iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

selinux: do not leave dangling pointer behind

Browse Source 
In case mls_context_cpy() fails due to OOM set the free'd pointer in
context_cpy() to NULL to avoid it potentially being dereferenced or
free'd again in future.  Freeing a NULL pointer is well-defined and a
hard NULL dereference crash is at least not exploitable and should give
a workable stack trace.

Fixes: 12b29f34558b ("selinux: support deferred mapping of contexts")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Christian Göttsche 2023-04-20 17:04:58 +02:00 committed by Paul Moore
parent 6f933aa7df
commit 53f3517ae0
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/selinux/ss/context.h
View File

@ -167,6 +167,7 @@ static inline int context_cpy(struct context *dst, const struct context *src)
rc = mls_context_cpy(dst, src);
if (rc) {
kfree(dst->str);
dst->str = NULL;
return rc;
}
return 0;