SELinux: possible NULL deref in context_struct_to_string It's possible that the caller passed a NULL for scontext. However if this is a defered mapping we might still attempt to call *scontext=kstrdup(). This is bad. Instead just return the len. Signed-off-by: Eric Paris <eparis@redhat.com>

commit: bb7081ab93582fd2557160549854200a5fc7b42a [log] [tgz]
author: Eric Paris <eparis@redhat.com> Wed Apr 04 13:46:36 2012 -0400
committer: Eric Paris <eparis@redhat.com> Mon Apr 09 12:22:56 2012 -0400
tree: fa95a4c7f31d7f3f06d38eab68fcdd19da102e82
parent: d6ea83ec6864e9297fa8b00ec3dae183413a90e3 [diff] [blame]
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1ded0ec..9b7e7ed 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c

@@ -1018,9 +1018,11 @@
 
 	if (context->len) {
 		*scontext_len = context->len;
-		*scontext = kstrdup(context->str, GFP_ATOMIC);
-		if (!(*scontext))
-			return -ENOMEM;
+		if (scontext) {
+			*scontext = kstrdup(context->str, GFP_ATOMIC);
+			if (!(*scontext))
+				return -ENOMEM;
+		}
 		return 0;
 	}
commit	bb7081ab93582fd2557160549854200a5fc7b42a	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Wed Apr 04 13:46:36 2012 -0400
committer	Eric Paris <eparis@redhat.com>	Mon Apr 09 12:22:56 2012 -0400
tree	fa95a4c7f31d7f3f06d38eab68fcdd19da102e82
parent	d6ea83ec6864e9297fa8b00ec3dae183413a90e3 [diff] [blame]