libselinux/backport-libselinux-avoid-pointer-dereference-before-check.patch

From 2b6f639a5209f70a6c065f57bfd4b2bf3e28dbe4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 29 Apr 2024 18:39:00 +0200
Subject: [PATCH] libselinux: avoid pointer dereference before check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since commit 5876aca0 ("libselinux: free data on selabel open failure")
the close handler of label backends must support partial initialized
state, e.g. ->data being NULL.  Thus checks for NULL were added, but in
two cases the pointers in question were already dereferenced before.

Reorder the dereference after the NULL-checks.

Fixes: 5876aca0 ("libselinux: free data on selabel open failure")
Reported-by: Cppcheck
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 src/label_media.c | 4 +++-
 src/label_x.c     | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/label_media.c b/src/label_media.c
index 94a58062..852aeada 100644
--- a/src/label_media.c
+++ b/src/label_media.c
@@ -164,12 +164,14 @@ finish:
 static void close(struct selabel_handle *rec)
 {
 	struct saved_data *data = (struct saved_data *)rec->data;
-	struct spec *spec, *spec_arr = data->spec_arr;
+	struct spec *spec, *spec_arr;
 	unsigned int i;
 
 	if (!data)
 		return;
 
+	spec_arr = data->spec_arr;
+
 	for (i = 0; i < data->nspec; i++) {
 		spec = &spec_arr[i];
 		free(spec->key);
diff --git a/src/label_x.c b/src/label_x.c
index f994eefa..a8decc7a 100644
--- a/src/label_x.c
+++ b/src/label_x.c
@@ -191,12 +191,14 @@ finish:
 static void close(struct selabel_handle *rec)
 {
 	struct saved_data *data = (struct saved_data *)rec->data;
-	struct spec *spec, *spec_arr = data->spec_arr;
+	struct spec *spec, *spec_arr;
 	unsigned int i;
 
 	if (!data)
 		return;
 
+	spec_arr = data->spec_arr;
+
 	for (i = 0; i < data->nspec; i++) {
 		spec = &spec_arr[i];
 		free(spec->key);
-- 
2.33.0
Backport upstream patches 2025-03-14 16:19:44 +08:00			`From 2b6f639a5209f70a6c065f57bfd4b2bf3e28dbe4 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>`
			`Date: Mon, 29 Apr 2024 18:39:00 +0200`
			`Subject: [PATCH] libselinux: avoid pointer dereference before check`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`Since commit 5876aca0 ("libselinux: free data on selabel open failure")`
			`the close handler of label backends must support partial initialized`
			`state, e.g. ->data being NULL. Thus checks for NULL were added, but in`
			`two cases the pointers in question were already dereferenced before.`

			`Reorder the dereference after the NULL-checks.`

			`Fixes: 5876aca0 ("libselinux: free data on selabel open failure")`
			`Reported-by: Cppcheck`
			`Signed-off-by: Christian Göttsche <cgzones@googlemail.com>`
			`Acked-by: James Carter <jwcart2@gmail.com>`
			`---`
			`src/label_media.c \| 4 +++-`
			`src/label_x.c \| 4 +++-`
			`2 files changed, 6 insertions(+), 2 deletions(-)`

			`diff --git a/src/label_media.c b/src/label_media.c`
			`index 94a58062..852aeada 100644`
			`--- a/src/label_media.c`
			`+++ b/src/label_media.c`
			`@@ -164,12 +164,14 @@ finish:`
			`static void close(struct selabel_handle *rec)`
			`{`
			`struct saved_data data = (struct saved_data )rec->data;`
			`- struct spec spec, spec_arr = data->spec_arr;`
			`+ struct spec spec, spec_arr;`
			`unsigned int i;`

			`if (!data)`
			`return;`

			`+ spec_arr = data->spec_arr;`
			`+`
			`for (i = 0; i < data->nspec; i++) {`
			`spec = &spec_arr[i];`
			`free(spec->key);`
			`diff --git a/src/label_x.c b/src/label_x.c`
			`index f994eefa..a8decc7a 100644`
			`--- a/src/label_x.c`
			`+++ b/src/label_x.c`
			`@@ -191,12 +191,14 @@ finish:`
			`static void close(struct selabel_handle *rec)`
			`{`
			`struct saved_data data = (struct saved_data )rec->data;`
			`- struct spec spec, spec_arr = data->spec_arr;`
			`+ struct spec spec, spec_arr;`
			`unsigned int i;`

			`if (!data)`
			`return;`

			`+ spec_arr = data->spec_arr;`
			`+`
			`for (i = 0; i < data->nspec; i++) {`
			`spec = &spec_arr[i];`
			`free(spec->key);`
			`--`
			`2.33.0`