libsepol/cil: Clear AST node after destroying bad filecon rule

Commit fb0a4ce (libsepol/cil: Allow paths in filecon rules to be passed as arguments) changed when the new AST node data would be set to point to the new filecon struct when creating a filecon rule. This causes cil_destroy_filecon() to be called twice on the filecon struct if there is an error when creating the filecon rule. If there is an error when creating a filecon rule, call cil_clear_node() after destroying the filecon struct. Reported-by: oss-fuzz (issue 64385) Signed-off-by: James Carter <[email protected]>
SELinuxProject · Dec 12, 2023 · 2752043 · 2752043
1 parent 89dd980
commit 2752043
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
@@ -4197,6 +4197,7 @@ int cil_gen_filecon(struct cil_db *db, struct cil_tree_node *parse_current, stru
 exit:
  cil_tree_log(parse_current, CIL_ERR, "Bad filecon declaration");
  cil_destroy_filecon(filecon);
+ cil_clear_node(ast_node);
  return rc;
 }