While fuzzing /usr/libexec/hll/pp, a policy module was generated which
triggered a NULL result when doing:
key = pdb->sym_val_to_name[sym][i];
Detect such unexpected behavior to exit with an error instead of
crashing.
This issue has been found while fuzzing hll/pp with the American Fuzzy
Lop.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/src/module_to_cil.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index c99790eb76e7..99360a9afdd0 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -3459,6 +3459,10 @@ static int required_scopes_to_cil(int indent, struct policydb *pdb, struct avrul
map = decl->required.scope[sym];
ebitmap_for_each_positive_bit(&map, node, i) {
key = pdb->sym_val_to_name[sym][i];
+ if (key == NULL) {
+ rc = -1;
+ goto exit;
+ }
scope_datum = hashtab_search(pdb->scope[sym].table, key);
if (scope_datum == NULL) {
--
2.29.2
