On Mon, Aug 29, 2022 at 2:50 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Mon, Aug 29, 2022 at 8:49 AM Juraj Marcin <juraj@xxxxxxxxxxxxxxx> wrote:
> >
> > Function `class_perm_node_init()` is called with `dest_perms` before it
> > is checked that its allocation succeeded. If the allocation fails, then
> > a NULL pointer is passed to `memset()` inside the
> > `class_perm_node_init()` function.
> >
> > Signed-off-by: Juraj Marcin <juraj@xxxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > checkpolicy/policy_define.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> > index f3b48870..54bb304b 100644
> > --- a/checkpolicy/policy_define.c
> > +++ b/checkpolicy/policy_define.c
> > @@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src)
> > src_perms = src->perms;
> > while (src_perms) {
> > dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t));
> > - class_perm_node_init(dest_perms);
> > if (!dest_perms) {
> > yyerror("out of memory");
> > return -1;
> > }
> > + class_perm_node_init(dest_perms);
> > +
> > if (!dest->perms)
> > dest->perms = dest_perms;
> > else
> > --
> > 2.37.1
> >
