1 files changed, 0 insertions, 44 deletions

diff --git a/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch b/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch
deleted file mode 100644
index 7f286e02e..000000000
--- a/pcr/libsepol/0004-libsepol-cil-Check-if-identifier-is-NULL-when-verify.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 5d3404acf99ac42cba5182fcbb099930754fc588 Mon Sep 17 00:00:00 2001
-From: James Carter <jwcart2@tycho.nsa.gov>
-Date: Tue, 18 Oct 2016 14:21:59 -0400
-Subject: [PATCH] libsepol/cil: Check if identifier is NULL when verifying name
-
-Nicolas Iooss found while fuzzing secilc with AFL that the statement
-"(class C (()))" will cause a segfault.
-
-When CIL checks the syntax of the class statement it sees "(())" as a
-valid permission list, but since "()" is not an identifier a NULL is
-passed as the string for name verification. A segfault occurs because
-name verification assumes that the string being checked is non-NULL.
-
-Check if identifier is NULL when verifying name.
-
-Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
----
- libsepol/cil/src/cil_verify.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
-index 038f77af57d7..47dcfaa27ca0 100644
---- a/libsepol/cil/src/cil_verify.c
-+++ b/libsepol/cil/src/cil_verify.c
-@@ -50,9 +50,15 @@
- int __cil_verify_name(const char *name)
- {
- 	int rc = SEPOL_ERR;
--	int len = strlen(name);
-+	int len;
- 	int i = 0;
- 
-+	if (name == NULL) {
-+		cil_log(CIL_ERR, "Name is NULL\n");
-+		goto exit;
-+	}
-+
-+	len = strlen(name);
- 	if (len >= CIL_MAX_NAME_LENGTH) {
- 		cil_log(CIL_ERR, "Name length greater than max name length of %d", 
- 			CIL_MAX_NAME_LENGTH);
--- 
-2.10.2
-