From 5a10f05f53ef78c48ebce3d512960c71100073d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 6 Jul 2021 19:54:28 +0200
Subject: [PATCH] checkpolicy: check before potential NULL dereference
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
policy_define.c: In function ‘define_te_avtab_extended_perms’:
policy_define.c:1946:17: error: potential null pointer dereference [-Werror=null-dereference]
1946 | r->omit = omit;
| ^
In the case of `r` being NULL, avrule_read_ioctls() would return
with its parameter `rangehead` being a pointer to NULL, which is
considered a failure in its caller `avrule_ioctl_ranges`.
So it is not necessary to alter the return value.
Found by GCC 11 with LTO enabled.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/policy_define.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 049df55f8468..887857851504 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -1943,7 +1943,9 @@ int avrule_read_ioctls(struct av_ioctl_range_list **rangehead)
}
}
r = *rangehead;
- r->omit = omit;
+ if (r) {
+ r->omit = omit;
+ }
return 0;
error:
yyerror("out of memory");
--
2.32.0