libselinux, sefcontext_compile: handle NULL pcre study data

pcre_study() can return a NULL result if no additional information
could be determined for the pattern.  Thus, sefcontext_compile
needs to correctly handle the case where the study data is NULL
when generating file_contexts.bin, and libselinux needs to correctly
handle it when loading file_contexts.bin.  Fix them both.

This change enables:
semanage fcontext -a -t httpd_exec_t "(/.*)?"
to succeed, since the regex itself is valid but there is no
additional information produced by pcre_study().

Reported-by: Vit Mojzis <vmojzis@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 14 insertions, 11 deletions

diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 071d9020..c89bb35b 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -388,18 +388,21 @@ static int load_mmap(struct selabel_handle *rec, const char *path,
 			rc = -1;
 			goto err;
 		}
-		spec->lsd.study_data = (void *)mmap_area->next_addr;
-		spec->lsd.flags |= PCRE_EXTRA_STUDY_DATA;
-		rc = next_entry(NULL, mmap_area, entry_len);
-		if (rc < 0)
-			goto err;
 
-		/* Check that study data lengths match. */
-		rc = pcre_fullinfo(spec->regex, &spec->lsd,
-				    PCRE_INFO_STUDYSIZE, &len);
-		if (rc < 0 || len != entry_len) {
-			rc = -1;
-			goto err;
+		if (entry_len) {
+			spec->lsd.study_data = (void *)mmap_area->next_addr;
+			spec->lsd.flags |= PCRE_EXTRA_STUDY_DATA;
+			rc = next_entry(NULL, mmap_area, entry_len);
+			if (rc < 0)
+				goto err;
+
+			/* Check that study data lengths match. */
+			rc = pcre_fullinfo(spec->regex, &spec->lsd,
+					   PCRE_INFO_STUDYSIZE, &len);
+			if (rc < 0 || len != entry_len) {
+				rc = -1;
+				goto err;
+			}
 		}
 
 		data->nspec++;