selinux: check return value of string_to_security_class()

This should never happen, but better safe than sorry.
author: Christian Göttsche <cgzones@googlemail.com> 2020-03-02 17:53:20 +0100
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-03-03 14:17:52 +0100
commit: fdb0405edd90a3016165a83f3f075de7bae3084e (patch)
tree: a1d919e36ca949966784d1ca30ad84f38282edfc
parent: 81d4a026a61c7be3cfee78613e84f76869d74d3b (diff)
download: systemd-fdb0405edd90a3016165a83f3f075de7bae3084e.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 90bb93ed0b..1095cb426c 100644
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -233,6 +233,9 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
                 return -errno;
 
         sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
         r = security_compute_create_raw(mycon, fcon, sclass, label);
         if (r < 0)
                 return -errno;
@@ -312,6 +315,9 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
                 return -ENOMEM;
 
         sclass = string_to_security_class("process");
+        if (sclass == 0)
+                return -ENOSYS;
+
         r = security_compute_create_raw(mycon, fcon, sclass, label);
         if (r < 0)
                 return -errno;
author	Christian Göttsche <cgzones@googlemail.com>	2020-03-02 17:53:20 +0100
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-03-03 14:17:52 +0100
commit	fdb0405edd90a3016165a83f3f075de7bae3084e (patch)
tree	a1d919e36ca949966784d1ca30ad84f38282edfc
parent	81d4a026a61c7be3cfee78613e84f76869d74d3b (diff)
download	systemd-fdb0405edd90a3016165a83f3f075de7bae3084e.tar.gz