Commit 53f3517a authored Apr 20, 2023 by Christian Göttsche Committed by Paul Moore May 08, 2023

selinux: do not leave dangling pointer behind



In case mls_context_cpy() fails due to OOM set the free'd pointer in
context_cpy() to NULL to avoid it potentially being dereferenced or
free'd again in future.  Freeing a NULL pointer is well-defined and a
hard NULL dereference crash is at least not exploitable and should give
a workable stack trace.

Fixes: 12b29f34 ("selinux: support deferred mapping of contexts")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent 6f933aa7

security/selinux/ss/context.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -167,6 +167,7 @@ static inline int context_cpy(struct context dst, const struct context src)
		rc = mls_context_cpy(dst, src);
		if (rc) {
		kfree(dst->str);
		dst->str = NULL;
		return rc;
		}
		return 0;