diff options
author | David Howells <dhowells@redhat.com> | 2008-07-27 07:31:07 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-08-04 20:55:47 -0400 |
commit | cf9481e289247fe9cf40f2e2481220d899132049 (patch) | |
tree | 39b8e15d27876cd84acb07c9543b423c29d66a7f /security/selinux/hooks.c | |
parent | 0c0e186f812457e527c420f7a4d02865fd0dc7d2 (diff) |
SELinux: Fix a potentially uninitialised variable in SELinux hooks
Fix a potentially uninitialised variable in SELinux hooks that's given a
pointer to the network address by selinux_parse_skb() passing a pointer back
through its argument list. By restructuring selinux_parse_skb(), the compiler
can see that the error case need not set it as the caller will return
immediately.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0ffd8814af3e..3eae30609702 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -3539,38 +3539,44 @@ out: | |||
3539 | #endif /* IPV6 */ | 3539 | #endif /* IPV6 */ |
3540 | 3540 | ||
3541 | static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, | 3541 | static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, |
3542 | char **addrp, int src, u8 *proto) | 3542 | char **_addrp, int src, u8 *proto) |
3543 | { | 3543 | { |
3544 | int ret = 0; | 3544 | char *addrp; |
3545 | int ret; | ||
3545 | 3546 | ||
3546 | switch (ad->u.net.family) { | 3547 | switch (ad->u.net.family) { |
3547 | case PF_INET: | 3548 | case PF_INET: |
3548 | ret = selinux_parse_skb_ipv4(skb, ad, proto); | 3549 | ret = selinux_parse_skb_ipv4(skb, ad, proto); |
3549 | if (ret || !addrp) | 3550 | if (ret) |
3550 | break; | 3551 | goto parse_error; |
3551 | *addrp = (char *)(src ? &ad->u.net.v4info.saddr : | 3552 | addrp = (char *)(src ? &ad->u.net.v4info.saddr : |
3552 | &ad->u.net.v4info.daddr); | 3553 | &ad->u.net.v4info.daddr); |
3553 | break; | 3554 | goto okay; |
3554 | 3555 | ||
3555 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 3556 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
3556 | case PF_INET6: | 3557 | case PF_INET6: |
3557 | ret = selinux_parse_skb_ipv6(skb, ad, proto); | 3558 | ret = selinux_parse_skb_ipv6(skb, ad, proto); |
3558 | if (ret || !addrp) | 3559 | if (ret) |
3559 | break; | 3560 | goto parse_error; |
3560 | *addrp = (char *)(src ? &ad->u.net.v6info.saddr : | 3561 | addrp = (char *)(src ? &ad->u.net.v6info.saddr : |
3561 | &ad->u.net.v6info.daddr); | 3562 | &ad->u.net.v6info.daddr); |
3562 | break; | 3563 | goto okay; |
3563 | #endif /* IPV6 */ | 3564 | #endif /* IPV6 */ |
3564 | default: | 3565 | default: |
3565 | break; | 3566 | addrp = NULL; |
3567 | goto okay; | ||
3566 | } | 3568 | } |
3567 | 3569 | ||
3568 | if (unlikely(ret)) | 3570 | parse_error: |
3569 | printk(KERN_WARNING | 3571 | printk(KERN_WARNING |
3570 | "SELinux: failure in selinux_parse_skb()," | 3572 | "SELinux: failure in selinux_parse_skb()," |
3571 | " unable to parse packet\n"); | 3573 | " unable to parse packet\n"); |
3572 | |||
3573 | return ret; | 3574 | return ret; |
3575 | |||
3576 | okay: | ||
3577 | if (_addrp) | ||
3578 | *_addrp = addrp; | ||
3579 | return 0; | ||
3574 | } | 3580 | } |
3575 | 3581 | ||
3576 | /** | 3582 | /** |