Merge branch 'printk-cleanups'

[cascardo/linux.git] / security / selinux / ss / policydb.c

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index bb9720b..d719db4 100644 (file)
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -541,21 +541,21 @@ static int policydb_index(struct policydb *p)
 
        rc = -ENOMEM;
        p->class_val_to_struct =
-               kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)),
+               kzalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)),
                        GFP_KERNEL);
        if (!p->class_val_to_struct)
                goto out;
 
        rc = -ENOMEM;
        p->role_val_to_struct =
-               kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
+               kzalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
                        GFP_KERNEL);
        if (!p->role_val_to_struct)
                goto out;
 
        rc = -ENOMEM;
        p->user_val_to_struct =
-               kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
+               kzalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
                        GFP_KERNEL);
        if (!p->user_val_to_struct)
                goto out;
@@ -964,7 +964,7 @@ int policydb_context_isvalid(struct policydb *p, struct context *c)
                 * Role must be authorized for the type.
                 */
                role = p->role_val_to_struct[c->role - 1];
-               if (!ebitmap_get_bit(&role->types, c->type - 1))
+               if (!role || !ebitmap_get_bit(&role->types, c->type - 1))
                        /* role may not be associated with type */
                        return 0;
 
@@ -1094,6 +1094,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
        int rc;
        char *str;
 
+       if ((len == 0) || (len == (u32)-1))
+               return -EINVAL;
+
        str = kmalloc(len + 1, flags);
        if (!str)
                return -ENOMEM;
@@ -2414,6 +2417,7 @@ int policydb_read(struct policydb *p, void *fp)
                } else
                        tr->tclass = p->process_class;
 
+               rc = -EINVAL;
                if (!policydb_role_isvalid(p, tr->role) ||
                    !policydb_type_isvalid(p, tr->type) ||
                    !policydb_class_isvalid(p, tr->tclass) ||