summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2013-07-23 17:38:40 -0400
committerEric Paris <eparis@redhat.com>2013-07-25 13:02:13 -0400
commitbed4d7efb31fd81b3a3c83dc8540197cd0fe81c0 (patch)
tree186fe2daebcea0115afe0b45f540a346c2c700a8
parentd1b17b09f390369271ecfbc7e4a4d0d0dcff1b1b (diff)
downloadop-kernel-dev-bed4d7efb31fd81b3a3c83dc8540197cd0fe81c0.zip
op-kernel-dev-bed4d7efb31fd81b3a3c83dc8540197cd0fe81c0.tar.gz
selinux: remove the BUG_ON() from selinux_skb_xfrm_sid()
Remove the BUG_ON() from selinux_skb_xfrm_sid() and propogate the error code up to the caller. Also check the return values in the only caller function, selinux_skb_peerlbl_sid(). Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--security/selinux/hooks.c8
-rw-r--r--security/selinux/include/xfrm.h5
2 files changed, 8 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d3555bd..4bc068b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3722,8 +3722,12 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
u32 nlbl_sid;
u32 nlbl_type;
- selinux_skb_xfrm_sid(skb, &xfrm_sid);
- selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
+ err = selinux_skb_xfrm_sid(skb, &xfrm_sid);
+ if (unlikely(err))
+ return -EACCES;
+ err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
+ if (unlikely(err))
+ return -EACCES;
err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
if (unlikely(err)) {
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 60774bc..7605251 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -76,10 +76,9 @@ static inline void selinux_xfrm_notify_policyload(void)
}
#endif
-static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
+static inline int selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
{
- int err = selinux_xfrm_decode_session(skb, sid, 0);
- BUG_ON(err);
+ return selinux_xfrm_decode_session(skb, sid, 0);
}
#endif /* _SELINUX_XFRM_H_ */
OpenPOWER on IntegriCloud