From 552003dbd6f9e8d8adc55d969e63b9dedcbed726 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Tue, 7 Oct 2025 08:36:40 +0200
Subject: [PATCH] selinux: fix potential segfault in sestatus

Remove the puts(cterm) call that was likely leftover debugging code.
The controlling terminal name is already properly displayed via the
'Controlling term:' label, so the raw terminal name output was redundant
and could cause issues when cterm is NULL.

Also add proper cleanup for the allocated cterm string.

function                                             old     new   delta
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/0 up/down: 0/0)                 Total: 0 bytes

Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 selinux/sestatus.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/selinux/sestatus.c b/selinux/sestatus.c
index 098a4d189..cf664cc18 100644
--- a/selinux/sestatus.c
+++ b/selinux/sestatus.c
@@ -131,13 +131,13 @@ static void display_verbose(void)
 	puts("\nFile contexts:");
 
 	cterm = xmalloc_ttyname(0);
-//FIXME: if cterm == NULL, we segfault!??
-	puts(cterm);
 	if (cterm && lgetfilecon(cterm, &con) >= 0) {
 		printf(COL_FMT "%s\n", "Controlling term:", con);
 		if (ENABLE_FEATURE_CLEAN_UP)
 			freecon(con);
 	}
+	if (ENABLE_FEATURE_CLEAN_UP)
+		free(cterm);
 
 	for (i = 0; fc[i] != NULL; i++) {
 		struct stat stbuf;