NetLabel: better error handling involving mls_export_cat()

Upon inspection it looked like the error handling for mls_export_cat() was
rather poor.  This patch addresses this by NULL'ing out kfree()'d pointers
before returning and checking the return value of the function everywhere
it is called.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 14 insertions, 3 deletions

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index c713af23250..2cca8e25162 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context,
 {
         int rc = -EPERM;
 
-        if (!selinux_mls_enabled)
+        if (!selinux_mls_enabled) {
+                *low = NULL;
+                *low_len = 0;
+                *high = NULL;
+                *high_len = 0;
                 return 0;
+        }
 
         if (low != NULL) {
                 rc = ebitmap_export(&context->range.level[0].cat,
@@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context,
         return 0;
 
 export_cat_failure:
-        if (low != NULL)
+        if (low != NULL) {
                 kfree(*low);
-        if (high != NULL)
+                *low = NULL;
+                *low_len = 0;
+        }
+        if (high != NULL) {
                 kfree(*high);
+                *high = NULL;
+                *high_len = 0;
+        }
         return rc;
 }