From 9193ff7f1d0bb9986ce3a94dd37e695c0c4b6845 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Wed, 11 Oct 2006 19:10:48 -0400 Subject: [PATCH] --- yaml --- r: 39687 b: refs/heads/master c: bf0edf39296097f20c5fcc4919ed7d339194bd75 h: refs/heads/master i: 39685: bdf5b4b381f3506f4bdcbd95e590f26c22588cd0 39683: 972d03af6d066ec477395659f5ec904f768800e5 39679: 1d66859e295949d3ac20ddca83749b6780e651cc v: v3 --- [refs] | 2 +- trunk/security/selinux/ss/ebitmap.c | 8 ++++++-- trunk/security/selinux/ss/mls.c | 17 ++++++++++++++--- trunk/security/selinux/ss/services.c | 18 ++++++++++-------- 4 files changed, 31 insertions(+), 14 deletions(-) diff --git a/[refs] b/[refs] index b1f426a81943..148c62832448 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 044a68ed8a692f643cf3c0a54c380a922584f34f +refs/heads/master: bf0edf39296097f20c5fcc4919ed7d339194bd75 diff --git a/trunk/security/selinux/ss/ebitmap.c b/trunk/security/selinux/ss/ebitmap.c index cfed1d30fa6a..d539346ab3a2 100644 --- a/trunk/security/selinux/ss/ebitmap.c +++ b/trunk/security/selinux/ss/ebitmap.c @@ -93,11 +93,15 @@ int ebitmap_export(const struct ebitmap *src, size_t bitmap_byte; unsigned char bitmask; + if (src->highbit == 0) { + *dst = NULL; + *dst_len = 0; + return 0; + } + bitmap_len = src->highbit / 8; if (src->highbit % 7) bitmap_len += 1; - if (bitmap_len == 0) - return -EINVAL; bitmap = kzalloc((bitmap_len & ~(sizeof(MAPTYPE) - 1)) + sizeof(MAPTYPE), diff --git a/trunk/security/selinux/ss/mls.c b/trunk/security/selinux/ss/mls.c index c713af23250a..2cca8e251624 100644 --- a/trunk/security/selinux/ss/mls.c +++ b/trunk/security/selinux/ss/mls.c @@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context, { int rc = -EPERM; - if (!selinux_mls_enabled) + if (!selinux_mls_enabled) { + *low = NULL; + *low_len = 0; + *high = NULL; + *high_len = 0; return 0; + } if (low != NULL) { rc = ebitmap_export(&context->range.level[0].cat, @@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context, return 0; export_cat_failure: - if (low != NULL) + if (low != NULL) { kfree(*low); - if (high != NULL) + *low = NULL; + *low_len = 0; + } + if (high != NULL) { kfree(*high); + *high = NULL; + *high_len = 0; + } return rc; } diff --git a/trunk/security/selinux/ss/services.c b/trunk/security/selinux/ss/services.c index 18274b005090..b1f6fb36c699 100644 --- a/trunk/security/selinux/ss/services.c +++ b/trunk/security/selinux/ss/services.c @@ -2399,31 +2399,33 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) if (!ss_initialized) return 0; + netlbl_secattr_init(&secattr); + POLICY_RDLOCK; ctx = sidtab_search(&sidtab, sid); if (ctx == NULL) goto netlbl_socket_setsid_return; - netlbl_secattr_init(&secattr); secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], GFP_ATOMIC); mls_export_lvl(ctx, &secattr.mls_lvl, NULL); secattr.mls_lvl_vld = 1; - mls_export_cat(ctx, - &secattr.mls_cat, - &secattr.mls_cat_len, - NULL, - NULL); + rc = mls_export_cat(ctx, + &secattr.mls_cat, + &secattr.mls_cat_len, + NULL, + NULL); + if (rc != 0) + goto netlbl_socket_setsid_return; rc = netlbl_socket_setattr(sock, &secattr); if (rc == 0) sksec->nlbl_state = NLBL_LABELED; - netlbl_secattr_destroy(&secattr); - netlbl_socket_setsid_return: POLICY_RDUNLOCK; + netlbl_secattr_destroy(&secattr); return rc; }