selinux: switch two allocations to use kzalloc_objs()

These were the only two allocations in the policy loading logic
that were not already using kzalloc_objs() for the policy
data structures. Fix these to be consistent with the rest and
to protect against ill-formed policy.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 824c3f89615185e89496021aa8c88069281926db..64f1bbb8caa0756a3d63e0b075ab423cf611d066 100644 (file)
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -165,7 +165,7 @@ void cond_policydb_destroy(struct policydb *p)
 int cond_init_bool_indexes(struct policydb *p)
 {
        kfree(p->bool_val_to_struct);
-       p->bool_val_to_struct = kmalloc_objs(*p->bool_val_to_struct,
+       p->bool_val_to_struct = kzalloc_objs(*p->bool_val_to_struct,
                                             p->p_bools.nprim);
        if (!p->bool_val_to_struct)
                return -ENOMEM;
@@ -709,7 +709,7 @@ static int duplicate_policydb_bools(struct policydb *newdb,
        struct cond_bool_datum **cond_bool_array;
        int rc;
 
-       cond_bool_array = kmalloc_objs(*orig->bool_val_to_struct,
+       cond_bool_array = kzalloc_objs(*orig->bool_val_to_struct,
                                       orig->p_bools.nprim);
        if (!cond_bool_array)
                return -ENOMEM;