Skip to content

Commit

Permalink
selinux: remove the BUG_ON() from selinux_skb_xfrm_sid()
Browse files Browse the repository at this point in the history 
Remove the BUG_ON() from selinux_skb_xfrm_sid() and propogate the
error code up to the caller.  Also check the return values in the
only caller function, selinux_skb_peerlbl_sid().

Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
  • Loading branch information
Paul Moore authored and Eric Paris committed Jul 25, 2013
1 parent d1b17b0 commit bed4d7e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
8 changes: 6 additions & 2 deletions security/selinux/hooks.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3722,8 +3722,12 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
u32 nlbl_sid;
u32 nlbl_type;

selinux_skb_xfrm_sid(skb, &xfrm_sid);
selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
err = selinux_skb_xfrm_sid(skb, &xfrm_sid);
if (unlikely(err))
return -EACCES;
err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
if (unlikely(err))
return -EACCES;

err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
if (unlikely(err)) {
Expand Down
5 changes: 2 additions & 3 deletions security/selinux/include/xfrm.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,9 @@ static inline void selinux_xfrm_notify_policyload(void)
}
#endif

static inline void selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
static inline int selinux_skb_xfrm_sid(struct sk_buff *skb, u32 *sid)
{
int err = selinux_xfrm_decode_session(skb, sid, 0);
BUG_ON(err);
return selinux_xfrm_decode_session(skb, sid, 0);
}

#endif /* _SELINUX_XFRM_H_ */

0 comments on commit bed4d7e

Please sign in to comment.