45 lines
1.5 KiB
Diff
45 lines
1.5 KiB
Diff
From a8dcf4d57bad3e531e44855ccfa22d234a2a7e56 Mon Sep 17 00:00:00 2001
|
|
From: James Carter <jwcart2@gmail.com>
|
|
Date: Thu, 13 May 2021 12:51:44 -0400
|
|
Subject: [PATCH] libsepol/cil: Resolve anonymous class permission sets only
|
|
once
|
|
|
|
Anonymous class permission sets can be passed as call arguments.
|
|
Anonymous call arguments are resolved when they are used in a
|
|
rule. [This is because all the information might not be present
|
|
(like common permissions being added to a class) when the call
|
|
itself is resolved.] If there is more than one rule using an
|
|
anonymous class permission set, then a memory leak will occur
|
|
when a new list for the permission datum expression is created
|
|
without destroying the old one.
|
|
|
|
When resolving the class and permissions, check if the class has
|
|
already been resolved. If it has, then the permissions have been
|
|
as well.
|
|
|
|
This bug was found by the secilc-fuzzer.
|
|
|
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
libsepol/cil/src/cil_resolve_ast.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
|
|
index 328add0421c5..c504e60b7c58 100644
|
|
--- a/libsepol/cil/src/cil_resolve_ast.c
|
|
+++ b/libsepol/cil/src/cil_resolve_ast.c
|
|
@@ -158,6 +158,10 @@ int cil_resolve_classperms(struct cil_tree_node *current, struct cil_classperms
|
|
symtab_t *common_symtab = NULL;
|
|
struct cil_class *class;
|
|
|
|
+ if (cp->class) {
|
|
+ return SEPOL_OK;
|
|
+ }
|
|
+
|
|
rc = cil_resolve_name(current, cp->class_str, CIL_SYM_CLASSES, extra_args, &datum);
|
|
if (rc != SEPOL_OK) {
|
|
goto exit;
|
|
--
|
|
2.32.0
|
|
|