aboutsummaryrefslogtreecommitdiffstats
path: root/net/key/af_key.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2007-03-07 18:37:58 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2007-03-07 19:08:09 -0500
commitef41aaa0b755f479012341ac11db9ca5b8928d98 (patch)
treef5cd83b9117d0092f40006fbf4fd1f39652ad925 /net/key/af_key.c
parent05e52dd7396514648fba6c275eb7b49eca333c6d (diff)
[IPSEC]: xfrm_policy delete security check misplaced
The security hooks to check permissions to remove an xfrm_policy were actually done after the policy was removed. Since the unlinking and deletion are done in xfrm_policy_by* functions this moves the hooks inside those 2 functions. There we have all the information needed to do the security check and it can be done before the deletion. Since auditing requires the result of that security check err has to be passed back and forth from the xfrm_policy_by* functions. This patch also fixes a bug where a deletion that failed the security check could cause improper accounting on the xfrm_policy (xfrm_get_policy didn't have a put on the exit path for the hold taken by xfrm_policy_by*) It also fixes the return code when no policy is found in xfrm_add_pol_expire. In old code (at least back in the 2.6.18 days) err wasn't used before the return when no policy is found and so the initialization would cause err to be ENOENT. But since err has since been used above when we don't get a policy back from the xfrm_policy_by* function we would always return 0 instead of the intended ENOENT. Also fixed some white space damage in the same area. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r--net/key/af_key.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1c58204d767e..3542435e9d40 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2294,14 +2294,12 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2294 } 2294 }
2295 2295
2296 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2296 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
2297 &sel, tmp.security, 1); 2297 &sel, tmp.security, 1, &err);
2298 security_xfrm_policy_free(&tmp); 2298 security_xfrm_policy_free(&tmp);
2299 2299
2300 if (xp == NULL) 2300 if (xp == NULL)
2301 return -ENOENT; 2301 return -ENOENT;
2302 2302
2303 err = security_xfrm_policy_delete(xp);
2304
2305 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2303 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2306 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 2304 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2307 2305
@@ -2552,7 +2550,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2552 return -EINVAL; 2550 return -EINVAL;
2553 2551
2554 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, 2552 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id,
2555 hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2553 hdr->sadb_msg_type == SADB_X_SPDDELETE2, &err);
2556 if (xp == NULL) 2554 if (xp == NULL)
2557 return -ENOENT; 2555 return -ENOENT;
2558 2556