Commit cf9481e2 authored by David Howells's avatar David Howells Committed by James Morris

SELinux: Fix a potentially uninitialised variable in SELinux hooks

Fix a potentially uninitialised variable in SELinux hooks that's given a
pointer to the network address by selinux_parse_skb() passing a pointer back
through its argument list.  By restructuring selinux_parse_skb(), the compiler
can see that the error case need not set it as the caller will return
immediately.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 0c0e186f
...@@ -3539,38 +3539,44 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, ...@@ -3539,38 +3539,44 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb,
#endif /* IPV6 */ #endif /* IPV6 */
static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
char **addrp, int src, u8 *proto) char **_addrp, int src, u8 *proto)
{ {
int ret = 0; char *addrp;
int ret;
switch (ad->u.net.family) { switch (ad->u.net.family) {
case PF_INET: case PF_INET:
ret = selinux_parse_skb_ipv4(skb, ad, proto); ret = selinux_parse_skb_ipv4(skb, ad, proto);
if (ret || !addrp) if (ret)
break; goto parse_error;
*addrp = (char *)(src ? &ad->u.net.v4info.saddr : addrp = (char *)(src ? &ad->u.net.v4info.saddr :
&ad->u.net.v4info.daddr); &ad->u.net.v4info.daddr);
break; goto okay;
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
case PF_INET6: case PF_INET6:
ret = selinux_parse_skb_ipv6(skb, ad, proto); ret = selinux_parse_skb_ipv6(skb, ad, proto);
if (ret || !addrp) if (ret)
break; goto parse_error;
*addrp = (char *)(src ? &ad->u.net.v6info.saddr : addrp = (char *)(src ? &ad->u.net.v6info.saddr :
&ad->u.net.v6info.daddr); &ad->u.net.v6info.daddr);
break; goto okay;
#endif /* IPV6 */ #endif /* IPV6 */
default: default:
break; addrp = NULL;
goto okay;
} }
if (unlikely(ret)) parse_error:
printk(KERN_WARNING printk(KERN_WARNING
"SELinux: failure in selinux_parse_skb()," "SELinux: failure in selinux_parse_skb(),"
" unable to parse packet\n"); " unable to parse packet\n");
return ret; return ret;
okay:
if (_addrp)
*_addrp = addrp;
return 0;
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment