Commit bb7081ab authored Apr 04, 2012 by Eric Paris

SELinux: possible NULL deref in context_struct_to_string



It's possible that the caller passed a NULL for scontext.  However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad.  Instead just return the len.

Signed-off-by: Eric Paris <eparis@redhat.com>

parent d6ea83ec

security/selinux/ss/services.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context context, char *scontext, u3

		if (context->len) {
		*scontext_len = context->len;
		if (scontext) {
		*scontext = kstrdup(context->str, GFP_ATOMIC);
		if (!(*scontext))
		return -ENOMEM;
		}
		return 0;
		}