libsepol/backport-libsepol-cil-Reset-expandtypeattribute-rules-when-re.patch

From b57535318af6f3f5e79c90caed06423b1f50abb1 Mon Sep 17 00:00:00 2001
From: James Carter <jwcart2@gmail.com>
Date: Fri, 27 Aug 2021 10:11:19 -0400
Subject: [PATCH] libsepol/cil: Reset expandtypeattribute rules when resetting
 AST

A list is created to store type attribute datums when resolving an
expandtypeattribute rule and that list needs to be destroyed if the
AST is reset or a memory leak will occur.

Destroy the list storing type attributes datums when resetting
expandtypeattribute rules.

This bug was found by the secilc-fuzzer.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_reset_ast.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index 6d1d2da..0ba075c 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -208,6 +208,11 @@ static void cil_reset_typeattributeset(struct cil_typeattributeset *tas)
 	cil_list_destroy(&tas->datum_expr, CIL_FALSE);
 }
 
+static void cil_reset_expandtypeattribute(struct cil_expandtypeattribute *expandattr)
+{
+	cil_list_destroy(&expandattr->attr_datums, CIL_FALSE);
+}
+
 static void cil_reset_avrule(struct cil_avrule *rule)
 {
 	cil_reset_classperms_list(rule->perms.classperms);
@@ -531,6 +536,9 @@ int __cil_reset_node(struct cil_tree_node *node,  __attribute__((unused)) uint32
 	case CIL_TYPEATTRIBUTESET:
 		cil_reset_typeattributeset(node->data);
 		break;
+	case CIL_EXPANDTYPEATTRIBUTE:
+		cil_reset_expandtypeattribute(node->data);
+		break;
 	case CIL_RANGETRANSITION:
 		cil_reset_rangetransition(node->data);
 		break;
@@ -630,7 +638,6 @@ int __cil_reset_node(struct cil_tree_node *node,  __attribute__((unused)) uint32
 	case CIL_CLASSORDER:
 	case CIL_CATORDER:
 	case CIL_SENSITIVITYORDER:
-	case CIL_EXPANDTYPEATTRIBUTE:
 		break; /* Nothing to reset */
 	default:
 		break;
-- 
1.8.3.1