libsepol/cil: Return an error if a call argument fails to resolve

Return an error if a call argument fails to resolve so that the resolution phase stops and returns an error. This problem was found by the secilc-fuzzer. Signed-off-by: James Carter <jwcart2@gmail.com>
sailfishos-mirror · May 4, 2021 · d943369 · d943369
1 parent d438b6c
commit d943369
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
@@ -3277,6 +3277,7 @@ int cil_resolve_call2(struct cil_tree_node *current, void *extra_args)
 		if (sym_index != CIL_SYM_UNKNOWN) {
 			rc = cil_resolve_name(current, arg->arg_str, sym_index, extra_args, &(arg->arg));
 			if (rc != SEPOL_OK) {
+				cil_tree_log(current, CIL_ERR, "Failed to resolve %s in call argument list", arg->arg_str);
 				goto exit;
 			}
 		}
@@ -3308,7 +3309,7 @@ int cil_resolve_name_call_args(struct cil_call *call, char *name, enum cil_sym_i
 		if (param_index == sym_index) {
 			if (name == arg->param_str) {
 				*datum = arg->arg;
-				rc = SEPOL_OK;
+				rc = *datum ? SEPOL_OK : SEPOL_ERR;
 				goto exit;
 			}
 		}