Return an error if a call argument fails to resolve so that
the resolution phase stops and returns an error.
This problem was found by the secilc-fuzzer.
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libsepol/cil/src/cil_resolve_ast.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 34c28fc6..5368ae80 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -3253,6 +3253,7 @@ int cil_resolve_call2(struct cil_tree_node *current, void *extra_args)
if (sym_index != CIL_SYM_UNKNOWN) {
rc = cil_resolve_name(current, arg->arg_str, sym_index, extra_args, &(arg->arg));
if (rc != SEPOL_OK) {
+ cil_tree_log(current, CIL_ERR, "Failed to resolve %s in call argument list", arg->arg_str);
goto exit;
}
}
@@ -3284,7 +3285,7 @@ int cil_resolve_name_call_args(struct cil_call *call, char *name, enum cil_sym_i
if (param_index == sym_index) {
if (name == arg->param_str) {
*datum = arg->arg;
- rc = SEPOL_OK;
+ rc = *datum ? SEPOL_OK : SEPOL_ERR;
goto exit;
}
}
--
2.26.3
