[PATCH 2/2] libsepol: silence potential NULL pointer dereference warning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When find_avtab_node() is called with key->specified & AVTAB_XPERMS and
xperms=NULL, xperms is being dereferenced. This is detected as a
"NULL pointer dereference issue" by static analyzers.

Even though it does not make much sense to call find_avtab_node() in a
way which triggers the NULL pointer dereference issue, static analyzers
have a hard time with calls such as:

    node = find_avtab_node(handle, avtab, &avkey, cond, NULL);

... where xperms=NULL.

So, make the function report an error instead of crashing.

Here is an example of report from clang's static analyzer:
https://558-118970575-gh.circle-artifacts.com/0/output-scan-build/2020-10-02-065849-6375-1/report-d86a57.html#EndPath

Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
 libsepol/src/expand.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 19e48c507236..eac7e4507d02 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -1570,17 +1570,22 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t * handle,
 
 	/* AVTAB_XPERMS entries are not necessarily unique */
 	if (key->specified & AVTAB_XPERMS) {
-		node = avtab_search_node(avtab, key);
-		while (node) {
-			if ((node->datum.xperms->specified == xperms->specified) &&
-				(node->datum.xperms->driver == xperms->driver)) {
-				match = 1;
-				break;
+		if (xperms == NULL) {
+			ERR(handle, "searching xperms NULL");
+			node = NULL;
+		} else {
+			node = avtab_search_node(avtab, key);
+			while (node) {
+				if ((node->datum.xperms->specified == xperms->specified) &&
+					(node->datum.xperms->driver == xperms->driver)) {
+					match = 1;
+					break;
+				}
+				node = avtab_search_node_next(node, key->specified);
 			}
-			node = avtab_search_node_next(node, key->specified);
+			if (!match)
+				node = NULL;
 		}
-		if (!match)
-			node = NULL;
 	} else {
 		node = avtab_search_node(avtab, key);
 	}
-- 
2.28.0




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux