From 54d02ff3bf59c9844d39699ae3c0e09bcc0534d0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 21 Jan 2019 20:30:01 +0100
Subject: [PATCH] checkpolicy-2.8-3

- Check the result value of hashtable_search
- Destroy the class datum if it fails to initialize
---
 checkpolicy-fedora.patch | 28 ++++++++++++++++++++++++++++
 checkpolicy.spec         | 14 +++++++++-----
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/checkpolicy-fedora.patch b/checkpolicy-fedora.patch
index e69de29..26040ef 100644
--- a/checkpolicy-fedora.patch
+++ b/checkpolicy-fedora.patch
@@ -0,0 +1,28 @@
+diff --git checkpolicy-2.8/module_compiler.c checkpolicy-2.8/module_compiler.c
+index 155702f..ada7cb2 100644
+--- checkpolicy-2.8/module_compiler.c
++++ checkpolicy-2.8/module_compiler.c
+@@ -802,6 +802,7 @@ int require_class(int pass)
+ 	if ((datum = calloc(1, sizeof(*datum))) == NULL ||
+ 	    symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
+ 		yyerror("Out of memory!");
++		class_datum_destroy(datum);
+ 		return -1;
+ 	}
+ 	ret =
+diff --git checkpolicy-2.8/policy_define.c checkpolicy-2.8/policy_define.c
+index d8788a6..ece10e7 100644
+--- checkpolicy-2.8/policy_define.c
++++ checkpolicy-2.8/policy_define.c
+@@ -1107,6 +1107,11 @@ int define_level(void)
+ 			    (cat_datum_t *) hashtab_search(policydbp->p_cats.
+ 							   table,
+ 							   (hashtab_key_t) id);
++			if (!cdatum) {
++				yyerror2("unknown category %s", id);
++				free(id);
++				return -1;
++			}
+ 			range_start = range_end = cdatum->s.value - 1;
+ 		}
+ 
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 4f741fb..f661665 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -1,17 +1,17 @@
-%define libselinuxver 2.8-1
-%define libsepolver 2.8-1
+%define libselinuxver 2.8-6
+%define libsepolver 2.8-3
 
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.8
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2
 Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/checkpolicy-2.8.tar.gz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.8 ./make-fedora-selinux-patch.sh checkpolicy
-# HEAD https://github.com/fedora-selinux/selinux/commit/0e84c8fe6bb895d22f706be1c8f59119c6427f64
-# Patch1: checkpolicy-fedora.patch
+# HEAD https://github.com/fedora-selinux/selinux/commit/10767636b5d9b8f3fa3cf3815e860f4ca4fcb247
+Patch1: checkpolicy-fedora.patch
 Conflicts: selinux-policy-base < 3.13.1-138
 BuildRequires: gcc
 BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel  >= %{libselinuxver} 
@@ -56,6 +56,10 @@ install test/dispol ${RPM_BUILD_ROOT}%{_bindir}/sedispol
 %{_bindir}/sedispol
 
 %changelog
+* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
+- Check the result value of hashtable_search
+- Destroy the class datum if it fails to initialize
+
 * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild