libsepol/cil: Check for empty list when marking neverallow attributes

When marking a type attribute as used in a neverallow (to help determine whether or not it should be expanded), check if the attribute's expression list is empty (no attributes are associated with it) before iterating over the list. Signed-off-by: James Carter <jwcart2@gmail.com> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
sailfishos-mirror · Jun 24, 2021 · f33745a · f33745a
1 parent ac8b35d
commit f33745a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
@@ -1494,6 +1494,10 @@ static void __mark_neverallow_attrs(struct cil_list *expr_list)
 {
 	struct cil_list_item *curr;
 
+	if (!expr_list) {
+		return;
+	}
+
 	cil_list_for_each(curr, expr_list) {
 		if (curr->flavor == CIL_DATUM) {
 			if (FLAVOR(curr->data) == CIL_TYPEATTRIBUTE) {