SELinux: possible NULL deref in context_struct_to_string

eparis · aldrinholmes · commit a20db10a99a6 · 2014-10-08T11:58:30.000+05:30
It's possible that the caller passed a NULL for scontext.  However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad.  Instead just return the len.

Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Signed-off-by: Pranav Vashi &lt;neobuddy89@gmail.com&gt;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
 
 	if (context->len) {
 		*scontext_len = context->len;
-		*scontext = kstrdup(context->str, GFP_ATOMIC);
-		if (!(*scontext))
-			return -ENOMEM;
+		if (scontext) {
+			*scontext = kstrdup(context->str, GFP_ATOMIC);
+			if (!(*scontext))
+				return -ENOMEM;
+		}
 		return 0;
 	}
 
