selinux: fix GPF on invalid policy

BugLink: https://bugs.launchpad.net/bugs/1837477
commit 5b0e7310a2a33c06edc7eb81ffc521af9b2c5610 upstream.

levdatum->level can be NULL if we encounter an error while loading
the policy during sens_read prior to initializing it.  Make sure
sens_destroy handles that case correctly.

Reported-by: syzbot+6664500f0f18f07a5c0e@syzkaller.appspotmail.com
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index ffeb644bfecd74d225be0d20e7d192547a3af8af..524068d71bc1a8c5518d627452e4716f673f451d 100644 (file)
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -730,7 +730,8 @@ static int sens_destroy(void *key, void *datum, void *p)
        kfree(key);
        if (datum) {
                levdatum = datum;
-               ebitmap_destroy(&levdatum->level->cat);
+               if (levdatum->level)
+                       ebitmap_destroy(&levdatum->level->cat);
                kfree(levdatum->level);
        }
        kfree(datum);