libsepol: Move context_copy() after switch block in ocontext_copy_*().

If an initial SID is missing a labeling statement, the compiler will segfault on the context_copy(). Move the context copy after the switch block so that the existance of the initial SID label can be checked before trying to copy the context. This fixes both ocontext_copy_selinux() and ocontext_copy_xen(). Signed-off-by: Chris PeBenito <cpebenito@tresys.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2024-12-12 17:15:00 +00:00 · 2012-06-12 10:17:13 -04:00 · 2012-06-12 10:17:13 -04:00 · e26b58b08e
commit e26b58b08e
parent 30db6f423b
1 changed files with 9 additions and 9 deletions
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@ -2032,11 +2032,6 @@ static int ocontext_copy_xen(expand_state_t *state)
 			else
 				state->out->ocontexts[i] = n;
 			l = n;
-			if (context_copy(&n->context[0], &c->context[0],
-				state)) {
-				ERR(state->handle, "Out of memory!");
-				return -1;
-			}
 			switch (i) {
 			case OCON_XEN_ISID:
 				n->sid[0] = c->sid[0];
@ -2061,6 +2056,11 @@ static int ocontext_copy_xen(expand_state_t *state)
 				ERR(state->handle, "Unknown ocontext");
 				return -1;
 			}
+			if (context_copy(&n->context[0], &c->context[0],
+				state)) {
+				ERR(state->handle, "Out of memory!");
+				return -1;
+			}
 		}
 	}
 	return 0;
@ -2085,10 +2085,6 @@ static int ocontext_copy_selinux(expand_state_t *state)
 			else
 				state->out->ocontexts[i] = n;
 			l = n;
-			if (context_copy(&n->context[0], &c->context[0], state)) {
-				ERR(state->handle, "Out of memory!");
-				return -1;
-			}
 			switch (i) {
 			case OCON_ISID:
 				n->sid[0] = c->sid[0];
@ -2134,6 +2130,10 @@ static int ocontext_copy_selinux(expand_state_t *state)
 				ERR(state->handle, "Unknown ocontext");
 				return -1;
 			}
+			if (context_copy(&n->context[0], &c->context[0], state)) {
+				ERR(state->handle, "Out of memory!");
+				return -1;
+			}
 		}
 	}
 	return 0;