On Thu, Feb 25, 2021 at 2:55 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Thu, Feb 25, 2021 at 5:44 AM lutianxiong <lutianxiong@xxxxxxxxxx> wrote:
> >
> > Found a NULL pointer dereference by fuzzing, reproducing:
> > $ echo "(nodecon(())o(e()))" > tmp.cil
> > $ secilc tmp.cil
> > Segmentation fault (core dumped)
> >
> > Add NULL check for addr_node->data in cil_fill_ipaddr.
> >
> > Signed-off-by: lutianxiong <lutianxiong@xxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
Merged. Thanks!
Nicolas
> > ---
> > libsepol/cil/src/cil_build_ast.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
> > index 726f46c..4e53f06 100644
> > --- a/libsepol/cil/src/cil_build_ast.c
> > +++ b/libsepol/cil/src/cil_build_ast.c
> > @@ -5660,7 +5660,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
> > {
> > int rc = SEPOL_ERR;
> >
> > - if (addr_node == NULL || addr == NULL) {
> > + if (addr_node == NULL || addr_node->data == NULL || addr == NULL) {
> > goto exit;
> > }
> >
> > --
> > 2.23.0
> >
