diff options
| author | Paul Moore <paul.moore@hp.com> | 2006-10-11 19:10:48 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-16 02:14:15 -0400 |
| commit | bf0edf39296097f20c5fcc4919ed7d339194bd75 (patch) | |
| tree | 0cde65c275cd7bab51c306cde3bf80487655f6ba /security/selinux/ss/services.c | |
| parent | 044a68ed8a692f643cf3c0a54c380a922584f34f (diff) | |
NetLabel: better error handling involving mls_export_cat()
Upon inspection it looked like the error handling for mls_export_cat() was
rather poor. This patch addresses this by NULL'ing out kfree()'d pointers
before returning and checking the return value of the function everywhere
it is called.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 18274b005090..b1f6fb36c699 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -2399,31 +2399,33 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) | |||
| 2399 | if (!ss_initialized) | 2399 | if (!ss_initialized) |
| 2400 | return 0; | 2400 | return 0; |
| 2401 | 2401 | ||
| 2402 | netlbl_secattr_init(&secattr); | ||
| 2403 | |||
| 2402 | POLICY_RDLOCK; | 2404 | POLICY_RDLOCK; |
| 2403 | 2405 | ||
| 2404 | ctx = sidtab_search(&sidtab, sid); | 2406 | ctx = sidtab_search(&sidtab, sid); |
| 2405 | if (ctx == NULL) | 2407 | if (ctx == NULL) |
| 2406 | goto netlbl_socket_setsid_return; | 2408 | goto netlbl_socket_setsid_return; |
| 2407 | 2409 | ||
| 2408 | netlbl_secattr_init(&secattr); | ||
| 2409 | secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], | 2410 | secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], |
| 2410 | GFP_ATOMIC); | 2411 | GFP_ATOMIC); |
| 2411 | mls_export_lvl(ctx, &secattr.mls_lvl, NULL); | 2412 | mls_export_lvl(ctx, &secattr.mls_lvl, NULL); |
| 2412 | secattr.mls_lvl_vld = 1; | 2413 | secattr.mls_lvl_vld = 1; |
| 2413 | mls_export_cat(ctx, | 2414 | rc = mls_export_cat(ctx, |
| 2414 | &secattr.mls_cat, | 2415 | &secattr.mls_cat, |
| 2415 | &secattr.mls_cat_len, | 2416 | &secattr.mls_cat_len, |
| 2416 | NULL, | 2417 | NULL, |
| 2417 | NULL); | 2418 | NULL); |
| 2419 | if (rc != 0) | ||
| 2420 | goto netlbl_socket_setsid_return; | ||
| 2418 | 2421 | ||
| 2419 | rc = netlbl_socket_setattr(sock, &secattr); | 2422 | rc = netlbl_socket_setattr(sock, &secattr); |
| 2420 | if (rc == 0) | 2423 | if (rc == 0) |
| 2421 | sksec->nlbl_state = NLBL_LABELED; | 2424 | sksec->nlbl_state = NLBL_LABELED; |
| 2422 | 2425 | ||
| 2423 | netlbl_secattr_destroy(&secattr); | ||
| 2424 | |||
| 2425 | netlbl_socket_setsid_return: | 2426 | netlbl_socket_setsid_return: |
| 2426 | POLICY_RDUNLOCK; | 2427 | POLICY_RDUNLOCK; |
| 2428 | netlbl_secattr_destroy(&secattr); | ||
| 2427 | return rc; | 2429 | return rc; |
| 2428 | } | 2430 | } |
| 2429 | 2431 | ||