aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-07-27 07:31:07 -0400
committerJames Morris <jmorris@namei.org>2008-08-04 20:55:47 -0400
commitcf9481e289247fe9cf40f2e2481220d899132049 (patch)
tree39b8e15d27876cd84acb07c9543b423c29d66a7f
parent0c0e186f812457e527c420f7a4d02865fd0dc7d2 (diff)
SELinux: Fix a potentially uninitialised variable in SELinux hooks
Fix a potentially uninitialised variable in SELinux hooks that's given a pointer to the network address by selinux_parse_skb() passing a pointer back through its argument list. By restructuring selinux_parse_skb(), the compiler can see that the error case need not set it as the caller will return immediately. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/hooks.c42
1 files changed, 24 insertions, 18 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0ffd8814af3e..3eae30609702 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3539,38 +3539,44 @@ out:
3539#endif /* IPV6 */ 3539#endif /* IPV6 */
3540 3540
3541static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, 3541static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3542 char **addrp, int src, u8 *proto) 3542 char **_addrp, int src, u8 *proto)
3543{ 3543{
3544 int ret = 0; 3544 char *addrp;
3545 int ret;
3545 3546
3546 switch (ad->u.net.family) { 3547 switch (ad->u.net.family) {
3547 case PF_INET: 3548 case PF_INET:
3548 ret = selinux_parse_skb_ipv4(skb, ad, proto); 3549 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3549 if (ret || !addrp) 3550 if (ret)
3550 break; 3551 goto parse_error;
3551 *addrp = (char *)(src ? &ad->u.net.v4info.saddr : 3552 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3552 &ad->u.net.v4info.daddr); 3553 &ad->u.net.v4info.daddr);
3553 break; 3554 goto okay;
3554 3555
3555#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3556#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3556 case PF_INET6: 3557 case PF_INET6:
3557 ret = selinux_parse_skb_ipv6(skb, ad, proto); 3558 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3558 if (ret || !addrp) 3559 if (ret)
3559 break; 3560 goto parse_error;
3560 *addrp = (char *)(src ? &ad->u.net.v6info.saddr : 3561 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3561 &ad->u.net.v6info.daddr); 3562 &ad->u.net.v6info.daddr);
3562 break; 3563 goto okay;
3563#endif /* IPV6 */ 3564#endif /* IPV6 */
3564 default: 3565 default:
3565 break; 3566 addrp = NULL;
3567 goto okay;
3566 } 3568 }
3567 3569
3568 if (unlikely(ret)) 3570parse_error:
3569 printk(KERN_WARNING 3571 printk(KERN_WARNING
3570 "SELinux: failure in selinux_parse_skb()," 3572 "SELinux: failure in selinux_parse_skb(),"
3571 " unable to parse packet\n"); 3573 " unable to parse packet\n");
3572
3573 return ret; 3574 return ret;
3575
3576okay:
3577 if (_addrp)
3578 *_addrp = addrp;
3579 return 0;
3574} 3580}
3575 3581
3576/** 3582/**