summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-04-04 13:46:36 -0400
committerEric Paris <eparis@redhat.com>2012-04-09 12:22:56 -0400
commitbb7081ab93582fd2557160549854200a5fc7b42a (patch)
treefa95a4c7f31d7f3f06d38eab68fcdd19da102e82
parentd6ea83ec6864e9297fa8b00ec3dae183413a90e3 (diff)
SELinux: possible NULL deref in context_struct_to_string
It's possible that the caller passed a NULL for scontext. However if this is a defered mapping we might still attempt to call *scontext=kstrdup(). This is bad. Instead just return the len. Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--security/selinux/ss/services.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1ded0ec7e8c2..9b7e7ed54e7e 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
if (context->len) {
*scontext_len = context->len;
- *scontext = kstrdup(context->str, GFP_ATOMIC);
- if (!(*scontext))
- return -ENOMEM;
+ if (scontext) {
+ *scontext = kstrdup(context->str, GFP_ATOMIC);
+ if (!(*scontext))
+ return -ENOMEM;
+ }
return 0;
}