Skip to content

Commit

Permalink
SELinux: possible NULL deref in context_struct_to_string
Browse files Browse the repository at this point in the history 
It's possible that the caller passed a NULL for scontext.  However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad.  Instead just return the len.

Signed-off-by: Eric Paris <eparis@redhat.com>
  • Loading branch information
Eric Paris committed Apr 9, 2012
1 parent d6ea83e commit bb7081a
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions security/selinux/ss/services.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3

if (context->len) {
*scontext_len = context->len;
*scontext = kstrdup(context->str, GFP_ATOMIC);
if (!(*scontext))
return -ENOMEM;
if (scontext) {
*scontext = kstrdup(context->str, GFP_ATOMIC);
if (!(*scontext))
return -ENOMEM;
}
return 0;
}

Expand Down

0 comments on commit bb7081a

Please sign in to comment.