summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2010-06-12 20:53:46 +0200
committerJames Morris <jmorris@namei.org>2010-08-02 15:35:02 +1000
commitfc5c126e4733e6fb3080d3d822ca63226e74fc84 (patch)
tree3320c22b66107c984ac0cf07c365420df42a4977 /security
parent9d623b17a740d5a85c12108cdc71c64fb15484fc (diff)
selinux: fix error codes in cond_read_node()
Originally cond_read_node() returned -1 (-EPERM) on errors which was incorrect. Now it either propagates the error codes from lower level functions next_entry() or cond_read_av_list() or it returns -ENOMEM or -EINVAL. next_entry() returns -EINVAL. cond_read_av_list() returns -EINVAL or -ENOMEM. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/conditional.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index aac40c7ff28..a2b3b298e60 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -392,24 +392,25 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
struct cond_expr *expr = NULL, *last = NULL;
rc = next_entry(buf, fp, sizeof(u32));
- if (rc < 0)
- return -1;
+ if (rc)
+ return rc;
node->cur_state = le32_to_cpu(buf[0]);
len = 0;
rc = next_entry(buf, fp, sizeof(u32));
- if (rc < 0)
- return -1;
+ if (rc)
+ return rc;
/* expr */
len = le32_to_cpu(buf[0]);
for (i = 0; i < len; i++) {
rc = next_entry(buf, fp, sizeof(u32) * 2);
- if (rc < 0)
+ if (rc)
goto err;
+ rc = -ENOMEM;
expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
if (!expr)
goto err;
@@ -418,6 +419,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
expr->bool = le32_to_cpu(buf[1]);
if (!expr_isvalid(p, expr)) {
+ rc = -EINVAL;
kfree(expr);
goto err;
}
@@ -429,14 +431,16 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
last = expr;
}
- if (cond_read_av_list(p, fp, &node->true_list, NULL) != 0)
+ rc = cond_read_av_list(p, fp, &node->true_list, NULL);
+ if (rc)
goto err;
- if (cond_read_av_list(p, fp, &node->false_list, node->true_list) != 0)
+ rc = cond_read_av_list(p, fp, &node->false_list, node->true_list);
+ if (rc)
goto err;
return 0;
err:
cond_node_destroy(node);
- return -1;
+ return rc;
}
int cond_read_list(struct policydb *p, void *fp)