checkpolicy: free complete role_allow_rule on error

Free the ebitmaps inside the rolesets on error. Reported-by: oss-fuzz (issue 67769) Signed-off-by: Christian Göttsche <[email protected]> Acked-by: James Carter <[email protected]>
SELinuxProject · Apr 4, 2024 · 652e288 · 652e288
1 parent 04303b5
commit 652e288
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
@@ -3186,13 +3186,15 @@ int define_role_allow(void)
 
  while ((id = queue_remove(id_queue))) {
  if (set_roles(&ra->roles, id)) {
+ role_allow_rule_destroy(ra);
  free(ra);
  return -1;
  }
  }
 
  while ((id = queue_remove(id_queue))) {
  if (set_roles(&ra->new_roles, id)) {
+ role_allow_rule_destroy(ra);
  free(ra);
  return -1;
  }