Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[XFRM]: Fix OOPSes in xfrm_audit_log().

Make sure that this function is called correctly, and
add BUG() checking to ensure the arguments are sane.

Based upon a patch by Joy Latten.

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller 18 years ago
parent
9121c77706
commit
13fcfbb067
3 changed files with 19 additions and 11 deletions
Unified View Show Diff Stats
  1. 6 5
      net/key/af_key.c
  2. 6 1
      net/xfrm/xfrm_policy.c
  3. 7 5
      net/xfrm/xfrm_user.c

+ 6 - 5
net/key/af_key.c
View File 

@@ -2297,16 +2297,17 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
 
 				   &sel, tmp.security, 1);
 
 				   &sel, tmp.security, 1);
 
 	security_xfrm_policy_free(&tmp);
 
 	security_xfrm_policy_free(&tmp);
 
 
 
-	xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
 
-		       AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
 
-
 
 	if (xp == NULL)
 
 	if (xp == NULL)
 
 		return -ENOENT;
 
 		return -ENOENT;
 
 
 
-	err = 0;
 
+	err = security_xfrm_policy_delete(xp);
 
 
 
-	if ((err = security_xfrm_policy_delete(xp)))
 
+	xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
 
+		       AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
 
+
 
+	if (err)
 
 		goto out;
 
 		goto out;
 
+
 
 	c.seq = hdr->sadb_msg_seq;
 
 	c.seq = hdr->sadb_msg_seq;
 
 	c.pid = hdr->sadb_msg_pid;
 
 	c.pid = hdr->sadb_msg_pid;
 
 	c.event = XFRM_MSG_DELPOLICY;
 
 	c.event = XFRM_MSG_DELPOLICY;

+ 6 - 1
net/xfrm/xfrm_policy.c
View File 

@@ -1997,9 +1997,14 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
 
 	if (audit_enabled == 0)
 
 	if (audit_enabled == 0)
 
 		return;
 
 		return;
 
 
 
+	BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA ||
 
+		type == AUDIT_MAC_IPSEC_DELSA) && !x);
 
+	BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD ||
 
+		type == AUDIT_MAC_IPSEC_DELSPD) && !xp);
 
+
 
 	audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
 
 	audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
 
 	if (audit_buf == NULL)
 
 	if (audit_buf == NULL)
 
-	return;
 
+		return;
 
 
 
 	switch(type) {
 
 	switch(type) {
 
 	case AUDIT_MAC_IPSEC_ADDSA:
 
 	case AUDIT_MAC_IPSEC_ADDSA:

+ 7 - 5
net/xfrm/xfrm_user.c
View File 

@@ -1273,10 +1273,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
 
 		xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
 
 		xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
 
 		security_xfrm_policy_free(&tmp);
 
 		security_xfrm_policy_free(&tmp);
 
 	}
 
 	}
 
-	if (delete)
 
-		xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
 
-			       AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
 
-
 
 	if (xp == NULL)
 
 	if (xp == NULL)
 
 		return -ENOENT;
 
 		return -ENOENT;
 
 
 
@@ -1292,8 +1288,14 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
 
 					      MSG_DONTWAIT);
 
 					      MSG_DONTWAIT);
 
 		}
 
 		}
 
 	} else {
 
 	} else {
 
-		if ((err = security_xfrm_policy_delete(xp)) != 0)
 
+		err = security_xfrm_policy_delete(xp);
 
+
 
+		xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
 
+			       AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
 
+
 
+		if (err != 0)
 
 			goto out;
 
 			goto out;
 
+
 
 		c.data.byid = p->index;
 
 		c.data.byid = p->index;
 
 		c.event = nlh->nlmsg_type;
 
 		c.event = nlh->nlmsg_type;
 
 		c.seq = nlh->nlmsg_seq;
 
 		c.seq = nlh->nlmsg_seq;