On Mon, Jan 22, 2024 at 9:37 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> checkpolicy/policy_define.c | 23 +++++++++++++++++------
> 1 file changed, 17 insertions(+), 6 deletions(-)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index 053156df..ec19da9d 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -1399,7 +1399,7 @@ int define_typeattribute(void)
> return 0;
> }
>
> -static int define_typebounds_helper(char *bounds_id, char *type_id)
> +static int define_typebounds_helper(const char *bounds_id, const char *type_id)
> {
> type_datum_t *bounds, *type;
>
> @@ -1482,15 +1482,26 @@ int define_type(int alias)
> * old name based hierarchy.
> */
> if ((id = queue_remove(id_queue))) {
> - char *bounds, *delim;
> + const char *delim;
> +
> + if ((delim = strrchr(id, '.'))) {
> + int ret;
> + char *bounds = strdup(id);
> + if (!bounds) {
> + yyerror("out of memory");
> + free(id);
> + return -1;
> + }
>
> - if ((delim = strrchr(id, '.'))
> - && (bounds = strdup(id))) {
> bounds[(size_t)(delim - id)] = '\0';
>
> - if (define_typebounds_helper(bounds, id))
> - return -1;
> + ret = define_typebounds_helper(bounds, id);
> free(bounds);
> + if (ret) {
> + free(id);
> + return -1;
> + }
> +
> }
> free(id);
> }
> --
> 2.43.0
>
>
