|
 |
b79588c |
Index: libsepol/src/module.c
|
|
|
b79588c |
===================================================================
|
|
|
b79588c |
--- libsepol/src/module.c (revision 2538)
|
|
|
b79588c |
+++ libsepol/src/module.c (working copy)
|
|
|
b79588c |
@@ -353,21 +353,27 @@
|
|
|
b79588c |
struct policy_file *file,
|
|
|
b79588c |
size_t ** offsets, uint32_t * sections)
|
|
|
b79588c |
{
|
|
|
b79588c |
- uint32_t buf[3], nsec;
|
|
|
b79588c |
+ uint32_t *buf = NULL, nsec;
|
|
|
b79588c |
unsigned i;
|
|
|
b79588c |
- size_t *off;
|
|
|
b79588c |
+ size_t *off = NULL;
|
|
|
b79588c |
int rc;
|
|
|
58a8c31 |
|
|
|
b79588c |
+ buf = malloc(sizeof(uint32_t)*3);
|
|
|
b79588c |
+ if (!buf) {
|
|
|
b79588c |
+ ERR(file->handle, "out of memory");
|
|
|
b79588c |
+ goto err;
|
|
|
b79588c |
+ }
|
|
|
b79588c |
+
|
|
|
b79588c |
rc = next_entry(buf, file, sizeof(uint32_t) * 3);
|
|
|
b79588c |
if (rc < 0) {
|
|
|
b79588c |
ERR(file->handle, "module package header truncated");
|
|
|
b79588c |
- return -1;
|
|
|
b79588c |
+ goto err;
|
|
|
b79588c |
}
|
|
|
b79588c |
if (le32_to_cpu(buf[0]) != SEPOL_MODULE_PACKAGE_MAGIC) {
|
|
|
b79588c |
ERR(file->handle,
|
|
|
b79588c |
"wrong magic number for module package: expected %u, got %u",
|
|
|
b79588c |
SEPOL_MODULE_PACKAGE_MAGIC, le32_to_cpu(buf[0]));
|
|
|
b79588c |
- return -1;
|
|
|
b79588c |
+ goto err;
|
|
|
b79588c |
}
|
|
|
58a8c31 |
|
|
|
b79588c |
mod->version = le32_to_cpu(buf[1]);
|
|
|
b79588c |
@@ -376,23 +382,29 @@
|
|
|
b79588c |
if (nsec > MAXSECTIONS) {
|
|
|
b79588c |
ERR(file->handle, "too many sections (%u) in module package",
|
|
|
b79588c |
nsec);
|
|
|
b79588c |
- return -1;
|
|
|
b79588c |
+ goto err;
|
|
|
b79588c |
}
|
|
|
f50a75e |
|
|
|
b79588c |
off = (size_t *) malloc((nsec + 1) * sizeof(size_t));
|
|
|
b79588c |
if (!off) {
|
|
|
b79588c |
ERR(file->handle, "out of memory");
|
|
|
b79588c |
- return -1;
|
|
|
b79588c |
+ goto err;
|
|
|
b79588c |
}
|
|
|
f50a75e |
|
|
|
b79588c |
- rc = next_entry(off, file, sizeof(uint32_t) * nsec);
|
|
|
b79588c |
+ free(buf);
|
|
|
b79588c |
+ buf = malloc(sizeof(uint32_t) * nsec);
|
|
|
b79588c |
+ if (!buf) {
|
|
|
b79588c |
+ ERR(file->handle, "out of memory");
|
|
|
b79588c |
+ goto err;
|
|
|
b79588c |
+ }
|
|
|
b79588c |
+ rc = next_entry(buf, file, sizeof(uint32_t) * nsec);
|
|
|
b79588c |
if (rc < 0) {
|
|
|
b79588c |
ERR(file->handle, "module package offset array truncated");
|
|
|
b79588c |
- return -1;
|
|
|
b79588c |
+ goto err;
|
|
|
b79588c |
}
|
|
|
f50a75e |
|
|
|
b79588c |
for (i = 0; i < nsec; i++) {
|
|
|
b79588c |
- off[i] = le32_to_cpu(off[i]);
|
|
|
b79588c |
+ off[i] = le32_to_cpu(buf[i]);
|
|
|
b79588c |
if (i && off[i] < off[i - 1]) {
|
|
|
b79588c |
ERR(file->handle, "offsets are not increasing (at %u, "
|
|
|
b79588c |
"offset %zu -> %zu", i, off[i - 1],
|
|
|
b79588c |
@@ -401,10 +413,15 @@
|
|
|
b79588c |
}
|
|
|
b79588c |
}
|
|
|
b79588c |
|
|
|
b79588c |
-
|
|
|
b79588c |
+ free(buf);
|
|
|
b79588c |
off[nsec] = policy_file_length(file);
|
|
|
b79588c |
*offsets = off;
|
|
|
b79588c |
return 0;
|
|
|
f50a75e |
+
|
|
|
b79588c |
+err:
|
|
|
b79588c |
+ free(buf);
|
|
|
b79588c |
+ free(off);
|
|
|
b79588c |
+ return -1;
|
|
|
b79588c |
}
|
|
|
f50a75e |
|
|
|
b79588c |
/* Flags for which sections have been seen during parsing of module package. */
|