From 2d35696db33fe17f5878808ff716207029462dd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 22 Feb 2022 14:49:56 +0100
Subject: [PATCH] libsepol: NULL pointer offset fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On the first loop iteration the variables `r_buf` and `reason_buf_used`
are NULL respective 0.  Please UBSAN by not adding them but instead
directly assign NULL.

    services.c:800:16: runtime error: applying zero offset to null pointer
        #0 0x4d4fce in constraint_expr_eval_reason ./libsepol/src/services.c:800:16
        #1 0x4cf31a in sepol_validate_transition_reason_buffer ./libsepol/src/services.c:1079:8

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/services.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 7becfd1b35..2972372967 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -797,7 +797,7 @@ static int constraint_expr_eval_reason(context_struct_t *scontext,
 
 		for (x = 0; buffers[x] != NULL; x++) {
 			while (1) {
-				p = *r_buf + reason_buf_used;
+				p = *r_buf ? (*r_buf + reason_buf_used) : NULL;
 				len = snprintf(p, reason_buf_len - reason_buf_used,
 						"%s", buffers[x]);
 				if (len < 0 || len >= reason_buf_len - reason_buf_used) {