diff options
| author | rwatson <rwatson@FreeBSD.org> | 2004-05-03 23:37:48 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2004-05-03 23:37:48 +0000 |
| commit | f42c13d96240283e7d1c6ce850608306de1085d4 (patch) | |
| tree | 7795f3f90e3f3ac38b7d2b11c6c214aad5b208e8 /sys | |
| parent | 9ec8ab1c20d251be3810e326c2b424b9594a3828 (diff) | |
| download | FreeBSD-src-f42c13d96240283e7d1c6ce850608306de1085d4.zip FreeBSD-src-f42c13d96240283e7d1c6ce850608306de1085d4.tar.gz | |
If the mbuf pointer passed to mac_mbuf_to_label() is NULL, or the tag
lookup for the label tag fails, return NULL rather than something close
to NULL. This scenario occurs if mbuf header labeling is optional and
a policy requiring labeling is loaded, resulting in some mbufs having
labels and others not. Previously, 0x14 would be returned because the
NULL from m_tag_find() was not treated specially.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/security/mac/mac_net.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index a5fc29b..51e6251 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -89,9 +89,12 @@ mac_mbuf_to_label(struct mbuf *mbuf) struct m_tag *tag; struct label *label; + if (mbuf == NULL) + return (NULL); tag = m_tag_find(mbuf, PACKET_TAG_MACLABEL, NULL); + if (tag == NULL) + return (NULL); label = (struct label *)(tag+1); - return (label); } |
