selinux: do not leave dangling pointer behind
In case mls_context_cpy() fails due to OOM set the free'd pointer in
context_cpy() to NULL to avoid it potentially being dereferenced or
free'd again in future. Freeing a NULL pointer is well-defined and a
hard NULL dereference crash is at least not exploitable and should give
a workable stack trace.
Fixes: 12b29f3455 ("selinux: support deferred mapping of contexts")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Christian Göttsche
Paul Moore
Родитель
6f933aa7df
Коммит
53f3517ae0
|
|
@ -167,6 +167,7 @@ static inline int context_cpy(struct context *dst, const struct context *src)
|
||||||
rc = mls_context_cpy(dst, src);
|
rc = mls_context_cpy(dst, src);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
kfree(dst->str);
|
kfree(dst->str);
|
||||||
|
dst->str = NULL;
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче