Skip to content

Commit

Permalink
checkpolicy: free memory on duplicate user declaration
Browse files Browse the repository at this point in the history 
class process
sid tl
class process { transition }
sensitivity s0;
dominance { s0 }
category c0;
level s0;
mlsconstrain process transition t1 eq t2;
role e;
user sys_useallowr roles e level s0 range s0:c0;
user sys_useallowr roles e level s0 range s0;
sid e se:s:s

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x5259cd in malloc (./out/checkpolicy-fuzzer+0x5259cd)
    #1 0x606369 in mls_semantic_level_cpy ./libsepol/src/mls.c:768:30
    #2 0x57bb08 in define_user ./checkpolicy/policy_define.c:4377:8
    #3 0x585955 in yyparse ./checkpolicy/policy_parse.y:657:30
    #4 0x55a7d7 in read_source_policy ./checkpolicy/fuzz/checkpolicy-fuzzer.c:108:6
    #5 0x55a7d7 in LLVMFuzzerTestOneInput ./checkpolicy/fuzz/checkpolicy-fuzzer.c:162:6
    #6 0x45af33 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
    #7 0x446a72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
    #8 0x44c99b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
    #9 0x475e32 in main (./out/checkpolicy-fuzzer+0x475e32)
    #10 0x7febb0536e49 in __libc_start_main csu/../csu/libc-start.c:314:16

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
  • Loading branch information
@cgzones
cgzones committed Jun 15, 2022
1 parent f2d8156 commit 1f1f956
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions checkpolicy/policy_define.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4430,6 +4430,7 @@ int define_user(void)
}

if (l == 0) {
mls_semantic_level_destroy(&usrdatum->range.level[1]);
if (mls_semantic_level_cpy(&usrdatum->range.level[1],
&usrdatum->range.level[0])) {
yyerror("out of memory");
Expand Down

0 comments on commit 1f1f956

Please sign in to comment.