selinux: handle getcon_raw producing a NULL pointer, despite returning 0

Previously, we assumed that success meant we definitely got a valid pointer. There is at least one edge case where this is not true (i.e., we can get both a 0 return value, and *also* a NULL pointer): https://github.com/SELinuxProject/selinux/blob/4246bb550dee5246c8567804325b7da206cd76cf/libselinux/src/procattr.c#L175 When this case occurrs, if we don't check the pointer we SIGSEGV in early initialization.
author: Axel Rasmussen <axelrasmussen@google.com> 2020-07-23 10:54:23 -0700
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2020-07-24 13:34:27 +0900
commit: 199a892218e1f36e7bd7d5da2d78de6b13f04488 (patch)
tree: 34deec4b16ef1af508e7e5a4dff3bbda464f9506
parent: d05f7b50077ad54b76368bf218e97b7895601add (diff)
download: systemd-199a892218e1f36e7bd7d5da2d78de6b13f04488.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index b8a94a52ab..817069b3fe 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -50,7 +50,8 @@ int mac_selinux_setup(bool *loaded_policy) {
 
         /* Already initialized by somebody else? */
         r = getcon_raw(&con);
-        if (r == 0) {
+        /* getcon_raw can return 0, and still give us a NULL pointer. */
+        if (r == 0 && con) {
                 initialized = !streq(con, "kernel");
                 freecon(con);
         }
author	Axel Rasmussen <axelrasmussen@google.com>	2020-07-23 10:54:23 -0700
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2020-07-24 13:34:27 +0900
commit	199a892218e1f36e7bd7d5da2d78de6b13f04488 (patch)
tree	34deec4b16ef1af508e7e5a4dff3bbda464f9506
parent	d05f7b50077ad54b76368bf218e97b7895601add (diff)
download	systemd-199a892218e1f36e7bd7d5da2d78de6b13f04488.tar.gz