afl-fuzz: Fix crash with policy line without ':'
This crash was found by running afl-fuzz. Policy lines without a ':'
were causing strsep(3) to place a NULL in |policy_line|, which was then
being dereferenced.
Bug: None
Test: make tests
Change-Id: I6228a3e4688d4e8641714ec9d10f8cd144dcb5c1
diff --git a/syscall_filter.c b/syscall_filter.c
index 5a3ef21..0cb9138 100644
--- a/syscall_filter.c
+++ b/syscall_filter.c
@@ -543,6 +543,13 @@
* statement, treat |policy_line| as a regular policy line.
*/
char *syscall_name = strsep(&policy_line, ":");
+ if (policy_line == NULL) {
+ warn("compile_file: malformed policy line, missing "
+ "':'");
+ ret = -1;
+ goto free_line;
+ }
+
policy_line = strip(policy_line);
if (*policy_line == '\0') {
warn("compile_file: empty policy line");