diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 12:53:34 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-08-31 12:53:34 -0700 |
commit | befa491ce6954adadb181c464d0318925f18e499 (patch) | |
tree | 0d235d244e53bb40bf11d72378d20e9bdcb985a8 /security/selinux | |
parent | e55f0c439a2681a3c299bedd99ebe998049fa508 (diff) | |
parent | 893c47d1964f5c9b00c5468f2cd1a1e9351fbb6a (diff) |
Merge tag 'selinux-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux update from Paul Moore:
"We've got an unusually small SELinux pull request for v5.15 that
consists of only one (?!) patch that is really pretty minor when you
look at it.
Unsurprisingly it passes all of our tests and merges cleanly on top of
your tree right now, please merge this for v5.15"
* tag 'selinux-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: return early for possible NULL audit buffers
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 4 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b0032c42333e..9e84e6635f2f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3325,6 +3325,8 @@ static int selinux_inode_setxattr(struct user_namespace *mnt_userns, } ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR); + if (!ab) + return rc; audit_log_format(ab, "op=setxattr invalid_context="); audit_log_n_untrustedstring(ab, value, audit_size); audit_log_end(ab); @@ -6552,6 +6554,8 @@ static int selinux_setprocattr(const char *name, void *value, size_t size) ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR); + if (!ab) + return error; audit_log_format(ab, "op=fscreate invalid_context="); audit_log_n_untrustedstring(ab, value, audit_size); audit_log_end(ab); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index d84c77f370dc..e5f1b2757a83 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1673,6 +1673,8 @@ static int compute_sid_handle_invalid_context( if (context_struct_to_string(policydb, newcontext, &n, &nlen)) goto out; ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR); + if (!ab) + goto out; audit_log_format(ab, "op=security_compute_sid invalid_context="); /* no need to record the NUL with untrusted strings */ |