diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2020-03-02 17:53:20 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-03-03 14:17:52 +0100 |
commit | fdb0405edd90a3016165a83f3f075de7bae3084e (patch) | |
tree | a1d919e36ca949966784d1ca30ad84f38282edfc | |
parent | 81d4a026a61c7be3cfee78613e84f76869d74d3b (diff) | |
download | systemd-fdb0405edd90a3016165a83f3f075de7bae3084e.tar.gz |
selinux: check return value of string_to_security_class()
This should never happen, but better safe than sorry.
-rw-r--r-- | src/basic/selinux-util.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c index 90bb93ed0b..1095cb426c 100644 --- a/src/basic/selinux-util.c +++ b/src/basic/selinux-util.c @@ -233,6 +233,9 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) { return -errno; sclass = string_to_security_class("process"); + if (sclass == 0) + return -ENOSYS; + r = security_compute_create_raw(mycon, fcon, sclass, label); if (r < 0) return -errno; @@ -312,6 +315,9 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char * return -ENOMEM; sclass = string_to_security_class("process"); + if (sclass == 0) + return -ENOSYS; + r = security_compute_create_raw(mycon, fcon, sclass, label); if (r < 0) return -errno; |