diff options
author | Eric Paris <eparis@redhat.com> | 2012-04-04 13:46:36 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:22:56 -0400 |
commit | bb7081ab93582fd2557160549854200a5fc7b42a (patch) | |
tree | fa95a4c7f31d7f3f06d38eab68fcdd19da102e82 /security/selinux/ss | |
parent | d6ea83ec6864e9297fa8b00ec3dae183413a90e3 (diff) | |
download | lwn-bb7081ab93582fd2557160549854200a5fc7b42a.tar.gz lwn-bb7081ab93582fd2557160549854200a5fc7b42a.zip |
SELinux: possible NULL deref in context_struct_to_string
It's possible that the caller passed a NULL for scontext. However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad. Instead just return the len.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/services.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 1ded0ec7e8c2..9b7e7ed54e7e 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3 if (context->len) { *scontext_len = context->len; - *scontext = kstrdup(context->str, GFP_ATOMIC); - if (!(*scontext)) - return -ENOMEM; + if (scontext) { + *scontext = kstrdup(context->str, GFP_ATOMIC); + if (!(*scontext)) + return -ENOMEM; + } return 0; } |