From: Paul Moore <paul.moore@hp.com>
Date: Fri, 19 Jan 2007 19:25:50 +0000 (-0500)
Subject: [PATCH] SELinux: fix an oops with NetLabel and non-MLS SELinux policy
X-Git-Tag: v2.6.19.3~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10c06e62e2840202a739c4ca0260d297d3fc50b8;p=thirdparty%2Fkernel%2Fstable.git

[PATCH] SELinux: fix an oops with NetLabel and non-MLS SELinux policy

In the case where a user has configured NetLabel in the kernel but is not
using a SELinux policy with the MLS/MCS feature enabled there is a bug in
mls_export_cat() where a NULL pointer is used.  The initial problem report and
discussion can be found here (this patch has been ACK'd by Stephen Smalley and
 James Morris in the discussion thread below):

 * http://marc2.theaimsgroup.com/?t=116920302500004&r=1&w=2

This patch is specific to the 2.6.19.y kernel series as the mls_export_cat()
function has been replaced in the 2.6.20 kernel.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 2cca8e2516240..531b08a2c6cdf 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -641,10 +641,14 @@ int mls_export_cat(const struct context *context,
 	int rc = -EPERM;
 
 	if (!selinux_mls_enabled) {
-		*low = NULL;
-		*low_len = 0;
-		*high = NULL;
-		*high_len = 0;
+		if (low != NULL) {
+			*low = NULL;
+			*low_len = 0;
+		}
+		if (high != NULL) {
+			*high = NULL;
+			*high_len = 0;
+		}
 		return 0;
 	}