[PATCH] checkpolicy: avoid passing NULL pointer to memset()

[Juraj Marcin <juraj@xxxxxxxxxxxxxxx>]

Function `class_perm_node_init()` is called with `dest_perms` before it
is checked that its allocation succeeded. If the allocation fails, then
a NULL pointer is passed to `memset()` inside the
`class_perm_node_init()` function.

Signed-off-by: Juraj Marcin <juraj@xxxxxxxxxxxxxxx>
---
 checkpolicy/policy_define.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index f3b48870..54bb304b 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src)
 	src_perms = src->perms;
 	while (src_perms) {
 		dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t));
-		class_perm_node_init(dest_perms);
 		if (!dest_perms) {
 			yyerror("out of memory");
 			return -1;
 		}
+		class_perm_node_init(dest_perms);
+
 		if (!dest->perms)
 			dest->perms = dest_perms;
 		else
-- 
2.37.1