diff options
author | Paul Moore <paul.moore@hp.com> | 2006-10-11 19:10:48 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-16 02:14:15 -0400 |
commit | bf0edf39296097f20c5fcc4919ed7d339194bd75 (patch) | |
tree | 0cde65c275cd7bab51c306cde3bf80487655f6ba /security/selinux/ss/mls.c | |
parent | 044a68ed8a692f643cf3c0a54c380a922584f34f (diff) |
NetLabel: better error handling involving mls_export_cat()
Upon inspection it looked like the error handling for mls_export_cat() was
rather poor. This patch addresses this by NULL'ing out kfree()'d pointers
before returning and checking the return value of the function everywhere
it is called.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/mls.c')
-rw-r--r-- | security/selinux/ss/mls.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index c713af23250a..2cca8e251624 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
@@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context, | |||
640 | { | 640 | { |
641 | int rc = -EPERM; | 641 | int rc = -EPERM; |
642 | 642 | ||
643 | if (!selinux_mls_enabled) | 643 | if (!selinux_mls_enabled) { |
644 | *low = NULL; | ||
645 | *low_len = 0; | ||
646 | *high = NULL; | ||
647 | *high_len = 0; | ||
644 | return 0; | 648 | return 0; |
649 | } | ||
645 | 650 | ||
646 | if (low != NULL) { | 651 | if (low != NULL) { |
647 | rc = ebitmap_export(&context->range.level[0].cat, | 652 | rc = ebitmap_export(&context->range.level[0].cat, |
@@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context, | |||
661 | return 0; | 666 | return 0; |
662 | 667 | ||
663 | export_cat_failure: | 668 | export_cat_failure: |
664 | if (low != NULL) | 669 | if (low != NULL) { |
665 | kfree(*low); | 670 | kfree(*low); |
666 | if (high != NULL) | 671 | *low = NULL; |
672 | *low_len = 0; | ||
673 | } | ||
674 | if (high != NULL) { | ||
667 | kfree(*high); | 675 | kfree(*high); |
676 | *high = NULL; | ||
677 | *high_len = 0; | ||
678 | } | ||
668 | return rc; | 679 | return rc; |
669 | } | 680 | } |
670 | 681 | ||