libsepol: avoid potential NULL dereference on optional parameter

The parameter `reason` of `context_struct_compute_av()` is optional and can be passed in as NULL, like from `type_attribute_bounds_av()`. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
2025-01-02 19:52:03 +00:00 · 2022-06-10 17:06:23 +02:00 · 2022-06-10 17:06:23 +02:00 · f505a73b06
commit f505a73b06
parent 956bda08f6
1 changed files with 2 additions and 1 deletions
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@ -894,7 +894,8 @@ static void type_attribute_bounds_av(context_struct_t *scontext,
 	/* mask violated permissions */
 	avd->allowed &= ~masked;

-	*reason |= SEPOL_COMPUTEAV_BOUNDS;
+	if (reason)
+		*reason |= SEPOL_COMPUTEAV_BOUNDS;
 }

 /*