packages/checkpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
checkpolicy/backport-checkpolicy-cleanup-identifiers-on-error.patch
wjiang b993887e8d backport patches from upstream 
(cherry picked from commit c2ba662a7864600cc027fdb3d39f616df22d7a44)
2025-03-20 15:43:06 +08:00

197 lines
5.9 KiB
Diff
Raw Blame History

From b75bf48b42d93bf03211eeb176495dbc667d4e99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 22 Jan 2024 14:54:55 +0100
Subject: [PATCH] checkpolicy: cleanup identifiers on error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Free identifiers removed from the queue but not yet owned by the policy
on errors.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
policy_define.c | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/policy_define.c b/policy_define.c
index 260e609d..db7e9d0e 100644
--- a/policy_define.c
+++ b/policy_define.c
@@ -342,6 +342,7 @@ static int read_classes(ebitmap_t *e_classes)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
@@ -373,15 +374,18 @@ int define_default_user(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_user && cladatum->default_user != which) {
yyerror2("conflicting default user information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_user = which;
@@ -405,15 +409,18 @@ int define_default_role(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_role && cladatum->default_role != which) {
yyerror2("conflicting default role information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_role = which;
@@ -437,15 +444,18 @@ int define_default_type(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_type && cladatum->default_type != which) {
yyerror2("conflicting default type information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_type = which;
@@ -469,15 +479,18 @@ int define_default_range(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_range && cladatum->default_range != which) {
yyerror2("conflicting default range information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_range = which;
@@ -508,6 +521,7 @@ int define_common_perms(void)
comdatum = hashtab_search(policydbp->p_commons.table, id);
if (comdatum) {
yyerror2("duplicate declaration for common %s\n", id);
+ free(id);
return -1;
}
comdatum = (common_datum_t *) malloc(sizeof(common_datum_t));
@@ -770,12 +784,14 @@ int define_sens(void)
while ((id = queue_remove(id_queue))) {
if (id_has_dot(id)) {
yyerror("sensitivity aliases may not contain periods");
- goto bad_alias;
+ free(id);
+ return -1;
}
aliasdatum = (level_datum_t *) malloc(sizeof(level_datum_t));
if (!aliasdatum) {
yyerror("out of memory");
- goto bad_alias;
+ free(id);
+ return -1;
}
level_datum_init(aliasdatum);
aliasdatum->isalias = TRUE;
@@ -940,12 +956,14 @@ int define_category(void)
while ((id = queue_remove(id_queue))) {
if (id_has_dot(id)) {
yyerror("category aliases may not contain periods");
- goto bad_alias;
+ free(id);
+ return -1;
}
aliasdatum = (cat_datum_t *) malloc(sizeof(cat_datum_t));
if (!aliasdatum) {
yyerror("out of memory");
- goto bad_alias;
+ free(id);
+ return -1;
}
cat_datum_init(aliasdatum);
aliasdatum->isalias = TRUE;
@@ -3863,6 +3881,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
if (!is_id_in_scope(SYM_USERS, id)) {
yyerror2("user %s is not within scope",
id);
+ free(id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3874,6 +3893,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
id);
if (!user) {
yyerror2("unknown user %s", id);
+ free(id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3883,6 +3903,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
yyerror2("role %s is not within scope",
id);
constraint_expr_destroy(expr);
+ free(id);
return 0;
}
role =
@@ -3894,6 +3915,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
if (!role) {
yyerror2("unknown role %s", id);
constraint_expr_destroy(expr);
+ free(id);
return 0;
}
val = role->s.value;
@@ -3906,11 +3928,13 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
} else {
yyerror("invalid constraint expression");
constraint_expr_destroy(expr);
+ free(id);
return 0;
}
if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) {
yyerror("out of memory");
ebitmap_destroy(&expr->names);
+ free(id);
constraint_expr_destroy(expr);
return 0;
}
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink