diff options
| author |   Paul Moore <paul.moore@hp.com> | 2006-10-11 19:10:48 -0400 |
|---|---|---|
| committer |   David S. Miller <davem@sunset.davemloft.net> | 2006-10-15 23:14:15 -0700 |
| commit | bf0edf39296097f20c5fcc4919ed7d339194bd75 (patch) | |
| tree | 0cde65c275cd7bab51c306cde3bf80487655f6ba /security/selinux/ss/mls.c | |
| parent | NetLabel: only deref the CIPSOv4 standard map fields when using standard mapping (diff) | |
| download | linux-dev-bf0edf39296097f20c5fcc4919ed7d339194bd75.tar.xz linux-dev-bf0edf39296097f20c5fcc4919ed7d339194bd75.zip | |
NetLabel: better error handling involving mls_export_cat()
Upon inspection it looked like the error handling for mls_export_cat() was
rather poor. This patch addresses this by NULL'ing out kfree()'d pointers
before returning and checking the return value of the function everywhere
it is called.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/mls.c')
| -rw-r--r-- | security/selinux/ss/mls.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index c713af23250a..2cca8e251624 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context, { int rc = -EPERM; - if (!selinux_mls_enabled) + if (!selinux_mls_enabled) { + *low = NULL; + *low_len = 0; + *high = NULL; + *high_len = 0; return 0; + } if (low != NULL) { rc = ebitmap_export(&context->range.level[0].cat, @@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context, return 0; export_cat_failure: - if (low != NULL) + if (low != NULL) { kfree(*low); - if (high != NULL) + *low = NULL; + *low_len = 0; + } + if (high != NULL) { kfree(*high); + *high = NULL; + *high_len = 0; + } return rc; } |