Merge tag 'selinux-pr-20210830' of git://git.kernel.org/pub/scm/linux…

…/kernel/git/pcmoore/selinux Pull selinux update from Paul Moore: "We've got an unusually small SELinux pull request for v5.15 that consists of only one (?!) patch that is really pretty minor when you look at it. Unsurprisingly it passes all of our tests and merges cleanly on top of your tree right now, please merge this for v5.15" * tag 'selinux-pr-20210830' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: return early for possible NULL audit buffers
chewitt · Aug 31, 2021 · befa491 · befa491
2 parents e55f0c4 + 893c47d
commit befa491
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -3325,6 +3325,8 @@ static int selinux_inode_setxattr(struct user_namespace *mnt_userns,
 			}
 			ab = audit_log_start(audit_context(),
 					     GFP_ATOMIC, AUDIT_SELINUX_ERR);
+			if (!ab)
+				return rc;
 			audit_log_format(ab, "op=setxattr invalid_context=");
 			audit_log_n_untrustedstring(ab, value, audit_size);
 			audit_log_end(ab);
@@ -6552,6 +6554,8 @@ static int selinux_setprocattr(const char *name, void *value, size_t size)
 				ab = audit_log_start(audit_context(),
 						     GFP_ATOMIC,
 						     AUDIT_SELINUX_ERR);
+				if (!ab)
+					return error;
 				audit_log_format(ab, "op=fscreate invalid_context=");
 				audit_log_n_untrustedstring(ab, value, audit_size);
 				audit_log_end(ab);

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
@@ -1673,6 +1673,8 @@ static int compute_sid_handle_invalid_context(
 	if (context_struct_to_string(policydb, newcontext, &n, &nlen))
 		goto out;
 	ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR);
+	if (!ab)
+		goto out;
 	audit_log_format(ab,
 			 "op=security_compute_sid invalid_context=");
 	/* no need to record the NUL with untrusted strings */