| Message ID | 20240311145706.34885-2-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 0e1e30db35d0 |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [1/5] checkpolicy/fuzz: drop redundant notdefined check | expand |
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 614b7706..0cf938ea 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -1038,7 +1038,7 @@ static int clone_level(hashtab_key_t key __attribute__ ((unused)), hashtab_datum level_datum_t *levdatum = (level_datum_t *) datum; mls_level_t *level = (mls_level_t *) arg, *newlevel; - if (levdatum->level == level) { + if (levdatum->notdefined && levdatum->level == level) { if (!levdatum->isalias) { levdatum->notdefined = FALSE; return 0;
In case of aliases clone the level only once to avoid leaking the fist one. Example policy: class p sid h class p{d}sensitivity d alias s0;dominance{s0}level d;level s0; Reported-by: oss-fuzz (issue #67308) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- checkpolicy/policy_define.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)