All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
@ 2021-02-25 10:40 lutianxiong
  2021-02-25 13:54 ` James Carter
  0 siblings, 1 reply; 3+ messages in thread
From: lutianxiong @ 2021-02-25 10:40 UTC (permalink / raw)
  To: selinux; +Cc: lutianxiong, jiqin.ji, liaoqingwei

Found a NULL pointer dereference by fuzzing, reproducing:
    $ echo "(nodecon(())o(e()))" > tmp.cil
    $ secilc tmp.cil
    Segmentation fault (core dumped)

Add NULL check for addr_node->data in cil_fill_ipaddr.

Signed-off-by: lutianxiong <lutianxiong@huawei.com>
---
 libsepol/cil/src/cil_build_ast.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 726f46c..4e53f06 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -5660,7 +5660,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
 {
 	int rc = SEPOL_ERR;
 
-	if (addr_node == NULL || addr == NULL) {
+	if (addr_node == NULL || addr_node->data == NULL || addr == NULL) {
 		goto exit;
 	}
 
-- 
2.23.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
  2021-02-25 10:40 [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr lutianxiong
@ 2021-02-25 13:54 ` James Carter
  2021-02-28  8:33   ` Nicolas Iooss
  0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2021-02-25 13:54 UTC (permalink / raw)
  To: lutianxiong; +Cc: SElinux list, jiqin.ji, liaoqingwei

On Thu, Feb 25, 2021 at 5:44 AM lutianxiong <lutianxiong@huawei.com> wrote:
>
> Found a NULL pointer dereference by fuzzing, reproducing:
>     $ echo "(nodecon(())o(e()))" > tmp.cil
>     $ secilc tmp.cil
>     Segmentation fault (core dumped)
>
> Add NULL check for addr_node->data in cil_fill_ipaddr.
>
> Signed-off-by: lutianxiong <lutianxiong@huawei.com>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/cil/src/cil_build_ast.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
> index 726f46c..4e53f06 100644
> --- a/libsepol/cil/src/cil_build_ast.c
> +++ b/libsepol/cil/src/cil_build_ast.c
> @@ -5660,7 +5660,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
>  {
>         int rc = SEPOL_ERR;
>
> -       if (addr_node == NULL || addr == NULL) {
> +       if (addr_node == NULL || addr_node->data == NULL || addr == NULL) {
>                 goto exit;
>         }
>
> --
> 2.23.0
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
  2021-02-25 13:54 ` James Carter
@ 2021-02-28  8:33   ` Nicolas Iooss
  0 siblings, 0 replies; 3+ messages in thread
From: Nicolas Iooss @ 2021-02-28  8:33 UTC (permalink / raw)
  To: James Carter; +Cc: lutianxiong, SElinux list, jiqin.ji, liaoqingwei

On Thu, Feb 25, 2021 at 2:55 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Thu, Feb 25, 2021 at 5:44 AM lutianxiong <lutianxiong@huawei.com> wrote:
> >
> > Found a NULL pointer dereference by fuzzing, reproducing:
> >     $ echo "(nodecon(())o(e()))" > tmp.cil
> >     $ secilc tmp.cil
> >     Segmentation fault (core dumped)
> >
> > Add NULL check for addr_node->data in cil_fill_ipaddr.
> >
> > Signed-off-by: lutianxiong <lutianxiong@huawei.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>

Merged. Thanks!
Nicolas

> > ---
> >  libsepol/cil/src/cil_build_ast.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
> > index 726f46c..4e53f06 100644
> > --- a/libsepol/cil/src/cil_build_ast.c
> > +++ b/libsepol/cil/src/cil_build_ast.c
> > @@ -5660,7 +5660,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
> >  {
> >         int rc = SEPOL_ERR;
> >
> > -       if (addr_node == NULL || addr == NULL) {
> > +       if (addr_node == NULL || addr_node->data == NULL || addr == NULL) {
> >                 goto exit;
> >         }
> >
> > --
> > 2.23.0
> >


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-28  8:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-25 10:40 [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr lutianxiong
2021-02-25 13:54 ` James Carter
2021-02-28  8:33   ` Nicolas Iooss

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.