If an initial SID is missing a labeling statement, the compiler will
segfault when trying to copy the context during expand. Check for this
situation to handle it gracefully.
This fixes ocontext_copy_selinux() and ocontext_copy_xen().
Signed-off-by: Chris PeBenito <cpebenito@xxxxxxxxxx>
---
libsepol/src/expand.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 2df61f9..6f766b4 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -2064,6 +2064,12 @@ static int ocontext_copy_xen(expand_state_t *state)
l = n;
switch (i) {
case OCON_XEN_ISID:
+ if (c->context[0].user == 0) {
+ ERR(state->handle,
+ "Missing context for %s initial sid",
+ c->u.name);
+ return -1;
+ }
n->sid[0] = c->sid[0];
break;
case OCON_XEN_PIRQ:
@@ -2117,6 +2123,12 @@ static int ocontext_copy_selinux(expand_state_t *state)
l = n;
switch (i) {
case OCON_ISID:
+ if (c->context[0].user == 0) {
+ ERR(state->handle,
+ "Missing context for %s initial sid",
+ c->u.name);
+ return -1;
+ }
n->sid[0] = c->sid[0];
break;
case OCON_FS: /* FALLTHROUGH */
--
1.7.8.6
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
