diff options
| -rw-r--r-- | net/netlabel/netlabel_cipso_v4.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index 743b05734a49..1fbc906a9737 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c | |||
| @@ -185,20 +185,31 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) | |||
| 185 | ret_val = netlbl_cipsov4_add_common(info, doi_def); | 185 | ret_val = netlbl_cipsov4_add_common(info, doi_def); |
| 186 | if (ret_val != 0) | 186 | if (ret_val != 0) |
| 187 | goto add_std_failure; | 187 | goto add_std_failure; |
| 188 | ret_val = -EINVAL; | ||
| 188 | 189 | ||
| 189 | nla_for_each_nested(nla_a, | 190 | nla_for_each_nested(nla_a, |
| 190 | info->attrs[NLBL_CIPSOV4_A_MLSLVLLST], | 191 | info->attrs[NLBL_CIPSOV4_A_MLSLVLLST], |
| 191 | nla_a_rem) | 192 | nla_a_rem) |
| 192 | if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSLVL) { | 193 | if (nla_a->nla_type == NLBL_CIPSOV4_A_MLSLVL) { |
| 194 | if (nla_validate_nested(nla_a, | ||
| 195 | NLBL_CIPSOV4_A_MAX, | ||
| 196 | netlbl_cipsov4_genl_policy) != 0) | ||
| 197 | goto add_std_failure; | ||
| 193 | nla_for_each_nested(nla_b, nla_a, nla_b_rem) | 198 | nla_for_each_nested(nla_b, nla_a, nla_b_rem) |
| 194 | switch (nla_b->nla_type) { | 199 | switch (nla_b->nla_type) { |
| 195 | case NLBL_CIPSOV4_A_MLSLVLLOC: | 200 | case NLBL_CIPSOV4_A_MLSLVLLOC: |
| 201 | if (nla_get_u32(nla_b) > | ||
| 202 | CIPSO_V4_MAX_LOC_LVLS) | ||
| 203 | goto add_std_failure; | ||
| 196 | if (nla_get_u32(nla_b) >= | 204 | if (nla_get_u32(nla_b) >= |
| 197 | doi_def->map.std->lvl.local_size) | 205 | doi_def->map.std->lvl.local_size) |
| 198 | doi_def->map.std->lvl.local_size = | 206 | doi_def->map.std->lvl.local_size = |
| 199 | nla_get_u32(nla_b) + 1; | 207 | nla_get_u32(nla_b) + 1; |
| 200 | break; | 208 | break; |
| 201 | case NLBL_CIPSOV4_A_MLSLVLREM: | 209 | case NLBL_CIPSOV4_A_MLSLVLREM: |
| 210 | if (nla_get_u32(nla_b) > | ||
| 211 | CIPSO_V4_MAX_REM_LVLS) | ||
| 212 | goto add_std_failure; | ||
| 202 | if (nla_get_u32(nla_b) >= | 213 | if (nla_get_u32(nla_b) >= |
| 203 | doi_def->map.std->lvl.cipso_size) | 214 | doi_def->map.std->lvl.cipso_size) |
| 204 | doi_def->map.std->lvl.cipso_size = | 215 | doi_def->map.std->lvl.cipso_size = |
| @@ -206,9 +217,6 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) | |||
| 206 | break; | 217 | break; |
| 207 | } | 218 | } |
| 208 | } | 219 | } |
| 209 | if (doi_def->map.std->lvl.local_size > CIPSO_V4_MAX_LOC_LVLS || | ||
| 210 | doi_def->map.std->lvl.cipso_size > CIPSO_V4_MAX_REM_LVLS) | ||
| 211 | goto add_std_failure; | ||
| 212 | doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size, | 220 | doi_def->map.std->lvl.local = kcalloc(doi_def->map.std->lvl.local_size, |
| 213 | sizeof(u32), | 221 | sizeof(u32), |
| 214 | GFP_KERNEL); | 222 | GFP_KERNEL); |
| @@ -230,11 +238,6 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) | |||
| 230 | struct nlattr *lvl_loc; | 238 | struct nlattr *lvl_loc; |
| 231 | struct nlattr *lvl_rem; | 239 | struct nlattr *lvl_rem; |
| 232 | 240 | ||
| 233 | if (nla_validate_nested(nla_a, | ||
| 234 | NLBL_CIPSOV4_A_MAX, | ||
| 235 | netlbl_cipsov4_genl_policy) != 0) | ||
| 236 | goto add_std_failure; | ||
| 237 | |||
| 238 | lvl_loc = nla_find_nested(nla_a, | 241 | lvl_loc = nla_find_nested(nla_a, |
| 239 | NLBL_CIPSOV4_A_MLSLVLLOC); | 242 | NLBL_CIPSOV4_A_MLSLVLLOC); |
| 240 | lvl_rem = nla_find_nested(nla_a, | 243 | lvl_rem = nla_find_nested(nla_a, |
| @@ -264,12 +267,18 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) | |||
| 264 | nla_for_each_nested(nla_b, nla_a, nla_b_rem) | 267 | nla_for_each_nested(nla_b, nla_a, nla_b_rem) |
| 265 | switch (nla_b->nla_type) { | 268 | switch (nla_b->nla_type) { |
| 266 | case NLBL_CIPSOV4_A_MLSCATLOC: | 269 | case NLBL_CIPSOV4_A_MLSCATLOC: |
| 270 | if (nla_get_u32(nla_b) > | ||
| 271 | CIPSO_V4_MAX_LOC_CATS) | ||
| 272 | goto add_std_failure; | ||
| 267 | if (nla_get_u32(nla_b) >= | 273 | if (nla_get_u32(nla_b) >= |
| 268 | doi_def->map.std->cat.local_size) | 274 | doi_def->map.std->cat.local_size) |
| 269 | doi_def->map.std->cat.local_size = | 275 | doi_def->map.std->cat.local_size = |
| 270 | nla_get_u32(nla_b) + 1; | 276 | nla_get_u32(nla_b) + 1; |
| 271 | break; | 277 | break; |
| 272 | case NLBL_CIPSOV4_A_MLSCATREM: | 278 | case NLBL_CIPSOV4_A_MLSCATREM: |
| 279 | if (nla_get_u32(nla_b) > | ||
| 280 | CIPSO_V4_MAX_REM_CATS) | ||
| 281 | goto add_std_failure; | ||
| 273 | if (nla_get_u32(nla_b) >= | 282 | if (nla_get_u32(nla_b) >= |
| 274 | doi_def->map.std->cat.cipso_size) | 283 | doi_def->map.std->cat.cipso_size) |
| 275 | doi_def->map.std->cat.cipso_size = | 284 | doi_def->map.std->cat.cipso_size = |
| @@ -277,9 +286,6 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) | |||
| 277 | break; | 286 | break; |
| 278 | } | 287 | } |
| 279 | } | 288 | } |
| 280 | if (doi_def->map.std->cat.local_size > CIPSO_V4_MAX_LOC_CATS || | ||
| 281 | doi_def->map.std->cat.cipso_size > CIPSO_V4_MAX_REM_CATS) | ||
| 282 | goto add_std_failure; | ||
| 283 | doi_def->map.std->cat.local = kcalloc( | 289 | doi_def->map.std->cat.local = kcalloc( |
| 284 | doi_def->map.std->cat.local_size, | 290 | doi_def->map.std->cat.local_size, |
| 285 | sizeof(u32), | 291 | sizeof(u32), |