afl-fuzz: Fix crash with policy line without ':' This crash was found by running afl-fuzz. Policy lines without a ':' were causing strsep(3) to place a NULL in |policy_line|, which was then being dereferenced. Bug: None Test: make tests Change-Id: I6228a3e4688d4e8641714ec9d10f8cd144dcb5c1

commit: d0b40703c240612db7648a971af72dc67b3ae78e [log] [tgz]
author: lhchavez <lhchavez@lhchavez.com> Fri Sep 01 04:17:41 2017 +0000
committer: Treehugger Robot <treehugger-gerrit@google.com> Fri Sep 01 21:28:49 2017 +0000
tree: 4b60f2b3e01c61276b55337102172d3fc33bb42f
parent: 6c8d820e761cb17e189eb7b33b9497ca2ff5aaa3 [diff] [blame]
diff --git a/syscall_filter.c b/syscall_filter.c
index 5a3ef21..0cb9138 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c

@@ -543,6 +543,13 @@
 		 * statement, treat |policy_line| as a regular policy line.
 		 */
 		char *syscall_name = strsep(&policy_line, ":");
+		if (policy_line == NULL) {
+			warn("compile_file: malformed policy line, missing "
+			     "':'");
+			ret = -1;
+			goto free_line;
+		}
+
 		policy_line = strip(policy_line);
 		if (*policy_line == '\0') {
 			warn("compile_file: empty policy line");
commit	d0b40703c240612db7648a971af72dc67b3ae78e	[log] [tgz]
author	lhchavez <lhchavez@lhchavez.com>	Fri Sep 01 04:17:41 2017 +0000
committer	Treehugger Robot <treehugger-gerrit@google.com>	Fri Sep 01 21:28:49 2017 +0000
tree	4b60f2b3e01c61276b55337102172d3fc33bb42f
parent	6c8d820e761cb17e189eb7b33b9497ca2ff5aaa3 [diff] [blame]