SELinux: possible NULL deref in context_struct_to_string

It's possible that the caller passed a NULL for scontext.  However if this
is a defered mapping we might still attempt to call *scontext=kstrdup().
This is bad.  Instead just return the len.

Signed-off-by: Eric Paris <eparis@redhat.com>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1ded0ec7e8c27a9b8b902a6d367d0db2d6d94f14..9b7e7ed54e7e7b19b45b672015693ce47a4eca0c 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1018,9 +1018,11 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
 
        if (context->len) {
                *scontext_len = context->len;
-               *scontext = kstrdup(context->str, GFP_ATOMIC);
-               if (!(*scontext))
-                       return -ENOMEM;
+               if (scontext) {
+                       *scontext = kstrdup(context->str, GFP_ATOMIC);
+                       if (!(*scontext))
+                               return -ENOMEM;
+               }
                return 0;
        }