diff --git a/backport-mcstrans-check-memory-allocations.patch b/backport-mcstrans-check-memory-allocations.patch
new file mode 100644
index 0000000000000000000000000000000000000000..443f38cc211771f387880a8c567955cd1ada8300
--- /dev/null
+++ b/backport-mcstrans-check-memory-allocations.patch
@@ -0,0 +1,44 @@
+From 114f1bb16ead56c06b05ac4b214e1579971c5636 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 5 Jan 2024 19:35:34 +0100
+Subject: [PATCH] mcstrans: check memory allocations
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Avoid NULL dereferences on allocation failure.
+
+Reported by GCC analyzer.
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ mcstrans/src/mls_level.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/mcstrans/src/mls_level.c b/mcstrans/src/mls_level.c
+index 2017f117..2ee1a231 100644
+--- a/mcstrans/src/mls_level.c
++++ b/mcstrans/src/mls_level.c
+@@ -13,6 +13,8 @@ mls_level_t *mls_level_from_string(char *mls_context)
+ 	}
+ 
+ 	l = (mls_level_t *) calloc(1, sizeof(mls_level_t));
++	if (!l)
++		return NULL;
+ 
+ 	/* Extract low sensitivity. */
+ 	scontextp = p = mls_context;
+@@ -124,6 +126,9 @@ char *mls_level_to_string(mls_level_t *l)
+ 	if (len == 0)
+ 		return NULL;
+ 	char *result = (char *)malloc(len + 1);
++	if (!result)
++		return NULL;
++
+ 	char *p = result;
+ 
+ 	p += sprintf(p, "s%d", l->sens);
+-- 
+2.33.0
+
diff --git a/mcstrans.spec b/mcstrans.spec
index 3d5f4c73a9266aacc6b7317d95167615236d301e..c12fb8c9cd17c2948fee3c6405131b84ac2ba90c 100644
--- a/mcstrans.spec
+++ b/mcstrans.spec
@@ -1,11 +1,13 @@
 Name:           mcstrans
 Version:        3.5
-Release:        1
+Release:        2
 Summary:        SELinux Translation Daemon
 License:        GPL2
 URL:            https://github.com/SELinuxProject/selinux/wiki
 Source:         https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
 
+Patch1:    backport-mcstrans-check-memory-allocations.patch
+
 BuildRequires:  gcc systemd-units make
 BuildRequires:  libselinux-devel >= %{version}
 BuildRequires:  libcap-devel pcre2-devel libsepol-devel >= %{version} libsepol-static >= %{version}
@@ -38,6 +40,7 @@ mcstrans-help include help files for man page
 
 %prep
 %setup -q
+%patch1 -p2
 
 %build
 %set_build_flags
@@ -87,6 +90,9 @@ rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/mcstrans
 %{_mandir}/ru/man8/*.8.gz
 
 %changelog
+* Mon Jul 8 2024 yixiangzhike <yixiangzhike007@163.com> - 3.5-2
+- backport upstream patch to avoid NULL dereferences
+
 * Thu Jul 20 2023 yixiangzhike <yixiangzhike007@163.com> - 3.5-1
 - update to 3.5