diff options
| author | Paul Moore <paul.moore@hp.com> | 2006-10-11 19:10:48 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-15 23:14:15 -0700 |
| commit | bf0edf39296097f20c5fcc4919ed7d339194bd75 (patch) | |
| tree | 0cde65c275cd7bab51c306cde3bf80487655f6ba /security/selinux/ss/services.c | |
| parent | 044a68ed8a692f643cf3c0a54c380a922584f34f (diff) | |
NetLabel: better error handling involving mls_export_cat()
Upon inspection it looked like the error handling for mls_export_cat() was
rather poor. This patch addresses this by NULL'ing out kfree()'d pointers
before returning and checking the return value of the function everywhere
it is called.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 18274b00509..b1f6fb36c69 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2399,31 +2399,33 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) if (!ss_initialized) return 0; + netlbl_secattr_init(&secattr); + POLICY_RDLOCK; ctx = sidtab_search(&sidtab, sid); if (ctx == NULL) goto netlbl_socket_setsid_return; - netlbl_secattr_init(&secattr); secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], GFP_ATOMIC); mls_export_lvl(ctx, &secattr.mls_lvl, NULL); secattr.mls_lvl_vld = 1; - mls_export_cat(ctx, - &secattr.mls_cat, - &secattr.mls_cat_len, - NULL, - NULL); + rc = mls_export_cat(ctx, + &secattr.mls_cat, + &secattr.mls_cat_len, + NULL, + NULL); + if (rc != 0) + goto netlbl_socket_setsid_return; rc = netlbl_socket_setattr(sock, &secattr); if (rc == 0) sksec->nlbl_state = NLBL_LABELED; - netlbl_secattr_destroy(&secattr); - netlbl_socket_setsid_return: POLICY_RDUNLOCK; + netlbl_secattr_destroy(&secattr); return rc; } |