RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-16 17:46:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol: invalidate the pointer to the policydb if policydb_init fails

Browse Source 
Facebook's Infer static analyzer warns about a use-after-free issue in
libsemanage:

    int semanage_direct_mls_enabled(semanage_handle_t * sh)
    {
            sepol_policydb_t *p = NULL;
            int retval;

            retval = sepol_policydb_create(&p);
            if (retval < 0)
                    goto cleanup;

            /* ... */
    cleanup:
            sepol_policydb_free(p);
            return retval;
    }

When sepol_policydb_create() is called, p is allocated and
policydb_init() is called. If this second call fails, p is freed
andsepol_policydb_create() returns -1, but p still stores a pointer to
freed memory. This pointer is then freed again in the cleanup part of
semanage_direct_mls_enabled().

Fix this by setting p to NULL in sepol_policydb_create() after freeing
it.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2021-02-28 08:59:20 +01:00
parent 6238e02571
commit a9e0004f60
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libsepol/src/policydb_public.c
View File

@ -68,6 +68,7 @@ int sepol_policydb_create(sepol_policydb_t ** sp)
p = &(*sp)->p; p = &(*sp)->p;
if (policydb_init(p)) { if (policydb_init(p)) {
free(*sp); free(*sp);
*sp = NULL;
return -1; return -1;
} }
return 0; return 0;