On Wed, Jan 8, 2025 at 11:32 AM Christian Göttsche
<cgoettsche@xxxxxxxxxxxxx> wrote:
>
> From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Free the hashtable for nlmsg xperm rules similar to the ioctl hashtable.
>
> Fixes: 1fd41f48 ("libsepol/cil: add support for xperms in conditional policies")
> Reported-by: oss-fuzz (issue 388376332)
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
For these two patches:
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libsepol/cil/src/cil_binary.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 070bf525..e84188a0 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -2616,6 +2616,8 @@ int cil_booleanif_to_policydb(policydb_t *pdb, const struct cil_db *db, struct c
> return SEPOL_OK;
>
> exit:
> + hashtab_map(avrulex_nlmsg_table, __cil_avrulex_xperm_destroy, NULL);
> + hashtab_destroy(avrulex_nlmsg_table);
> hashtab_map(avrulex_ioctl_table, __cil_avrulex_xperm_destroy, NULL);
> hashtab_destroy(avrulex_ioctl_table);
> if (tmp_cond) {
> --
> 2.47.1
>
>
