Re: [PATCH] trivial kernel_to_conf.c checks

Stephen Smalley <sds@xxxxxxxxxxxxx> · Fri, 14 Jun 2019 15:38:37 -0400

On 5/24/19 5:36 PM, Jokke Hämäläinen wrote:

Re-post with Signed-off-by line please.

diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 4f84ee8b..930bafab 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -448,8 +448,12 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str,
  		if (i < num_sids) {
  			sid = (char *)sid_to_str[i];
  		} else {
-			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
+			snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
  			sid = strdup(unknown);
+			if (!sid) {
+				rc = -1;
+				goto exit;
+			}
  		}
  		rc = strs_add_at_index(strs, sid, i);
  		if (rc != 0) {
@@ -792,6 +796,10 @@ static int write_sensitivity_rules_to_conf(FILE *out, struct policydb *pdb)
  			j = level->level->sens - 1;
  			if (!sens_alias_map[j]) {
  				sens_alias_map[j] = strdup(name);
+				if (!sens_alias_map[j]) {
+					rc = -1;
+					goto exit;
+				}
  			} else {
  				alias = sens_alias_map[j];
  				sens_alias_map[j] = create_str("%s %s", 2, alias, name);
@@ -919,6 +927,10 @@ static int write_category_rules_to_conf(FILE *out, struct policydb *pdb)
  			j = cat->s.value - 1;
  			if (!cat_alias_map[j]) {
  				cat_alias_map[j] = strdup(name);
+				if (!cat_alias_map[j]) {
+					rc = -1;
+					goto exit;
+				}
  			} else {
  				alias = cat_alias_map[j];
  				cat_alias_map[j] = create_str("%s %s", 2, alias, name);
@@ -2364,7 +2376,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons
  		if (i < num_sids) {
  			sid = (char *)sid_to_str[i];
  		} else {
-			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
+			snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
  			sid = unknown;
  		}
  








