From: Eric Paris <eparis@redhat.com>
Date: Mon, 22 Oct 2007 16:33:02 -0400
Subject: [selinux] don't oops when using non-MLS policy
Message-id: 1193085182.2950.12.camel@localhost.localdomain
O-Subject: [RHEL5 PATCH] bz 223827 SELinux: mls_export_cat and NetLabel oops using non-MLS policy
Bugzilla: 223827

BZ 223827

We don't ship a non-MLS enabled policy but some of our government
customers along with some of our partner consulting firms do use TE only
selinux policy.  Those customers hit a bug in which the NetLabel code
passes NULL pointers and mls_export_cat then tries to use them.  For now
those customers are forced to enable mls but not to make use of it.
This patch checks to make sure we aren't going to deref null before we
do it.  Patch was tested by a gentleman at HP for us.

Original upstream problem discussion can be found at:
http://marc2.theaimsgroup.com/?t=116920302500004&r=1&w=2

 security/selinux/ss/mls.c |   12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

Acked-by: James Morris <jmorris@redhat.com>
Acked-by: "David S. Miller" <davem@redhat.com>

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 2cca8e2..531b08a 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -641,10 +641,14 @@ int mls_export_cat(const struct context *context,
 	int rc = -EPERM;
 
 	if (!selinux_mls_enabled) {
-		*low = NULL;
-		*low_len = 0;
-		*high = NULL;
-		*high_len = 0;
+		if (low != NULL) {
+			*low = NULL;
+			*low_len = 0;
+		}
+		if (high != NULL) {
+			*high = NULL;
+			*high_len = 0;
+		}
 		return 0;
 	}