From 5a10f05f53ef78c48ebce3d512960c71100073d0 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>

Date: Tue, 6 Jul 2021 19:54:28 +0200

Subject: [PATCH] checkpolicy: check before potential NULL dereference

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

    policy_define.c: In function ‘define_te_avtab_extended_perms’:

    policy_define.c:1946:17: error: potential null pointer dereference [-Werror=null-dereference]

     1946 |         r->omit = omit;

          |                 ^

In the case of `r` being NULL, avrule_read_ioctls() would return

with its parameter `rangehead` being a pointer to NULL, which is

considered a failure in its caller `avrule_ioctl_ranges`.

So it is not necessary to alter the return value.

Found by GCC 11 with LTO enabled.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

---

 checkpolicy/policy_define.c | 4 +++-

 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c

index 049df55f8468..887857851504 100644

--- a/checkpolicy/policy_define.c

+++ b/checkpolicy/policy_define.c

@@ -1943,7 +1943,9 @@ int avrule_read_ioctls(struct av_ioctl_range_list **rangehead)

 		}

 	}

 	r = *rangehead;

-	r->omit = omit;

+	if (r) {

+		r->omit = omit;

+	}

 	return 0;

 error:

 	yyerror("out of memory");

-- 

2.32.0