packages/checkpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
checkpolicy/backport-checkpolicy-cleanup-identifiers-on-error.patch
wjiang 8d05d52916 backport patches from upstream
2025-03-17 10:57:54 +08:00

197 lines
5.9 KiB
Diff
Raw Permalink Blame History

From b75bf48b42d93bf03211eeb176495dbc667d4e99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 22 Jan 2024 14:54:55 +0100
Subject: [PATCH] checkpolicy: cleanup identifiers on error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Free identifiers removed from the queue but not yet owned by the policy
on errors.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
policy_define.c | 32 ++++++++++++++++++++++++++++----
1 file changed, 28 insertions(+), 4 deletions(-)
diff --git a/policy_define.c b/policy_define.c
index 260e609d..db7e9d0e 100644
--- a/policy_define.c
+++ b/policy_define.c
@@ -343,6 +343,7 @@ static int read_classes(ebitmap_t *e_classes)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
@@ -374,15 +375,18 @@ int define_default_user(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_user && cladatum->default_user != which) {
yyerror2("conflicting default user information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_user = which;
@@ -406,15 +410,18 @@ int define_default_role(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_role && cladatum->default_role != which) {
yyerror2("conflicting default role information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_role = which;
@@ -438,15 +445,18 @@ int define_default_type(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_type && cladatum->default_type != which) {
yyerror2("conflicting default type information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_type = which;
@@ -470,15 +480,18 @@ int define_default_range(int which)
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_CLASSES, id)) {
yyerror2("class %s is not within scope", id);
+ free(id);
return -1;
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
yyerror2("unknown class %s", id);
+ free(id);
return -1;
}
if (cladatum->default_range && cladatum->default_range != which) {
yyerror2("conflicting default range information for class %s", id);
+ free(id);
return -1;
}
cladatum->default_range = which;
@@ -509,6 +522,7 @@ int define_common_perms(void)
comdatum = hashtab_search(policydbp->p_commons.table, id);
if (comdatum) {
yyerror2("duplicate declaration for common %s\n", id);
+ free(id);
return -1;
}
comdatum = (common_datum_t *) malloc(sizeof(common_datum_t));
@@ -771,12 +785,14 @@ int define_sens(void)
while ((id = queue_remove(id_queue))) {
if (id_has_dot(id)) {
yyerror("sensitivity aliases may not contain periods");
- goto bad_alias;
+ free(id);
+ return -1;
}
aliasdatum = (level_datum_t *) malloc(sizeof(level_datum_t));
if (!aliasdatum) {
yyerror("out of memory");
- goto bad_alias;
+ free(id);
+ return -1;
}
level_datum_init(aliasdatum);
aliasdatum->isalias = TRUE;
@@ -941,12 +957,14 @@ int define_category(void)
while ((id = queue_remove(id_queue))) {
if (id_has_dot(id)) {
yyerror("category aliases may not contain periods");
- goto bad_alias;
+ free(id);
+ return -1;
}
aliasdatum = (cat_datum_t *) malloc(sizeof(cat_datum_t));
if (!aliasdatum) {
yyerror("out of memory");
- goto bad_alias;
+ free(id);
+ return -1;
}
cat_datum_init(aliasdatum);
aliasdatum->isalias = TRUE;
@@ -3807,6 +3825,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
if (!is_id_in_scope(SYM_USERS, id)) {
yyerror2("user %s is not within scope",
id);
+ free(id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3818,6 +3837,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
id);
if (!user) {
yyerror2("unknown user %s", id);
+ free(id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3827,6 +3847,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
yyerror2("role %s is not within scope",
id);
constraint_expr_destroy(expr);
+ free(id);
return 0;
}
role =
@@ -3838,6 +3859,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
if (!role) {
yyerror2("unknown role %s", id);
constraint_expr_destroy(expr);
+ free(id);
return 0;
}
val = role->s.value;
@@ -3850,11 +3872,13 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
} else {
yyerror("invalid constraint expression");
constraint_expr_destroy(expr);
+ free(id);
return 0;
}
if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) {
yyerror("out of memory");
ebitmap_destroy(&expr->names);
+ free(id);
constraint_expr_destroy(expr);
return 0;
}
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink