diff --git a/backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch b/backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch new file mode 100644 index 0000000000000000000000000000000000000000..f27dc56565b67e76f1804bfd1329428a4cd98a49 --- /dev/null +++ b/backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch @@ -0,0 +1,34 @@ +From c916f0884bd08b99ddc77b6a148a730d107a9979 Mon Sep 17 00:00:00 2001 +From: Juraj Marcin +Date: Mon, 29 Aug 2022 14:28:40 +0200 +Subject: [PATCH] checkpolicy: avoid passing NULL pointer to memset() + +Function `class_perm_node_init()` is called with `dest_perms` before it +is checked that its allocation succeeded. If the allocation fails, then +a NULL pointer is passed to `memset()` inside the +`class_perm_node_init()` function. + +Signed-off-by: Juraj Marcin +Conflict: file path adaptation +--- + checkpolicy/policy_define.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/policy_define.c b/policy_define.c +index f3b488702..54bb304b3 100644 +--- a/policy_define.c ++++ b/policy_define.c +@@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) + src_perms = src->perms; + while (src_perms) { + dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t)); +- class_perm_node_init(dest_perms); + if (!dest_perms) { + yyerror("out of memory"); + return -1; + } ++ class_perm_node_init(dest_perms); ++ + if (!dest->perms) + dest->perms = dest_perms; + else diff --git a/checkpolicy.spec b/checkpolicy.spec index 0e4fd5c9802f163f51cbbcefc0ca684f29845afe..a8d96063f512917f64017d460226532f41e32a6d 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -1,11 +1,13 @@ Name: checkpolicy Version: 3.1 -Release: 1 +Release: 2 Summary: SELinux policy compiler License: GPLv2 URL: https://github.com/SELinuxProject/selinux Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/checkpolicy-3.1.tar.gz +Patch0: backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch + BuildRequires: gcc byacc bison flex flex-static libsepol-static libselinux-devel git Conflicts: selinux-policy-base < 3.13.1-138 @@ -54,6 +56,10 @@ install test/dispol %{buildroot}%{_bindir}/sedispol %{_mandir}/*/* %changelog +* Thu Feb 16 2023 zhangguangzhi - 3.1-2 +- backport patch + backport checkpolicy avoid passing NULL pointer to memset + * Tue Aug 25 2020 liquor - 3.1-1 - update to 3.1