On 02/19/2017 05:30 AM, Nicolas Iooss wrote:
When __cil_permx_to_bitmap() calls __cil_permx_str_to_int() on an
invalid number, local variablt "bitmap" is left initialized when the
function returns and its memory is leaked.
This memory leak has been found by running clang's Address Sanitizer on
a set of policies generated by American Fuzzy Lop.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
For this one I decided to move the ebitmap_init() call to right before the
ebitmap_set_bit() call. This seemed to fit the style of the other functions in
cil_post.c a bit better.
I applied the other four patches.
Thanks,
Jim
---
libsepol/cil/src/cil_post.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index 687962eae5ee..2de55b562b8f 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -806,13 +806,13 @@ static int __cil_permx_to_bitmap(struct cil_symtab_datum *datum, ebitmap_t *bitm
if (ebitmap_set_bit(bitmap, (unsigned int)val, 1)) {
cil_log(CIL_ERR, "Failed to set permissionx bit\n");
- ebitmap_destroy(bitmap);
goto exit;
}
return SEPOL_OK;
exit:
+ ebitmap_destroy(bitmap);
return rc;
}
--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
