mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-18 12:14:33 +00:00
libsepol/cil: free the first operand if the second one is invalid
When __cil_expr_to_bitmap() fails to parse the second operand of an operation with two operands, it returns an error without destroying the bitmap which has been created for the first operand. Fix this memory leak. This has been tested with the following policy: (class CLASS (PERM)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category CAT) (categoryorder (CAT)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (CAT)) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (CAT)))) (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) (permissionx ioctl_test (ioctl CLASS (and (range 0x1600 0x19FF) (.ot (range 0x1750 0x175F))))) This memory leak has been found by running clang's Address Sanitizer on a set of policies generated from secilc/test/policy.cil by American Fuzzy Lop. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
7fe9a7be31
commit
602385d70c
@ -1105,6 +1105,7 @@ static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max,
|
||||
rc = __cil_expr_to_bitmap_helper(curr->next->next, flavor, &b2, max, db);
|
||||
if (rc != SEPOL_OK) {
|
||||
cil_log(CIL_INFO, "Failed to get second operand bitmap\n");
|
||||
ebitmap_destroy(&b1);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user