Commit fb549c55 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'selinux-pr-20190321' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fix from Paul Moore:
 "Another small SELinux fix for v5.1"

* tag 'selinux-pr-20190321' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix NULL dereference in policydb_destroy()
parents 0939221e 6a1afffb
...@@ -828,9 +828,11 @@ void policydb_destroy(struct policydb *p) ...@@ -828,9 +828,11 @@ void policydb_destroy(struct policydb *p)
hashtab_map(p->range_tr, range_tr_destroy, NULL); hashtab_map(p->range_tr, range_tr_destroy, NULL);
hashtab_destroy(p->range_tr); hashtab_destroy(p->range_tr);
for (i = 0; i < p->p_types.nprim; i++) if (p->type_attr_map_array) {
ebitmap_destroy(&p->type_attr_map_array[i]); for (i = 0; i < p->p_types.nprim; i++)
kvfree(p->type_attr_map_array); ebitmap_destroy(&p->type_attr_map_array[i]);
kvfree(p->type_attr_map_array);
}
ebitmap_destroy(&p->filename_trans_ttypes); ebitmap_destroy(&p->filename_trans_ttypes);
ebitmap_destroy(&p->policycaps); ebitmap_destroy(&p->policycaps);
...@@ -2496,10 +2498,13 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -2496,10 +2498,13 @@ int policydb_read(struct policydb *p, void *fp)
if (!p->type_attr_map_array) if (!p->type_attr_map_array)
goto bad; goto bad;
/* just in case ebitmap_init() becomes more than just a memset(0): */
for (i = 0; i < p->p_types.nprim; i++)
ebitmap_init(&p->type_attr_map_array[i]);
for (i = 0; i < p->p_types.nprim; i++) { for (i = 0; i < p->p_types.nprim; i++) {
struct ebitmap *e = &p->type_attr_map_array[i]; struct ebitmap *e = &p->type_attr_map_array[i];
ebitmap_init(e);
if (p->policyvers >= POLICYDB_VERSION_AVTAB) { if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
rc = ebitmap_read(e, fp); rc = ebitmap_read(e, fp);
if (rc) if (rc)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment