mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-20 04:20:45 +00:00
libsepol/cil: do not override previous results of __cil_verify_classperms
When __cil_verify_map_class() verifies a classpermission, it calls __verify_map_perm_classperms() on each item. If the first item reports a failure and the next one succeeds, the failure is overwritten in map_args->rc. This is a bug which causes a NULL pointer dereference in the CIL compiler when compiling the following policy: (sid SID) (sidorder (SID)) (class CLASS (PERM1)) (classorder (CLASS)) (classpermission CLSPERM) (classpermissionset CLSPERM (CLASS (PERM1))) (classmap files (CLAMAPxx x)) (classmapping files CLAMAPxx CLSPERM) Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30286 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
4859b73813
commit
fd705df050
@ -1795,8 +1795,12 @@ static int __verify_map_perm_classperms(__attribute__((unused)) hashtab_key_t k,
|
||||
{
|
||||
struct cil_verify_map_args *map_args = args;
|
||||
struct cil_perm *cmp = (struct cil_perm *)d;
|
||||
int rc;
|
||||
|
||||
map_args->rc = __cil_verify_classperms(cmp->classperms, &cmp->datum, &map_args->class->datum, &cmp->datum, CIL_MAP_PERM, 0, 2);
|
||||
rc = __cil_verify_classperms(cmp->classperms, &cmp->datum, &map_args->class->datum, &cmp->datum, CIL_MAP_PERM, 0, 2);
|
||||
if (rc != SEPOL_OK) {
|
||||
map_args->rc = rc;
|
||||
}
|
||||
|
||||
return SEPOL_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user