[PATCH v3 7/7] libsepol: fix unitialized jmp and invalid dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: William Roberts <william.c.roberts@xxxxxxxxx>

When initializing role_datum_t array, initialize the array.
This corrects this issue:

==25766== Conditional jump or move depends on uninitialised value(s)
==25766==    at 0x40ABFE: context_is_valid (context.c:59)
==25766==    by 0x40AAED: policydb_context_isvalid (context.c:19)
==25766==    by 0x43CBF4: context_read_and_validate (policydb.c:1881)
==25766==    by 0x43E7B3: ocontext_read_selinux (policydb.c:2631)
==25766==    by 0x43EC4D: ocontext_read (policydb.c:2729)
==25766==    by 0x442019: policydb_read (policydb.c:3937)
==25766==    by 0x442F15: sepol_policydb_read (policydb_public.c:174)
==25766==    by 0x407ED4: init (check_seapp.c:885)
==25766==    by 0x408D83: main (check_seapp.c:1230)

Also, check for NULL when determining if a role can be associated
with a type.

Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
---
 libsepol/src/context.c  | 2 +-
 libsepol/src/policydb.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/context.c b/libsepol/src/context.c
index 39552f2..a88937f 100644
--- a/libsepol/src/context.c
+++ b/libsepol/src/context.c
@@ -56,7 +56,7 @@ int context_is_valid(const policydb_t * p, const context_struct_t * c)
 		 * Role must be authorized for the type.
 		 */
 		role = p->role_val_to_struct[c->role - 1];
-		if (!ebitmap_get_bit(&role->cache, c->type - 1))
+		if (!role || !ebitmap_get_bit(&role->cache, c->type - 1))
 			/* role may not be associated with type */
 			return 0;
 
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 9f1c507..c225ac6 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -1068,7 +1068,7 @@ int policydb_index_others(sepol_handle_t * handle,
 
 	free(p->role_val_to_struct);
 	p->role_val_to_struct = (role_datum_t **)
-	    malloc(p->p_roles.nprim * sizeof(role_datum_t *));
+	    calloc(p->p_roles.nprim, sizeof(role_datum_t *));
 	if (!p->role_val_to_struct)
 		return -1;
 
-- 
1.9.1

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux