[PATCH] selinux: Fix NULL deref in policydb_destroy

This patch fixes a possible NULL dereference in policydb_destroy, where p->type_attr_map can be NULL if policydb_destroy is called to clean up a partially loaded policy upon an error during policy load. Please apply. Signed-off-by: Stephen Smalley <[email protected]> Acked-by: James Morris <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
blinkosm · Oct 23, 2005 · 282c1f5 · 282c1f5
1 parent 8766ce4
commit 282c1f5
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
@@ -650,8 +650,10 @@ void policydb_destroy(struct policydb *p)
 	}
 	if (lrt) kfree(lrt);
 
-	for (i = 0; i < p->p_types.nprim; i++)
-		ebitmap_destroy(&p->type_attr_map[i]);
+	if (p->type_attr_map) {
+		for (i = 0; i < p->p_types.nprim; i++)
+			ebitmap_destroy(&p->type_attr_map[i]);
+	}
 	kfree(p->type_attr_map);
 
 	return;