diff options
Diffstat (limited to 'security/selinux/netnode.c')
| -rw-r--r-- | security/selinux/netnode.c | 30 |
1 files changed, 14 insertions, 16 deletions
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index cae1fcaffd1a..9ab84efa46c7 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c | |||
| @@ -189,9 +189,9 @@ static void sel_netnode_insert(struct sel_netnode *node) | |||
| 189 | */ | 189 | */ |
| 190 | static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid) | 190 | static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid) |
| 191 | { | 191 | { |
| 192 | int ret = -ENOMEM; | 192 | int ret; |
| 193 | struct sel_netnode *node; | 193 | struct sel_netnode *node; |
| 194 | struct sel_netnode *new = NULL; | 194 | struct sel_netnode *new; |
| 195 | 195 | ||
| 196 | spin_lock_bh(&sel_netnode_lock); | 196 | spin_lock_bh(&sel_netnode_lock); |
| 197 | node = sel_netnode_find(addr, family); | 197 | node = sel_netnode_find(addr, family); |
| @@ -200,38 +200,36 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid) | |||
| 200 | spin_unlock_bh(&sel_netnode_lock); | 200 | spin_unlock_bh(&sel_netnode_lock); |
| 201 | return 0; | 201 | return 0; |
| 202 | } | 202 | } |
| 203 | |||
| 203 | new = kzalloc(sizeof(*new), GFP_ATOMIC); | 204 | new = kzalloc(sizeof(*new), GFP_ATOMIC); |
| 204 | if (new == NULL) | ||
| 205 | goto out; | ||
| 206 | switch (family) { | 205 | switch (family) { |
| 207 | case PF_INET: | 206 | case PF_INET: |
| 208 | ret = security_node_sid(&selinux_state, PF_INET, | 207 | ret = security_node_sid(&selinux_state, PF_INET, |
| 209 | addr, sizeof(struct in_addr), sid); | 208 | addr, sizeof(struct in_addr), sid); |
| 210 | new->nsec.addr.ipv4 = *(__be32 *)addr; | 209 | if (new) |
| 210 | new->nsec.addr.ipv4 = *(__be32 *)addr; | ||
| 211 | break; | 211 | break; |
| 212 | case PF_INET6: | 212 | case PF_INET6: |
| 213 | ret = security_node_sid(&selinux_state, PF_INET6, | 213 | ret = security_node_sid(&selinux_state, PF_INET6, |
| 214 | addr, sizeof(struct in6_addr), sid); | 214 | addr, sizeof(struct in6_addr), sid); |
| 215 | new->nsec.addr.ipv6 = *(struct in6_addr *)addr; | 215 | if (new) |
| 216 | new->nsec.addr.ipv6 = *(struct in6_addr *)addr; | ||
| 216 | break; | 217 | break; |
| 217 | default: | 218 | default: |
| 218 | BUG(); | 219 | BUG(); |
| 219 | ret = -EINVAL; | 220 | ret = -EINVAL; |
| 220 | } | 221 | } |
| 221 | if (ret != 0) | 222 | if (ret == 0 && new) { |
| 222 | goto out; | 223 | new->nsec.family = family; |
| 223 | 224 | new->nsec.sid = *sid; | |
| 224 | new->nsec.family = family; | 225 | sel_netnode_insert(new); |
| 225 | new->nsec.sid = *sid; | 226 | } else |
| 226 | sel_netnode_insert(new); | 227 | kfree(new); |
| 227 | 228 | ||
| 228 | out: | ||
| 229 | spin_unlock_bh(&sel_netnode_lock); | 229 | spin_unlock_bh(&sel_netnode_lock); |
| 230 | if (unlikely(ret)) { | 230 | if (unlikely(ret)) |
| 231 | pr_warn("SELinux: failure in %s(), unable to determine network node label\n", | 231 | pr_warn("SELinux: failure in %s(), unable to determine network node label\n", |
| 232 | __func__); | 232 | __func__); |
| 233 | kfree(new); | ||
| 234 | } | ||
| 235 | return ret; | 233 | return ret; |
| 236 | } | 234 | } |
| 237 | 235 | ||