Skip to content

Commit

Permalink
libsepol: NULL pointer offset fix
Browse files Browse the repository at this point in the history 
On the first loop iteration the variables `r_buf` and `reason_buf_used`
are NULL respective 0.  Please UBSAN by not adding them but instead
directly assign NULL.

    services.c:800:16: runtime error: applying zero offset to null pointer
        #0 0x4d4fce in constraint_expr_eval_reason ./libsepol/src/services.c:800:16
        #1 0x4cf31a in sepol_validate_transition_reason_buffer ./libsepol/src/services.c:1079:8

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
  • Loading branch information
@cgzones @jwcart2
cgzones authored and jwcart2 committed Mar 3, 2022
1 parent 71bcdcc commit 2d35696
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libsepol/src/services.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -797,7 +797,7 @@ static int constraint_expr_eval_reason(context_struct_t *scontext,

for (x = 0; buffers[x] != NULL; x++) {
while (1) {
p = *r_buf + reason_buf_used;
p = *r_buf ? (*r_buf + reason_buf_used) : NULL;
len = snprintf(p, reason_buf_len - reason_buf_used,
"%s", buffers[x]);
if (len < 0 || len >= reason_buf_len - reason_buf_used) {
Expand Down

0 comments on commit 2d35696

Please sign in to comment.