From: William Roberts <bill.c.roberts@gmail.com>
To: Nicolas Iooss <nicolas.iooss@m4x.org>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH 6/6] libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
Date: Thu, 31 Dec 2020 09:05:30 -0600 [thread overview]
Message-ID: <CAFftDdrEaCUvRuQZ+h2TU34iG9tV1j+gWqe0HSFGeCz=zpzX=g@mail.gmail.com> (raw)
In-Reply-To: <20201230100746.2549568-6-nicolas.iooss@m4x.org>
On Wed, Dec 30, 2020 at 4:10 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> When __cil_resolve_perms fails, it does not destroy perm_datums, which
> leads to a memory leak reported by OSS-Fuzz with the following CIL
> policy:
>
> (class cl01())
> (classorder(cl01))
> (type at02)
> (type tpr3)
> (allow at02 tpr3(cl01((s))))
>
> Calling cil_list_destroy() fixes the issue.
>
> Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28466
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
> libsepol/cil/src/cil_resolve_ast.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> index ecd05dfa5dab..255f17ae7e30 100644
> --- a/libsepol/cil/src/cil_resolve_ast.c
> +++ b/libsepol/cil/src/cil_resolve_ast.c
> @@ -146,6 +146,7 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab,
> return SEPOL_OK;
>
> exit:
> + cil_list_destroy(perm_datums, CIL_FALSE);
> return rc;
> }
>
> --
> 2.29.2
>
ack on all but patch #4, comments sent for that patch.
next prev parent reply other threads:[~2020-12-31 15:06 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-30 10:07 [PATCH 1/6] libsepol: do not decode out-of-bound rolebounds Nicolas Iooss
2020-12-30 10:07 ` [PATCH 2/6] libsepol: ensure that hashtab_search is not called with a NULL key Nicolas Iooss
2021-01-04 16:31 ` James Carter
2021-01-06 8:12 ` Nicolas Iooss
2020-12-30 10:07 ` [PATCH 3/6] libsepol/cil: constify some strings Nicolas Iooss
2021-01-04 16:33 ` James Carter
2021-01-05 16:07 ` James Carter
2020-12-30 10:07 ` [PATCH 4/6] libsepol/cil: fix NULL pointer dereference when parsing an improper integer Nicolas Iooss
2020-12-31 15:04 ` William Roberts
2021-01-02 11:13 ` Nicolas Iooss
2021-01-03 18:32 ` William Roberts
2021-01-04 16:43 ` James Carter
2021-01-05 12:51 ` William Roberts
2020-12-30 10:07 ` [PATCH 5/6] libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit Nicolas Iooss
2021-01-04 18:17 ` James Carter
2021-01-05 16:08 ` James Carter
2020-12-30 10:07 ` [PATCH 6/6] libsepol/cil: destroy perm_datums when __cil_resolve_perms fails Nicolas Iooss
2020-12-31 15:05 ` William Roberts [this message]
2021-01-04 18:18 ` James Carter
2021-01-05 16:08 ` James Carter
2021-01-04 15:48 ` [PATCH 1/6] libsepol: do not decode out-of-bound rolebounds James Carter
2021-01-04 15:51 ` James Carter
2021-01-06 8:05 ` Nicolas Iooss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFftDdrEaCUvRuQZ+h2TU34iG9tV1j+gWqe0HSFGeCz=zpzX=g@mail.gmail.com' \
--to=bill.c.roberts@gmail.com \
--cc=nicolas.iooss@m4x.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).