On Tue, Mar 29, 2022 at 3:43 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> On Mon, 14 Mar 2022 at 19:24, James Carter <jwcart2@xxxxxxxxx> wrote:
> >
> > Use calloc() instead of mallocarray() so that everything is
> > initialized to zero to prevent the use of unitialized memory when
> > validating malformed binary policies.
> >
> > Found by oss-fuzz (#45493)
> >
> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> > ---
> > libsepol/src/conditional.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
> > index f78b38a2..a620451d 100644
> > --- a/libsepol/src/conditional.c
> > +++ b/libsepol/src/conditional.c
> > @@ -522,7 +522,7 @@ int cond_init_bool_indexes(policydb_t * p)
> > if (p->bool_val_to_struct)
> > free(p->bool_val_to_struct);
> > p->bool_val_to_struct = (cond_bool_datum_t **)
> > - mallocarray(p->p_bools.nprim, sizeof(cond_bool_datum_t *));
> > + calloc(p->p_bools.nprim, sizeof(cond_bool_datum_t *));
> > if (!p->bool_val_to_struct)
> > return -1;
> > return 0;
> > --
> > 2.34.1
> >
>
> Can this be merged? I think it might hurt the fuzzer, e.g. cause the
> flakiness in issue #45327.
>
This has been merged.
Jim
> On a technical note:
> In src/policydb.c::policydb_index_others() the return value of
> cond_init_bool_indexes() is not checked.
>
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index fc71463e..e29cbd51 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -1252,7 +1252,8 @@ int policydb_index_others(sepol_handle_t * handle,
> if (!p->type_val_to_struct)
> return -1;
>
> - cond_init_bool_indexes(p);
> + if (cond_init_bool_indexes(p) == -1)
> + return -1;
>
> for (i = SYM_ROLES; i < SYM_NUM; i++) {
> free(p->sym_val_to_name[i]);
