From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Free the hashtable for nlmsg xperm rules similar to the ioctl hashtable.
Fixes: 1fd41f48 ("libsepol/cil: add support for xperms in conditional policies")
Reported-by: oss-fuzz (issue 388376332)
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/cil/src/cil_binary.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 070bf525..e84188a0 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -2616,6 +2616,8 @@ int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct c
return SEPOL_OK;
exit:
+ hashtab_map(avrulex_nlmsg_table, __cil_avrulex_xperm_destroy, NULL);
+ hashtab_destroy(avrulex_nlmsg_table);
hashtab_map(avrulex_ioctl_table, __cil_avrulex_xperm_destroy, NULL);
hashtab_destroy(avrulex_ioctl_table);
if (tmp_cond) {
--
2.47.1
