On Fri, Mar 10, 2017 at 8:49 PM, James Carter <jwcart2@xxxxxxxxxxxxx> wrote:
> It would sometimes be helpful for debugging or verification purposes
> to be able to convert a binary policy to a human-readable form.
>
> Create new function, sepol_kernel_policydb_to_cil(), that takes a
> policydb created from a binary policy and writes CIL policy to the
> provided FILE pointer.
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
>
> [...]
>
> +int sepol_kernel_policydb_to_cil(FILE *out, struct policydb *pdb)
> +{
> + struct strs *mls_constraints;
> + struct strs *non_mls_constraints;
> + int rc = 0;
> +
> + rc = strs_init(&mls_constraints, 32);
> + if (rc != 0) {
> + goto exit;
> + }
> +
> + rc = strs_init(&non_mls_constraints, 32);
> + if (rc != 0) {
> + goto exit;
> + }
> [...]
> +
> +exit:
> + strs_free_all(mls_constraints);
> + strs_destroy(&mls_constraints);
> + strs_free_all(non_mls_constraints);
> + strs_destroy(&non_mls_constraints);
> +
> + return rc;
> +}
When strs_init(&mls_constraints, 32) fails, variable
non_mls_constraints is left non-initialized but is used in a call to
strs_free_all(). Variables mls_constraints and non_mls_constraints may
need to be initialized to NULL in sepol_kernel_policydb_to_cil().
I have found this bug when travis-ci.org built the project with clang.
Please see https://travis-ci.org/fishilico/selinux/jobs/210118864#L549
for the error report generated by the compiler.
Cheers,
Nicolas
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
