]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 81d4a02)
selinux: check return value of string_to_security_class()
authorChristian Göttsche <cgzones@googlemail.com>
Mon, 2 Mar 2020 16:53:20 +0000 (17:53 +0100)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 3 Mar 2020 13:17:52 +0000 (14:17 +0100)
This should never happen, but better safe than sorry.

src/basic/selinux-util.c patch | blob | blame | history

diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 90bb93ed0b8a6d3d4aaced31828d763836a9a5bc..1095cb426cce815d829dd0d8744b72fb15be9110 100644 (file)
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -233,6 +233,9 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
                 return -errno;
 
         sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
         r = security_compute_create_raw(mycon, fcon, sclass, label);
         if (r < 0)
                 return -errno;
@@ -312,6 +315,9 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
                 return -ENOMEM;
 
         sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
         r = security_compute_create_raw(mycon, fcon, sclass, label);
         if (r < 0)
                 return -errno;
Unnamed repository; edit this file 'description' to name the repository.