aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/xfrm.c23
1 files changed, 12 insertions, 11 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 00801cef1dd9..425b9f91d755 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
215 */ 215 */
216int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) 216int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
217{ 217{
218 u32 sid_session = SECSID_NULL;
218 struct sec_path *sp; 219 struct sec_path *sp;
219 220
220 *sid = SECSID_NULL;
221
222 if (skb == NULL) 221 if (skb == NULL)
223 return 0; 222 goto out;
224 223
225 sp = skb->sp; 224 sp = skb->sp;
226 if (sp) { 225 if (sp) {
227 int i, sid_set = 0; 226 int i;
228 227
229 for (i = sp->len-1; i >= 0; i--) { 228 for (i = sp->len - 1; i >= 0; i--) {
230 struct xfrm_state *x = sp->xvec[i]; 229 struct xfrm_state *x = sp->xvec[i];
231 if (selinux_authorizable_xfrm(x)) { 230 if (selinux_authorizable_xfrm(x)) {
232 struct xfrm_sec_ctx *ctx = x->security; 231 struct xfrm_sec_ctx *ctx = x->security;
233 232
234 if (!sid_set) { 233 if (sid_session == SECSID_NULL) {
235 *sid = ctx->ctx_sid; 234 sid_session = ctx->ctx_sid;
236 sid_set = 1;
237
238 if (!ckall) 235 if (!ckall)
239 break; 236 goto out;
240 } else if (*sid != ctx->ctx_sid) 237 } else if (sid_session != ctx->ctx_sid) {
238 *sid = SECSID_NULL;
241 return -EINVAL; 239 return -EINVAL;
240 }
242 } 241 }
243 } 242 }
244 } 243 }
245 244
245out:
246 *sid = sid_session;
246 return 0; 247 return 0;
247} 248}
248 249
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-05 18:03:26 -0500