[PATCH] selinux: Fix NULL deref in policydb_destroy

This patch fixes a possible NULL dereference in policydb_destroy, where p->type_attr_map can be NULL if policydb_destroy is called to clean up a partially loaded policy upon an error during policy load. Please apply. Signed-off-by: N Stephen Smalley <sds@tycho.nsa.gov> Acked-by: N James Morris <jmorris@namei.org> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] selinux: Fix NULL deref in policydb_destroy
This patch fixes a possible NULL dereference in policydb_destroy, where p->type_attr_map can be NULL if policydb_destroy is called to clean up a partially loaded policy upon an error during policy load. Please apply. Signed-off-by: N Stephen Smalley <sds@tycho.nsa.gov> Acked-by: N James Morris <jmorris@namei.org> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
282c1f5e · Stephen Smalley · Linus Torvalds · 8766ce41 · 282c1f5e
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

security/selinux/ss/policydb.c security/selinux/ss/policydb.c +4 -2

未找到文件。
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -650,8 +650,10 @@ void policydb_destroy(struct policydb *p)
 	}
 	if (lrt) kfree(lrt);

-	for (i = 0; i < p->p_types.nprim; i++)
-		ebitmap_destroy(&p->type_attr_map[i]);
+	if (p->type_attr_map) {
+		for (i = 0; i < p->p_types.nprim; i++)
+			ebitmap_destroy(&p->type_attr_map[i]);
+	}
 	kfree(p->type_attr_map);

 	return;