aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-04-04 13:46:36 -0400
committerEric Paris <eparis@redhat.com>2012-04-09 12:22:56 -0400
commitbb7081ab93582fd2557160549854200a5fc7b42a (patch)
treefa95a4c7f31d7f3f06d38eab68fcdd19da102e82
parentd6ea83ec6864e9297fa8b00ec3dae183413a90e3 (diff)
SELinux: possible NULL deref in context_struct_to_string
It's possible that the caller passed a NULL for scontext. However if this is a defered mapping we might still attempt to call *scontext=kstrdup(). This is bad. Instead just return the len. Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--security/selinux/ss/services.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1ded0ec7e8c..9b7e7ed54e7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
1018 1018
1019 if (context->len) { 1019 if (context->len) {
1020 *scontext_len = context->len; 1020 *scontext_len = context->len;
1021 *scontext = kstrdup(context->str, GFP_ATOMIC); 1021 if (scontext) {
1022 if (!(*scontext)) 1022 *scontext = kstrdup(context->str, GFP_ATOMIC);
1023 return -ENOMEM; 1023 if (!(*scontext))
1024 return -ENOMEM;
1025 }
1024 return 0; 1026 return 0;
1025 } 1027 }
1026 1028