diff options
author | David S. Miller <davem@sunset.davemloft.net> | 2007-02-12 16:53:54 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-02-12 16:53:54 -0500 |
commit | 13fcfbb0675bf87da694f55dec11cada489a205c (patch) | |
tree | 2a1b81c5f7e69781f3e6ee523fd67c2b923531ca /net | |
parent | 9121c77706a4bd75a878573c913553ade120e9ce (diff) |
[XFRM]: Fix OOPSes in xfrm_audit_log().
Make sure that this function is called correctly, and
add BUG() checking to ensure the arguments are sane.
Based upon a patch by Joy Latten.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/key/af_key.c | 11 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 7 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 12 |
3 files changed, 19 insertions, 11 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index f3a026ff9b2c..1c58204d767e 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -2297,16 +2297,17 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2297 | &sel, tmp.security, 1); | 2297 | &sel, tmp.security, 1); |
2298 | security_xfrm_policy_free(&tmp); | 2298 | security_xfrm_policy_free(&tmp); |
2299 | 2299 | ||
2300 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, | ||
2301 | AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL); | ||
2302 | |||
2303 | if (xp == NULL) | 2300 | if (xp == NULL) |
2304 | return -ENOENT; | 2301 | return -ENOENT; |
2305 | 2302 | ||
2306 | err = 0; | 2303 | err = security_xfrm_policy_delete(xp); |
2307 | 2304 | ||
2308 | if ((err = security_xfrm_policy_delete(xp))) | 2305 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, |
2306 | AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); | ||
2307 | |||
2308 | if (err) | ||
2309 | goto out; | 2309 | goto out; |
2310 | |||
2310 | c.seq = hdr->sadb_msg_seq; | 2311 | c.seq = hdr->sadb_msg_seq; |
2311 | c.pid = hdr->sadb_msg_pid; | 2312 | c.pid = hdr->sadb_msg_pid; |
2312 | c.event = XFRM_MSG_DELPOLICY; | 2313 | c.event = XFRM_MSG_DELPOLICY; |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index a24f38510719..c394b413f651 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -1997,9 +1997,14 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result, | |||
1997 | if (audit_enabled == 0) | 1997 | if (audit_enabled == 0) |
1998 | return; | 1998 | return; |
1999 | 1999 | ||
2000 | BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA || | ||
2001 | type == AUDIT_MAC_IPSEC_DELSA) && !x); | ||
2002 | BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD || | ||
2003 | type == AUDIT_MAC_IPSEC_DELSPD) && !xp); | ||
2004 | |||
2000 | audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type); | 2005 | audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type); |
2001 | if (audit_buf == NULL) | 2006 | if (audit_buf == NULL) |
2002 | return; | 2007 | return; |
2003 | 2008 | ||
2004 | switch(type) { | 2009 | switch(type) { |
2005 | case AUDIT_MAC_IPSEC_ADDSA: | 2010 | case AUDIT_MAC_IPSEC_ADDSA: |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index d55436d00e86..256745321611 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1273,10 +1273,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1273 | xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); | 1273 | xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); |
1274 | security_xfrm_policy_free(&tmp); | 1274 | security_xfrm_policy_free(&tmp); |
1275 | } | 1275 | } |
1276 | if (delete) | ||
1277 | xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, | ||
1278 | AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL); | ||
1279 | |||
1280 | if (xp == NULL) | 1276 | if (xp == NULL) |
1281 | return -ENOENT; | 1277 | return -ENOENT; |
1282 | 1278 | ||
@@ -1292,8 +1288,14 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1292 | MSG_DONTWAIT); | 1288 | MSG_DONTWAIT); |
1293 | } | 1289 | } |
1294 | } else { | 1290 | } else { |
1295 | if ((err = security_xfrm_policy_delete(xp)) != 0) | 1291 | err = security_xfrm_policy_delete(xp); |
1292 | |||
1293 | xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, | ||
1294 | AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); | ||
1295 | |||
1296 | if (err != 0) | ||
1296 | goto out; | 1297 | goto out; |
1298 | |||
1297 | c.data.byid = p->index; | 1299 | c.data.byid = p->index; |
1298 | c.event = nlh->nlmsg_type; | 1300 | c.event = nlh->nlmsg_type; |
1299 | c.seq = nlh->nlmsg_seq; | 1301 | c.seq = nlh->nlmsg_seq; |