diff options
author | Axel Rasmussen <axelrasmussen@google.com> | 2020-07-23 10:54:23 -0700 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2020-07-24 13:34:27 +0900 |
commit | 199a892218e1f36e7bd7d5da2d78de6b13f04488 (patch) | |
tree | 34deec4b16ef1af508e7e5a4dff3bbda464f9506 | |
parent | d05f7b50077ad54b76368bf218e97b7895601add (diff) | |
download | systemd-199a892218e1f36e7bd7d5da2d78de6b13f04488.tar.gz |
selinux: handle getcon_raw producing a NULL pointer, despite returning 0
Previously, we assumed that success meant we definitely got a valid
pointer. There is at least one edge case where this is not true (i.e.,
we can get both a 0 return value, and *also* a NULL pointer):
https://github.com/SELinuxProject/selinux/blob/4246bb550dee5246c8567804325b7da206cd76cf/libselinux/src/procattr.c#L175
When this case occurrs, if we don't check the pointer we SIGSEGV in
early initialization.
-rw-r--r-- | src/core/selinux-setup.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c index b8a94a52ab..817069b3fe 100644 --- a/src/core/selinux-setup.c +++ b/src/core/selinux-setup.c @@ -50,7 +50,8 @@ int mac_selinux_setup(bool *loaded_policy) { /* Already initialized by somebody else? */ r = getcon_raw(&con); - if (r == 0) { + /* getcon_raw can return 0, and still give us a NULL pointer. */ + if (r == 0 && con) { initialized = !streq(con, "kernel"); freecon(con); } |