* [PATCH] libsepol: add missing oom checks
@ 2022-03-31 14:44 Christian Göttsche
2022-04-01 14:41 ` James Carter
0 siblings, 1 reply; 3+ messages in thread
From: Christian Göttsche @ 2022-03-31 14:44 UTC (permalink / raw)
To: selinux
Check return values of memory allocation functions and propagate their
failure.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/kernel_to_cil.c | 9 +++++++++
libsepol/src/kernel_to_conf.c | 4 ++++
libsepol/src/module_to_cil.c | 11 +++++++++++
libsepol/src/policydb.c | 3 ++-
4 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 869f6940..9128ac55 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -190,6 +190,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
}
if (!names) {
names = strdup("NO_IDENTIFIER");
+ if (!names) {
+ sepol_log_err("Out of memory");
+ goto exit;
+ }
}
if (strchr(names, ' ')) {
new_val = create_str("(%s %s (%s))", 3, op, attr1, names);
@@ -568,6 +572,11 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
} else {
snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
sid = strdup(unknown);
+ if (!sid) {
+ sepol_log_err("Out of memory");
+ rc = -1;
+ goto exit;
+ }
}
rc = strs_add_at_index(strs, sid, i);
if (rc != 0) {
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 3544f73d..63dffd9b 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -187,6 +187,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
}
if (!names) {
names = strdup("NO_IDENTIFIER");
+ if (!names) {
+ sepol_log_err("Out of memory");
+ goto exit;
+ }
}
if (strchr(names, ' ')) {
new_val = create_str("%s %s { %s }", 3, attr1, op, names);
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index c9e88f1e..f2e8aff0 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -393,6 +393,8 @@ static int typealias_list_create(struct policydb *pdb)
}
typealias_lists = calloc(max_decl_id + 1, sizeof(*typealias_lists));
+ if (!typealias_lists)
+ goto exit;
typealias_lists_len = max_decl_id + 1;
rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb);
@@ -1792,6 +1794,10 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
}
if (num_names == 0) {
names = strdup("NO_IDENTIFIER");
+ if (!names) {
+ rc = -1;
+ goto exit;
+ }
} else {
rc = name_list_to_string(name_list, num_names, &names);
if (rc != 0) {
@@ -2556,6 +2562,11 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
goto exit;
}
item->sid_key = strdup(sid);
+ if (!item->sid_key) {
+ log_err("Out of memory");
+ rc = -1;
+ goto exit;
+ }
item->next = head;
head = item;
}
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index fc71463e..5c7e35e8 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -1252,7 +1252,8 @@ int policydb_index_others(sepol_handle_t * handle,
if (!p->type_val_to_struct)
return -1;
- cond_init_bool_indexes(p);
+ if (cond_init_bool_indexes(p))
+ return -1;
for (i = SYM_ROLES; i < SYM_NUM; i++) {
free(p->sym_val_to_name[i]);
--
2.35.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol: add missing oom checks
2022-03-31 14:44 [PATCH] libsepol: add missing oom checks Christian Göttsche
@ 2022-04-01 14:41 ` James Carter
2022-04-06 9:26 ` Petr Lautrbach
0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2022-04-01 14:41 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Check return values of memory allocation functions and propagate their
> failure.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libsepol/src/kernel_to_cil.c | 9 +++++++++
> libsepol/src/kernel_to_conf.c | 4 ++++
> libsepol/src/module_to_cil.c | 11 +++++++++++
> libsepol/src/policydb.c | 3 ++-
> 4 files changed, 26 insertions(+), 1 deletion(-)
>
> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> index 869f6940..9128ac55 100644
> --- a/libsepol/src/kernel_to_cil.c
> +++ b/libsepol/src/kernel_to_cil.c
> @@ -190,6 +190,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
> }
> if (!names) {
> names = strdup("NO_IDENTIFIER");
> + if (!names) {
> + sepol_log_err("Out of memory");
> + goto exit;
> + }
> }
> if (strchr(names, ' ')) {
> new_val = create_str("(%s %s (%s))", 3, op, attr1, names);
> @@ -568,6 +572,11 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
> } else {
> snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
> sid = strdup(unknown);
> + if (!sid) {
> + sepol_log_err("Out of memory");
> + rc = -1;
> + goto exit;
> + }
> }
> rc = strs_add_at_index(strs, sid, i);
> if (rc != 0) {
> diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> index 3544f73d..63dffd9b 100644
> --- a/libsepol/src/kernel_to_conf.c
> +++ b/libsepol/src/kernel_to_conf.c
> @@ -187,6 +187,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
> }
> if (!names) {
> names = strdup("NO_IDENTIFIER");
> + if (!names) {
> + sepol_log_err("Out of memory");
> + goto exit;
> + }
> }
> if (strchr(names, ' ')) {
> new_val = create_str("%s %s { %s }", 3, attr1, op, names);
> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> index c9e88f1e..f2e8aff0 100644
> --- a/libsepol/src/module_to_cil.c
> +++ b/libsepol/src/module_to_cil.c
> @@ -393,6 +393,8 @@ static int typealias_list_create(struct policydb *pdb)
> }
>
> typealias_lists = calloc(max_decl_id + 1, sizeof(*typealias_lists));
> + if (!typealias_lists)
> + goto exit;
> typealias_lists_len = max_decl_id + 1;
>
> rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb);
> @@ -1792,6 +1794,10 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
> }
> if (num_names == 0) {
> names = strdup("NO_IDENTIFIER");
> + if (!names) {
> + rc = -1;
> + goto exit;
> + }
> } else {
> rc = name_list_to_string(name_list, num_names, &names);
> if (rc != 0) {
> @@ -2556,6 +2562,11 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
> goto exit;
> }
> item->sid_key = strdup(sid);
> + if (!item->sid_key) {
> + log_err("Out of memory");
> + rc = -1;
> + goto exit;
> + }
> item->next = head;
> head = item;
> }
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index fc71463e..5c7e35e8 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -1252,7 +1252,8 @@ int policydb_index_others(sepol_handle_t * handle,
> if (!p->type_val_to_struct)
> return -1;
>
> - cond_init_bool_indexes(p);
> + if (cond_init_bool_indexes(p))
> + return -1;
>
> for (i = SYM_ROLES; i < SYM_NUM; i++) {
> free(p->sym_val_to_name[i]);
> --
> 2.35.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol: add missing oom checks
2022-04-01 14:41 ` James Carter
@ 2022-04-06 9:26 ` Petr Lautrbach
0 siblings, 0 replies; 3+ messages in thread
From: Petr Lautrbach @ 2022-04-06 9:26 UTC (permalink / raw)
To: SElinux list; +Cc: James Carter, Christian Göttsche
James Carter <jwcart2@gmail.com> writes:
> On Thu, Mar 31, 2022 at 11:34 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
>>
>> Check return values of memory allocation functions and propagate their
>> failure.
