	ERR(handle, "could not check if mls context %s contains %s",
 \#  698|   	    mls1, mls2);
 \#  699|-> 	context_destroy(ctx1);
 \#  700|   	context_destroy(ctx2);
 \#  701|   	free(ctx1);

Error: UNINIT (CWE-457):
libsepol-3.7/src/mls.c:674:2: alloc_fn: Calling "malloc" which returns uninitialized memory.
libsepol-3.7/src/mls.c:674:2: assign: Assigning: "ctx2" = "malloc(64UL)", which points to uninitialized data.
libsepol-3.7/src/mls.c:700:2: uninit_use_in_call: Using uninitialized value "ctx2->range.level[0].cat.node" when calling "context_destroy".
 \#  698|   	    mls1, mls2);
 \#  699|   	context_destroy(ctx1);
 \#  700|-> 	context_destroy(ctx2);
 \#  701|   	free(ctx1);
 \#  702|   	free(ctx2);

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Vit Mojzis 2024-10-23 15:43:16 +02:00 committed by James Carter
parent 0dac9813e1
commit 575d1cfaac
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libsepol/src/mls.c
View File

@ -672,8 +672,10 @@ int sepol_mls_contains(sepol_handle_t * handle,
context_struct_t *ctx1 = NULL, *ctx2 = NULL;
ctx1 = malloc(sizeof(context_struct_t));
ctx2 = malloc(sizeof(context_struct_t));
if (ctx1 == NULL || ctx2 == NULL)
if (ctx1 == NULL || ctx2 == NULL){
ERR(handle, "out of memory");
goto omem;
}
context_init(ctx1);
context_init(ctx2);
@ -690,16 +692,14 @@ int sepol_mls_contains(sepol_handle_t * handle,
free(ctx2);
return STATUS_SUCCESS;
omem:
ERR(handle, "out of memory");
err:
ERR(handle, "could not check if mls context %s contains %s",
mls1, mls2);
context_destroy(ctx1);
context_destroy(ctx2);
omem:
free(ctx1);
free(ctx2);
ERR(handle, "could not check if mls context %s contains %s",
mls1, mls2);
return STATUS_ERR;
}