From b75bf48b42d93bf03211eeb176495dbc667d4e99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 22 Jan 2024 14:54:55 +0100 Subject: [PATCH] checkpolicy: cleanup identifiers on error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Free identifiers removed from the queue but not yet owned by the policy on errors. Signed-off-by: Christian Göttsche Acked-by: James Carter --- policy_define.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/policy_define.c b/policy_define.c index 260e609d..db7e9d0e 100644 --- a/policy_define.c +++ b/policy_define.c @@ -343,6 +343,7 @@ static int read_classes(ebitmap_t *e_classes) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); @@ -374,15 +375,18 @@ int define_default_user(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_user && cladatum->default_user != which) { yyerror2("conflicting default user information for class %s", id); + free(id); return -1; } cladatum->default_user = which; @@ -406,15 +410,18 @@ int define_default_role(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_role && cladatum->default_role != which) { yyerror2("conflicting default role information for class %s", id); + free(id); return -1; } cladatum->default_role = which; @@ -438,15 +445,18 @@ int define_default_type(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_type && cladatum->default_type != which) { yyerror2("conflicting default type information for class %s", id); + free(id); return -1; } cladatum->default_type = which; @@ -470,15 +480,18 @@ int define_default_range(int which) while ((id = queue_remove(id_queue))) { if (!is_id_in_scope(SYM_CLASSES, id)) { yyerror2("class %s is not within scope", id); + free(id); return -1; } cladatum = hashtab_search(policydbp->p_classes.table, id); if (!cladatum) { yyerror2("unknown class %s", id); + free(id); return -1; } if (cladatum->default_range && cladatum->default_range != which) { yyerror2("conflicting default range information for class %s", id); + free(id); return -1; } cladatum->default_range = which; @@ -509,6 +522,7 @@ int define_common_perms(void) comdatum = hashtab_search(policydbp->p_commons.table, id); if (comdatum) { yyerror2("duplicate declaration for common %s\n", id); + free(id); return -1; } comdatum = (common_datum_t *) malloc(sizeof(common_datum_t)); @@ -771,12 +785,14 @@ int define_sens(void) while ((id = queue_remove(id_queue))) { if (id_has_dot(id)) { yyerror("sensitivity aliases may not contain periods"); - goto bad_alias; + free(id); + return -1; } aliasdatum = (level_datum_t *) malloc(sizeof(level_datum_t)); if (!aliasdatum) { yyerror("out of memory"); - goto bad_alias; + free(id); + return -1; } level_datum_init(aliasdatum); aliasdatum->isalias = TRUE; @@ -941,12 +957,14 @@ int define_category(void) while ((id = queue_remove(id_queue))) { if (id_has_dot(id)) { yyerror("category aliases may not contain periods"); - goto bad_alias; + free(id); + return -1; } aliasdatum = (cat_datum_t *) malloc(sizeof(cat_datum_t)); if (!aliasdatum) { yyerror("out of memory"); - goto bad_alias; + free(id); + return -1; } cat_datum_init(aliasdatum); aliasdatum->isalias = TRUE; @@ -3807,6 +3825,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) if (!is_id_in_scope(SYM_USERS, id)) { yyerror2("user %s is not within scope", id); + free(id); constraint_expr_destroy(expr); return 0; } @@ -3818,6 +3837,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) id); if (!user) { yyerror2("unknown user %s", id); + free(id); constraint_expr_destroy(expr); return 0; } @@ -3827,6 +3847,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) yyerror2("role %s is not within scope", id); constraint_expr_destroy(expr); + free(id); return 0; } role = @@ -3838,6 +3859,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) if (!role) { yyerror2("unknown role %s", id); constraint_expr_destroy(expr); + free(id); return 0; } val = role->s.value; @@ -3850,11 +3872,13 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2) } else { yyerror("invalid constraint expression"); constraint_expr_destroy(expr); + free(id); return 0; } if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) { yyerror("out of memory"); ebitmap_destroy(&expr->names); + free(id); constraint_expr_destroy(expr); return 0; } -- 2.33.0