From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Sun, 23 Mar 2014 22:01:38 +0100
Subject: [refpolicy] [PATCH 2/3] fc_sort: initialize allocated memory to fix
	execution on an empty file
In-Reply-To: <1395608499-9916-1-git-send-email-nicolas.iooss@m4x.org>
References: <1395608499-9916-1-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <1395608499-9916-2-git-send-email-nicolas.iooss@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When running fc_sort on an empty context file, this program uses uninitialized
pointers when accessing to the elements of a list.  On my system, it goes in a
very long loop (maybe infinite) because uninitialized fields in malloc'ed
structures happen to contain valid pointers in the heap.

This patch fixes this bug by initializing ->next and ->data fields before they
may be read.
---
 support/fc_sort.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/support/fc_sort.c b/support/fc_sort.c
index 29e2ce9..5aed783 100644
--- a/support/fc_sort.c
+++ b/support/fc_sort.c
@@ -346,6 +346,7 @@ int main(int argc, char *argv[])
 
 	/* Initialize the head of the linked list. */
 	head = current = (file_context_node_t*)malloc(sizeof(file_context_node_t));
+	head->next = NULL;
 
 	/* Parse the file into a file_context linked list. */
 	line_buf = NULL;
@@ -489,6 +490,8 @@ int main(int argc, char *argv[])
 	bcurrent = master =
 	    (file_context_bucket_t *)
 	    malloc(sizeof(file_context_bucket_t));
+	bcurrent->next = NULL;
+	bcurrent->data = NULL;
 
 	/* Go until all the nodes have been put in individual buckets. */
 	while (current) {
-- 
1.9.0