From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
In case a type or role gets re-declared as an attribute abort parsing
immediately. Since yyerror() is called the variable policydb_errors is
increased and will signal an error later on.
Reported-by: oss-fuzz (issue 398527873)
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
checkpolicy/module_compiler.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c
index 3a7ad1bb..efbcfa7d 100644
--- a/checkpolicy/module_compiler.c
+++ b/checkpolicy/module_compiler.c
@@ -291,6 +291,7 @@ static int create_role(uint32_t scope, unsigned char isattr, role_datum_t **role
if (*role && (isattr != (*role)->flavor)) {
yyerror2("Identifier %s used as both an attribute and a role",
id);
+ *role = NULL;
free(id);
role_datum_destroy(datum);
free(datum);
@@ -428,6 +429,7 @@ static int create_type(uint32_t scope, unsigned char isattr, type_datum_t **type
if (*type && (isattr != (*type)->flavor)) {
yyerror2("Identifier %s used as both an attribute and a type",
id);
+ *type = NULL;
free(id);
return -1;
}
--
2.47.2
