If the mbuf pointer passed to mac_mbuf_to_label() is NULL, or the tag

lookup for the label tag fails, return NULL rather than something close to NULL. This scenario occurs if mbuf header labeling is optional and a policy requiring labeling is loaded, resulting in some mbufs having labels and others not. Previously, 0x14 would be returned because the NULL from m_tag_find() was not treated specially. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
author: rwatson <rwatson@FreeBSD.org> 2004-05-03 23:37:48 +0000
committer: rwatson <rwatson@FreeBSD.org> 2004-05-03 23:37:48 +0000
commit: f42c13d96240283e7d1c6ce850608306de1085d4 (patch)
tree: 7795f3f90e3f3ac38b7d2b11c6c214aad5b208e8 /sys/security
parent: 9ec8ab1c20d251be3810e326c2b424b9594a3828 (diff)
download: FreeBSD-src-f42c13d96240283e7d1c6ce850608306de1085d4.zip
FreeBSD-src-f42c13d96240283e7d1c6ce850608306de1085d4.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index a5fc29b..51e6251 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -89,9 +89,12 @@ mac_mbuf_to_label(struct mbuf *mbuf)
 	struct m_tag *tag;
 	struct label *label;
 
+	if (mbuf == NULL)
+		return (NULL);
 	tag = m_tag_find(mbuf, PACKET_TAG_MACLABEL, NULL);
+	if (tag == NULL)
+		return (NULL);
 	label = (struct label *)(tag+1);
-
 	return (label);
 }
author	rwatson <rwatson@FreeBSD.org>	2004-05-03 23:37:48 +0000
committer	rwatson <rwatson@FreeBSD.org>	2004-05-03 23:37:48 +0000
commit	f42c13d96240283e7d1c6ce850608306de1085d4 (patch)
tree	7795f3f90e3f3ac38b7d2b11c6c214aad5b208e8 /sys/security
parent	9ec8ab1c20d251be3810e326c2b424b9594a3828 (diff)
download	FreeBSD-src-f42c13d96240283e7d1c6ce850608306de1085d4.zip FreeBSD-src-f42c13d96240283e7d1c6ce850608306de1085d4.tar.gz