rpms
/
libsepol
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2176882f7f'
${ noResults }
libsepol/SOURCES/0003-libsepol-cil-Initializ...

82 lines
3.1 KiB
Raw Blame History

From b332edfc248f7c5bcf651be033e2f06aa5959776 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 23 Oct 2024 15:43:15 +0200
Subject: [PATCH] libsepol/cil: Initialize avtab_datum on declaration
avtab_datum.xperms was not always initialized before being used.
Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_binary.c:977:2: var_decl: Declaring variable "avtab_datum" without initializer.
libsepol-3.7/cil/src/cil_binary.c:1059:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
\# 1057| }
\# 1058| }
\# 1059|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
\# 1060| }
Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_binary.c:1348:2: var_decl: Declaring variable "avtab_datum" without initializer.
libsepol-3.7/cil/src/cil_binary.c:1384:3: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule".
\# 1382| } else {
\# 1383| avtab_datum.data = data;
\# 1384|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
\# 1385| }
\# 1386|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_binary.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index c8144a5a..66c461eb 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -974,7 +974,7 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
{
int rc = SEPOL_OK;
avtab_key_t avtab_key;
- avtab_datum_t avtab_datum;
+ avtab_datum_t avtab_datum = { .data = res, .xperms = NULL };
avtab_ptr_t existing;
avtab_key.source_type = src;
@@ -996,8 +996,6 @@ static int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src,
goto exit;
}
- avtab_datum.data = res;
-
existing = avtab_search_node(&pdb->te_avtab, &avtab_key);
if (existing) {
/* Don't add duplicate type rule and warn if they conflict.
@@ -1345,7 +1343,7 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
{
int rc = SEPOL_OK;
avtab_key_t avtab_key;
- avtab_datum_t avtab_datum;
+ avtab_datum_t avtab_datum = { .data = data, .xperms = NULL };
avtab_datum_t *avtab_dup = NULL;
avtab_key.source_type = src;
@@ -1371,7 +1369,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
if (!cond_node) {
avtab_dup = avtab_search(&pdb->te_avtab, &avtab_key);
if (!avtab_dup) {
- avtab_datum.data = data;
rc = avtab_insert(&pdb->te_avtab, &avtab_key, &avtab_datum);
} else {
if (kind == CIL_AVRULE_DONTAUDIT)
@@ -1380,7 +1377,6 @@ static int __cil_insert_avrule(policydb_t *pdb, uint32_t kind, uint32_t src, uin
avtab_dup->data |= data;
}
} else {
- avtab_datum.data = data;
rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor);
}
--
2.47.0
Reference in new issue View Git Blame Copy Permalink