34 lines
1.0 KiB
Diff
34 lines
1.0 KiB
Diff
From 6238e025714b18db41354629dd40e70e27b7c37e Mon Sep 17 00:00:00 2001
|
|
From: lutianxiong <lutianxiong@huawei.com>
|
|
Date: Thu, 25 Feb 2021 18:40:02 +0800
|
|
Subject: [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
|
|
|
|
Found a NULL pointer dereference by fuzzing, reproducing:
|
|
$ echo "(nodecon(())o(e()))" > tmp.cil
|
|
$ secilc tmp.cil
|
|
Segmentation fault (core dumped)
|
|
|
|
Add NULL check for addr_node->data in cil_fill_ipaddr.
|
|
|
|
Signed-off-by: lutianxiong <lutianxiong@huawei.com>
|
|
---
|
|
libsepol/cil/src/cil_build_ast.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
|
|
index 726f46cd..4e53f06a 100644
|
|
--- a/libsepol/cil/src/cil_build_ast.c
|
|
+++ b/libsepol/cil/src/cil_build_ast.c
|
|
@@ -5660,7 +5660,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
|
|
{
|
|
int rc = SEPOL_ERR;
|
|
|
|
- if (addr_node == NULL || addr == NULL) {
|
|
+ if (addr_node == NULL || addr_node->data == NULL || addr == NULL) {
|
|
goto exit;
|
|
}
|
|
|
|
--
|
|
2.27.0
|
|
|