Commit bb7081ab authored by Eric Paris's avatar Eric Paris

SELinux: possible NULL deref in context_struct_to_string

It's possible that the caller passed a NULL for scontext.  However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad.  Instead just return the len.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent d6ea83ec
...@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3 ...@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
if (context->len) { if (context->len) {
*scontext_len = context->len; *scontext_len = context->len;
if (scontext) {
*scontext = kstrdup(context->str, GFP_ATOMIC); *scontext = kstrdup(context->str, GFP_ATOMIC);
if (!(*scontext)) if (!(*scontext))
return -ENOMEM; return -ENOMEM;
}
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment