Some functions assumes that p->global is not NULL. For example
range_read() contains:
p->global->enabled->range_tr_rules = rtr;
However p->global may currently be NULL when loading a policy module
with no avrule block. Avoid a NULL pointer dereference by making such a
policy invalid.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/src/policydb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 3cff6d276d68..7093b29833bf 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -4044,6 +4044,10 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
if (avrule_block_read(p, &p->global, info->sym_num, fp) == -1) {
goto bad;
}
+ if (p->global == NULL) {
+ ERR(fp->handle, "no avrule block in policy");
+ goto bad;
+ }
for (i = 0; i < info->sym_num; i++) {
if ((rc = next_entry(buf, fp, sizeof(uint32_t))) < 0) {
goto bad;
--
2.12.0
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
