diff options
author | Dan Carpenter <error27@gmail.com> | 2010-06-12 14:56:01 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:35:04 -0400 |
commit | 338437f6a09861cdf76e1396ed5fa6dee9c7cabe (patch) | |
tree | e693392adf370b81af129b326bba45bf43f03862 /security/selinux/ss | |
parent | 38184c522249dc377366d4edc41dc500c2c3bb9e (diff) |
selinux: fix error codes in cond_read_bool()
The original code always returned -1 (-EPERM) on error. The new code
returns either -ENOMEM, or -EINVAL or it propagates the error codes from
lower level functions next_entry() or hashtab_insert().
next_entry() returns -EINVAL.
hashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/conditional.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 0389263b99ce..c91e150c3087 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -223,34 +223,37 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) | |||
223 | 223 | ||
224 | booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); | 224 | booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); |
225 | if (!booldatum) | 225 | if (!booldatum) |
226 | return -1; | 226 | return -ENOMEM; |
227 | 227 | ||
228 | rc = next_entry(buf, fp, sizeof buf); | 228 | rc = next_entry(buf, fp, sizeof buf); |
229 | if (rc < 0) | 229 | if (rc) |
230 | goto err; | 230 | goto err; |
231 | 231 | ||
232 | booldatum->value = le32_to_cpu(buf[0]); | 232 | booldatum->value = le32_to_cpu(buf[0]); |
233 | booldatum->state = le32_to_cpu(buf[1]); | 233 | booldatum->state = le32_to_cpu(buf[1]); |
234 | 234 | ||
235 | rc = -EINVAL; | ||
235 | if (!bool_isvalid(booldatum)) | 236 | if (!bool_isvalid(booldatum)) |
236 | goto err; | 237 | goto err; |
237 | 238 | ||
238 | len = le32_to_cpu(buf[2]); | 239 | len = le32_to_cpu(buf[2]); |
239 | 240 | ||
241 | rc = -ENOMEM; | ||
240 | key = kmalloc(len + 1, GFP_KERNEL); | 242 | key = kmalloc(len + 1, GFP_KERNEL); |
241 | if (!key) | 243 | if (!key) |
242 | goto err; | 244 | goto err; |
243 | rc = next_entry(key, fp, len); | 245 | rc = next_entry(key, fp, len); |
244 | if (rc < 0) | 246 | if (rc) |
245 | goto err; | 247 | goto err; |
246 | key[len] = '\0'; | 248 | key[len] = '\0'; |
247 | if (hashtab_insert(h, key, booldatum)) | 249 | rc = hashtab_insert(h, key, booldatum); |
250 | if (rc) | ||
248 | goto err; | 251 | goto err; |
249 | 252 | ||
250 | return 0; | 253 | return 0; |
251 | err: | 254 | err: |
252 | cond_destroy_bool(key, booldatum, NULL); | 255 | cond_destroy_bool(key, booldatum, NULL); |
253 | return -1; | 256 | return rc; |
254 | } | 257 | } |
255 | 258 | ||
256 | struct cond_insertf_data { | 259 | struct cond_insertf_data { |