From: Space Meyer <spm@google.com>
Date: Wed, 7 Dec 2022 13:11:30 +0000 (+0100)
Subject: journald: prevent segfault on empty attr/current
X-Git-Tag: v253-rc1~342
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff868eaadecde2568d1e08a375ec8a3b327984fa;p=thirdparty%2Fsystemd.git

journald: prevent segfault on empty attr/current

getpidcon() might set con to NULL, even when it returned a 0 return
code[0]. The subsequent strlen(con) will then cause a segfault.

Alternatively the behaviour could also be changed in getpidcon. I
don't know whether the libselinux folks are comitted to the current
behaviour, but the getpidcon man page doesn't really make it obvious
this case could happen.

[0] https://github.com/SELinuxProject/selinux/blob/fb7f35495fbad468d6efa76c5fed727659903038/libselinux/src/procattr.c#L155-L158
---

diff --git a/src/journal/journald-context.c b/src/journal/journald-context.c
index b2f6fcc2a3c..222855ae60f 100644
--- a/src/journal/journald-context.c
+++ b/src/journal/journald-context.c
@@ -259,7 +259,7 @@ static int client_context_read_label(
 
                 /* If we got no SELinux label passed in, let's try to acquire one */
 
-                if (getpidcon(c->pid, &con) >= 0) {
+                if (getpidcon(c->pid, &con) >= 0 && con) {
                         free_and_replace(c->label, con);
                         c->label_size = strlen(c->label);
                 }