On Thu, Jan 23, 2020 at 9:39 PM James Carter <jwcart2@xxxxxxxxxxxxx> wrote:
> When copying an avrule with extended permissions (permx) in
> cil_copy_avrule(), the check for a named permx checks the new permx
> instead of the old one, so the check will always fail. This leads to a
> segfault when trying to copy a named permx because there will be an
> attempt to copy the nonexistent permx struct instead of the name of
> the named permx.
>
> Check whether the original is a named permx instead of the new one.
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
(OK, this looks simple enough to try out my new maintainer "powers" :)
Acked-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
> libsepol/cil/src/cil_copy_ast.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
> index 7af00aaf..67dd8528 100644
> --- a/libsepol/cil/src/cil_copy_ast.c
> +++ b/libsepol/cil/src/cil_copy_ast.c
> @@ -827,7 +827,7 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
> if (!new->is_extended) {
> cil_copy_classperms_list(orig->perms.classperms, &new->perms.classperms);
> } else {
> - if (new->perms.x.permx_str != NULL) {
> + if (orig->perms.x.permx_str != NULL) {
> new->perms.x.permx_str = orig->perms.x.permx_str;
> } else {
> cil_permissionx_init(&new->perms.x.permx);
> --
> 2.21.1
>
--
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.
