diff options
author | Paul Moore <paul@paul-moore.com> | 2020-06-16 19:17:40 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-06-27 17:11:04 -0400 |
commit | c0a6e6fd15f74c429a0b74e0dfd4de5a29aabebd (patch) | |
tree | 6cdfa4122cf7abd6a0ebfeeea0718a54bdd85b6b | |
parent | 0d2996616eba39263e1bed83a87afd5e566703c2 (diff) | |
download | libseccomp-c0a6e6fd15f74c429a0b74e0dfd4de5a29aabebd.tar.gz |
bpf: don't return a bogus pointer when gen_bpf_generate() fails
In the case where gen_bpf_generate() fails due to a
_gen_bpf_build_bpf() failure we were returning a pointer to a BPF
program block which we had already freed - oops. Thankfully the
fix is trivial.
Special thanks to Tudor Brindus for not only reporting the problem
but providing a very detailed root cause analysis.
Reported-by: Tudor Brindus <me@tbrindus.ca>
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | src/gen_bpf.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/gen_bpf.c b/src/gen_bpf.c index 1b559b0..4e38c3c 100644 --- a/src/gen_bpf.c +++ b/src/gen_bpf.c @@ -1968,6 +1968,8 @@ struct bpf_program *gen_bpf_generate(const struct db_filter_col *col) rc = _gen_bpf_build_bpf(&state, col); if (rc == 0) state.bpf = NULL; + else + prgm = NULL; _state_release(&state); return prgm; |