From: Stephen Smalley Date: Sun, 23 Oct 2005 19:57:15 +0000 (-0700) Subject: [PATCH] selinux: Fix NULL deref in policydb_destroy X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=282c1f5eba150d0b156ffa9e6b064f1d92f8315f;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git [PATCH] selinux: Fix NULL deref in policydb_destroy This patch fixes a possible NULL dereference in policydb_destroy, where p->type_attr_map can be NULL if policydb_destroy is called to clean up a partially loaded policy upon an error during policy load. Please apply. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 0a758323a9c..8e6262d12aa 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -650,8 +650,10 @@ void policydb_destroy(struct policydb *p) } if (lrt) kfree(lrt); - for (i = 0; i < p->p_types.nprim; i++) - ebitmap_destroy(&p->type_attr_map[i]); + if (p->type_attr_map) { + for (i = 0; i < p->p_types.nprim; i++) + ebitmap_destroy(&p->type_attr_map[i]); + } kfree(p->type_attr_map); return;