>>
>> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
Merged.
>> ---
>> libsepol/src/kernel_to_cil.c | 9 +++++++++
>> libsepol/src/kernel_to_conf.c | 4 ++++
>> libsepol/src/module_to_cil.c | 11 +++++++++++
>> libsepol/src/policydb.c | 3 ++-
>> 4 files changed, 26 insertions(+), 1 deletion(-)
>>
>> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
>> index 869f6940..9128ac55 100644
>> --- a/libsepol/src/kernel_to_cil.c
>> +++ b/libsepol/src/kernel_to_cil.c
>> @@ -190,6 +190,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
>> }
>> if (!names) {
>> names = strdup("NO_IDENTIFIER");
>> + if (!names) {
>> + sepol_log_err("Out of memory");
>> + goto exit;
>> + }
>> }
>> if (strchr(names, ' ')) {
>> new_val = create_str("(%s %s (%s))", 3, op, attr1, names);
>> @@ -568,6 +572,11 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
>> } else {
>> snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
>> sid = strdup(unknown);
>> + if (!sid) {
>> + sepol_log_err("Out of memory");
>> + rc = -1;
>> + goto exit;
>> + }
>> }
>> rc = strs_add_at_index(strs, sid, i);
>> if (rc != 0) {
>> diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
>> index 3544f73d..63dffd9b 100644
>> --- a/libsepol/src/kernel_to_conf.c
>> +++ b/libsepol/src/kernel_to_conf.c
>> @@ -187,6 +187,10 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr
>> }
>> if (!names) {
>> names = strdup("NO_IDENTIFIER");
>> + if (!names) {
>> + sepol_log_err("Out of memory");
>> + goto exit;
>> + }
>> }
>> if (strchr(names, ' ')) {
>> new_val = create_str("%s %s { %s }", 3, attr1, op, names);
>> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
>> index c9e88f1e..f2e8aff0 100644
>> --- a/libsepol/src/module_to_cil.c
>> +++ b/libsepol/src/module_to_cil.c
>> @@ -393,6 +393,8 @@ static int typealias_list_create(struct policydb *pdb)
>> }
>>
>> typealias_lists = calloc(max_decl_id + 1, sizeof(*typealias_lists));
>> + if (!typealias_lists)
>> + goto exit;
>> typealias_lists_len = max_decl_id + 1;
>>
>> rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb);
>> @@ -1792,6 +1794,10 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
>> }
>> if (num_names == 0) {
>> names = strdup("NO_IDENTIFIER");
>> + if (!names) {
>> + rc = -1;
>> + goto exit;
>> + }
>> } else {
>> rc = name_list_to_string(name_list, num_names, &names);
>> if (rc != 0) {
>> @@ -2556,6 +2562,11 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
>> goto exit;
>> }
>> item->sid_key = strdup(sid);
>> + if (!item->sid_key) {
>> + log_err("Out of memory");
>> + rc = -1;
>> + goto exit;
>> + }
>> item->next = head;
>> head = item;
>> }
>> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
>> index fc71463e..5c7e35e8 100644
>> --- a/libsepol/src/policydb.c
>> +++ b/libsepol/src/policydb.c
>> @@ -1252,7 +1252,8 @@ int policydb_index_others(sepol_handle_t * handle,
>> if (!p->type_val_to_struct)
>> return -1;
>>
>> - cond_init_bool_indexes(p);
>> + if (cond_init_bool_indexes(p))
>> + return -1;
>>
>> for (i = SYM_ROLES; i < SYM_NUM; i++) {
>> free(p->sym_val_to_name[i]);
>> --
>> 2.35.1
>>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-06 13:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-31 14:44 [PATCH] libsepol: add missing oom checks Christian Göttsche
2022-04-01 14:41 ` James Carter
2022-04-06 9:26 ` Petr Lautrbach
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.