diff options
author | Eric Paris <eparis@redhat.com> | 2012-04-04 13:46:36 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:22:56 -0400 |
commit | bb7081ab93582fd2557160549854200a5fc7b42a (patch) | |
tree | fa95a4c7f31d7f3f06d38eab68fcdd19da102e82 | |
parent | d6ea83ec6864e9297fa8b00ec3dae183413a90e3 (diff) |
SELinux: possible NULL deref in context_struct_to_string
It's possible that the caller passed a NULL for scontext. However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad. Instead just return the len.
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | security/selinux/ss/services.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 1ded0ec7e8c..9b7e7ed54e7 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3 | |||
1018 | 1018 | ||
1019 | if (context->len) { | 1019 | if (context->len) { |
1020 | *scontext_len = context->len; | 1020 | *scontext_len = context->len; |
1021 | *scontext = kstrdup(context->str, GFP_ATOMIC); | 1021 | if (scontext) { |
1022 | if (!(*scontext)) | 1022 | *scontext = kstrdup(context->str, GFP_ATOMIC); |
1023 | return -ENOMEM; | 1023 | if (!(*scontext)) |
1024 | return -ENOMEM; | ||
1025 | } | ||
1024 | return 0; | 1026 | return 0; |
1025 | } | 1027 | } |
1026 | 1028 | ||