Re: [PATCH] checkpolicy: avoid passing NULL pointer to memset()

James Carter <jwcart2@xxxxxxxxx> · Mon, 29 Aug 2022 14:50:02 -0400



On Mon, Aug 29, 2022 at 8:49 AM Juraj Marcin <juraj@xxxxxxxxxxxxxxx> wrote:
>
> Function `class_perm_node_init()` is called with `dest_perms` before it
> is checked that its allocation succeeded. If the allocation fails, then
> a NULL pointer is passed to `memset()` inside the
> `class_perm_node_init()` function.
>
> Signed-off-by: Juraj Marcin <juraj@xxxxxxxxxxxxxxx>

Acked-by: James Carter <jwcart2@xxxxxxxxx>

> ---
>  checkpolicy/policy_define.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index f3b48870..54bb304b 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src)
>         src_perms = src->perms;
>         while (src_perms) {
>                 dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t));
> -               class_perm_node_init(dest_perms);
>                 if (!dest_perms) {
>                         yyerror("out of memory");
>                         return -1;
>                 }
> +               class_perm_node_init(dest_perms);
> +
>                 if (!dest->perms)
>                         dest->perms = dest_perms;
>                 else
> --
> 2.37.1
>