Skip to content

Commit

Permalink
secmark: do not return early if there was no error
Browse files Browse the repository at this point in the history
commit 15714f7 upstream.

Commit 4a5a5c7 attempted to pass decent error messages back to userspace for
netfilter errors.  In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark.  This results
in a kernel BUG if you use SECMARK.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
  • Loading branch information
Eric Paris authored and Greg Kroah-Hartman committed Nov 22, 2010
1 parent 9c15606 commit 6bd415f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/xt_SECMARK.c
Original file line number Diff line number Diff line change
@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
switch (info->mode) {
case SECMARK_MODE_SEL:
err = checkentry_selinux(info);
if (err <= 0)
if (err)
return err;
break;

0 comments on commit 6bd415f

Please sign in to comment.