[PATCH] trivial kernel_to_conf.c checks

[PATCH] trivial kernel_to_conf.c checks

[Jokke Hämäläinen]

diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 4f84ee8b..930bafab 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -448,8 +448,12 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str,
 		if (i < num_sids) {
 			sid = (char *)sid_to_str[i];
 		} else {
-			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
+			snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
 			sid = strdup(unknown);
+			if (!sid) {
+				rc = -1;
+				goto exit;
+			}
 		}
 		rc = strs_add_at_index(strs, sid, i);
 		if (rc != 0) {
@@ -792,6 +796,10 @@ static int write_sensitivity_rules_to_conf(FILE *out, struct policydb *pdb)
 			j = level->level->sens - 1;
 			if (!sens_alias_map[j]) {
 				sens_alias_map[j] = strdup(name);
+				if (!sens_alias_map[j]) {
+					rc = -1;
+					goto exit;
+				}
 			} else {
 				alias = sens_alias_map[j];
 				sens_alias_map[j] = create_str("%s %s", 2, alias, name);
@@ -919,6 +927,10 @@ static int write_category_rules_to_conf(FILE *out, struct policydb *pdb)
 			j = cat->s.value - 1;
 			if (!cat_alias_map[j]) {
 				cat_alias_map[j] = strdup(name);
+				if (!cat_alias_map[j]) {
+					rc = -1;
+					goto exit;
+				}
 			} else {
 				alias = cat_alias_map[j];
 				cat_alias_map[j] = create_str("%s %s", 2, alias, name);
@@ -2364,7 +2376,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons
 		if (i < num_sids) {
 			sid = (char *)sid_to_str[i];
 		} else {
-			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
+			snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
 			sid = unknown;
 		}
 

Re: [PATCH] trivial kernel_to_conf.c checks

[Stephen Smalley]

On 5/24/19 5:36 PM, Jokke Hämäläinen wrote:

Re-post with Signed-off-by line please.

> 
> diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> index 4f84ee8b..930bafab 100644
> --- a/libsepol/src/kernel_to_conf.c
> +++ b/libsepol/src/kernel_to_conf.c
> @@ -448,8 +448,12 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str,
>   		if (i < num_sids) {
>   			sid = (char *)sid_to_str[i];
>   		} else {
> -			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
> +			snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
>   			sid = strdup(unknown);
> +			if (!sid) {
> +				rc = -1;
> +				goto exit;
> +			}
>   		}
>   		rc = strs_add_at_index(strs, sid, i);
>   		if (rc != 0) {
> @@ -792,6 +796,10 @@ static int write_sensitivity_rules_to_conf(FILE *out, struct policydb *pdb)
>   			j = level->level->sens - 1;
>   			if (!sens_alias_map[j]) {
>   				sens_alias_map[j] = strdup(name);
> +				if (!sens_alias_map[j]) {
> +					rc = -1;
> +					goto exit;
> +				}
>   			} else {
>   				alias = sens_alias_map[j];
>   				sens_alias_map[j] = create_str("%s %s", 2, alias, name);
> @@ -919,6 +927,10 @@ static int write_category_rules_to_conf(FILE *out, struct policydb *pdb)
>   			j = cat->s.value - 1;
>   			if (!cat_alias_map[j]) {
>   				cat_alias_map[j] = strdup(name);
> +				if (!cat_alias_map[j]) {
> +					rc = -1;
> +					goto exit;
> +				}
>   			} else {
>   				alias = cat_alias_map[j];
>   				cat_alias_map[j] = create_str("%s %s", 2, alias, name);
> @@ -2364,7 +2376,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons
>   		if (i < num_sids) {
>   			sid = (char *)sid_to_str[i];
>   		} else {
> -			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
> +			snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
>   			sid = unknown;
>   		}
>   
>