packages/libsepol
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libsepol/backport-libsepol-avoid-memory-corruption-on-realloc-failure.patch

64 lines
2.1 KiB
Diff
Raw Permalink Blame History

From 541aab88459128e2d48bd1fad2c190154a5288c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Thu, 9 Nov 2023 14:53:15 +0100
Subject: [PATCH] libsepol: avoid memory corruption on realloc failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use a single pointer variable for the realloc(3) result to not
immediately override the source pointer.
Also don't unnecessarily copy the first character.
Reported by Clang Analyzer:
services.c:810:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
810 | **r_buf = **new_buf;
| ^ ~~~~~~~~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Reference: https://github.com/SELinuxProject/selinux/commit/541aab88459128e2d48bd1fad2c190154a5288c0
Conflict: NA
---
libsepol/src/services.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index aa1ad52c..0eeee7ec 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -787,8 +787,8 @@ mls_ops:
if (r_buf && ((s[0] == 0) || ((s[0] == 1 &&
(flags & SHOW_GRANTED) == SHOW_GRANTED)))) {
- int len, new_buf_len;
- char *p, **new_buf = r_buf;
+ int len;
+ char *p;
/*
* These contain the constraint components that are added to the
* callers reason buffer.
@@ -801,13 +801,13 @@ mls_ops:
len = snprintf(p, reason_buf_len - reason_buf_used,
"%s", buffers[x]);
if (len < 0 || len >= reason_buf_len - reason_buf_used) {
- new_buf_len = reason_buf_len + REASON_BUF_SIZE;
- *new_buf = realloc(*r_buf, new_buf_len);
- if (!*new_buf) {
+ int new_buf_len = reason_buf_len + REASON_BUF_SIZE;
+ char *new_buf = realloc(*r_buf, new_buf_len);
+ if (!new_buf) {
ERR(NULL, "failed to realloc reason buffer");
goto out1;
}
- **r_buf = **new_buf;
+ *r_buf = new_buf;
reason_buf_len = new_buf_len;
continue;
} else {
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink