When copying an avrule with extended permissions (permx) in
cil_copy_avrule(), the check for a named permx checks the new permx
instead of the old one, so the check will always fail. This leads to a
segfault when trying to copy a named permx because there will be an
attempt to copy the nonexistent permx struct instead of the name of
the named permx.
Check whether the original is a named permx instead of the new one.
Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
---
libsepol/cil/src/cil_copy_ast.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index 7af00aaf..67dd8528 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -827,7 +827,7 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
if (!new->is_extended) {
cil_copy_classperms_list(orig->perms.classperms, &new->perms.classperms);
} else {
- if (new->perms.x.permx_str != NULL) {
+ if (orig->perms.x.permx_str != NULL) {
new->perms.x.permx_str = orig->perms.x.permx_str;
} else {
cil_permissionx_init(&new->perms.x.permx);
--
2.21.1
