From: Eric Paris <eparis@redhat.com>
Date: Wed, 4 Apr 2012 17:46:36 +0000 (-0400)
Subject: SELinux: possible NULL deref in context_struct_to_string
X-Git-Tag: v3.5-rc1~161^2^2~15
X-Git-Url: http://pileus.org/git/?p=~andy%2Flinux;a=commitdiff_plain;h=bb7081ab93582fd2557160549854200a5fc7b42a

SELinux: possible NULL deref in context_struct_to_string

It's possible that the caller passed a NULL for scontext.  However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad.  Instead just return the len.

Signed-off-by: Eric Paris <eparis@redhat.com>
---

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1ded0ec7e8c..9b7e7ed54e7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
 
 	if (context->len) {
 		*scontext_len = context->len;
-		*scontext = kstrdup(context->str, GFP_ATOMIC);
-		if (!(*scontext))
-			return -ENOMEM;
+		if (scontext) {
+			*scontext = kstrdup(context->str, GFP_ATOMIC);
+			if (!(*scontext))
+				return -ENOMEM;
+		}
 		return 0;
 	}