selinux: check return value of string_to_security_class()

author Christian Göttsche <cgzones@googlemail.com>

Mon, 2 Mar 2020 16:53:20 +0000 (17:53 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Tue, 3 Mar 2020 13:17:52 +0000 (14:17 +0100)
author Christian Göttsche <cgzones@googlemail.com>
Mon, 2 Mar 2020 16:53:20 +0000 (17:53 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 3 Mar 2020 13:17:52 +0000 (14:17 +0100)
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c

index 90bb93ed0b8a6d3d4aaced31828d763836a9a5bc..1095cb426cce815d829dd0d8744b72fb15be9110 100644 (file)
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -233,6 +233,9 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
                  return -errno;
  
          sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
          r = security_compute_create_raw(mycon, fcon, sclass, label);
          if (r < 0)
                  return -errno;
@@ -312,6 +315,9 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
                  return -ENOMEM;
  
          sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
          r = security_compute_create_raw(mycon, fcon, sclass, label);
          if (r < 0)
                  return -errno;
author	Christian Göttsche <cgzones@googlemail.com>
	Mon, 2 Mar 2020 16:53:20 +0000 (17:53 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 3 Mar 2020 13:17:52 +0000 (14:17 +0100)