From: Christian Göttsche <cgzones@googlemail.com>
Date: Mon, 2 Mar 2020 16:53:20 +0000 (+0100)
Subject: selinux: check return value of string_to_security_class()
X-Git-Tag: v245~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fdb0405edd90a3016165a83f3f075de7bae3084e;p=thirdparty%2Fsystemd.git

selinux: check return value of string_to_security_class()

This should never happen, but better safe than sorry.
---

diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 90bb93ed0b8..1095cb426cc 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -233,6 +233,9 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
                 return -errno;
 
         sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
         r = security_compute_create_raw(mycon, fcon, sclass, label);
         if (r < 0)
                 return -errno;
@@ -312,6 +315,9 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
                 return -ENOMEM;
 
         sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
         r = security_compute_create_raw(mycon, fcon, sclass, label);
         if (r < 0)
                 return -errno;