Re: [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Feb 25, 2021 at 2:55 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Thu, Feb 25, 2021 at 5:44 AM lutianxiong <lutianxiong@xxxxxxxxxx> wrote:
> >
> > Found a NULL pointer dereference by fuzzing, reproducing:
> >     $ echo "(nodecon(())o(e()))" > tmp.cil
> >     $ secilc tmp.cil
> >     Segmentation fault (core dumped)
> >
> > Add NULL check for addr_node->data in cil_fill_ipaddr.
> >
> > Signed-off-by: lutianxiong <lutianxiong@xxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>

Merged. Thanks!
Nicolas

> > ---
> >  libsepol/cil/src/cil_build_ast.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
> > index 726f46c..4e53f06 100644
> > --- a/libsepol/cil/src/cil_build_ast.c
> > +++ b/libsepol/cil/src/cil_build_ast.c
> > @@ -5660,7 +5660,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
> >  {
> >         int rc = SEPOL_ERR;
> >
> > -       if (addr_node == NULL || addr == NULL) {
> > +       if (addr_node == NULL || addr_node->data == NULL || addr == NULL) {
> >                 goto exit;
> >         }
> >
> > --
> > 2.23.0
> >




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux