aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2007-02-12 16:53:54 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2007-02-12 16:53:54 -0500
commit13fcfbb0675bf87da694f55dec11cada489a205c (patch)
tree2a1b81c5f7e69781f3e6ee523fd67c2b923531ca
parent9121c77706a4bd75a878573c913553ade120e9ce (diff)
[XFRM]: Fix OOPSes in xfrm_audit_log().
Make sure that this function is called correctly, and add BUG() checking to ensure the arguments are sane. Based upon a patch by Joy Latten. Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/key/af_key.c11
-rw-r--r--net/xfrm/xfrm_policy.c7
-rw-r--r--net/xfrm/xfrm_user.c12
3 files changed, 19 insertions, 11 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index f3a026ff9b2c..1c58204d767e 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2297,16 +2297,17 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2297 &sel, tmp.security, 1); 2297 &sel, tmp.security, 1);
2298 security_xfrm_policy_free(&tmp); 2298 security_xfrm_policy_free(&tmp);
2299 2299
2300 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2301 AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
2302
2303 if (xp == NULL) 2300 if (xp == NULL)
2304 return -ENOENT; 2301 return -ENOENT;
2305 2302
2306 err = 0; 2303 err = security_xfrm_policy_delete(xp);
2307 2304
2308 if ((err = security_xfrm_policy_delete(xp))) 2305 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2306 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2307
2308 if (err)
2309 goto out; 2309 goto out;
2310
2310 c.seq = hdr->sadb_msg_seq; 2311 c.seq = hdr->sadb_msg_seq;
2311 c.pid = hdr->sadb_msg_pid; 2312 c.pid = hdr->sadb_msg_pid;
2312 c.event = XFRM_MSG_DELPOLICY; 2313 c.event = XFRM_MSG_DELPOLICY;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index a24f38510719..c394b413f651 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1997,9 +1997,14 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
1997 if (audit_enabled == 0) 1997 if (audit_enabled == 0)
1998 return; 1998 return;
1999 1999
2000 BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA ||
2001 type == AUDIT_MAC_IPSEC_DELSA) && !x);
2002 BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD ||
2003 type == AUDIT_MAC_IPSEC_DELSPD) && !xp);
2004
2000 audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type); 2005 audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
2001 if (audit_buf == NULL) 2006 if (audit_buf == NULL)
2002 return; 2007 return;
2003 2008
2004 switch(type) { 2009 switch(type) {
2005 case AUDIT_MAC_IPSEC_ADDSA: 2010 case AUDIT_MAC_IPSEC_ADDSA:
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d55436d00e86..256745321611 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1273,10 +1273,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1273 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); 1273 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
1274 security_xfrm_policy_free(&tmp); 1274 security_xfrm_policy_free(&tmp);
1275 } 1275 }
1276 if (delete)
1277 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
1278 AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
1279
1280 if (xp == NULL) 1276 if (xp == NULL)
1281 return -ENOENT; 1277 return -ENOENT;
1282 1278
@@ -1292,8 +1288,14 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1292 MSG_DONTWAIT); 1288 MSG_DONTWAIT);
1293 } 1289 }
1294 } else { 1290 } else {
1295 if ((err = security_xfrm_policy_delete(xp)) != 0) 1291 err = security_xfrm_policy_delete(xp);
1292
1293 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
1294 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
1295
1296 if (err != 0)
1296 goto out; 1297 goto out;
1298
1297 c.data.byid = p->index; 1299 c.data.byid = p->index;
1298 c.event = nlh->nlmsg_type; 1300 c.event = nlh->nlmsg_type;
1299 c.seq = nlh->nlmsg_seq; 1301 c.seq = nlh->nlmsg_seq;