When hll/pp operates on an invalid policy module which defines blocks
with non-empty decl->symtab[SYM_COMMONS], additive_scopes_to_cil_map()
calls func_to_cil[SYM_COMMONS], which is NULL.
In additive_scopes_to_cil(), filter out NULL elements of func_to_cil
before calling additive_scopes_to_cil_map().
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/src/module_to_cil.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index b7d3b5eb57eb..ab3ac03d7895 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -3530,6 +3530,9 @@ static int additive_scopes_to_cil(int indent, struct policydb *pdb, struct avrul
struct avrule_decl *decl = stack_peek(decl_stack);
for (args.sym_index = 0; args.sym_index < SYM_NUM; args.sym_index++) {
+ if (func_to_cil[args.sym_index] == NULL) {
+ continue;
+ }
rc = hashtab_map(decl->symtab[args.sym_index].table, additive_scopes_to_cil_map, &args);
if (rc != 0) {
goto exit;
--
2.10.2
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
