diff options
| author | Paul Moore <paul.moore@hp.com> | 2006-12-18 13:07:29 -0500 |
|---|---|---|
| committer | Chris Wright <chrisw@sous-sol.org> | 2007-01-10 11:05:23 -0800 |
| commit | ddf14e7a76a071c034aaeb71ed6aab4084c9bf7c (patch) | |
| tree | b32c15869602ec033cc1ba5bf197abbfe2f6c44c | |
| parent | a44a397980a37ecd619b46d40ed39aa76c14f3d6 (diff) | |
[PATCH] NetLabel: correctly fill in unused CIPSOv4 level and category mappings
Back when the original NetLabel patches were being changed to use Netlink
attributes correctly some code was accidentially dropped which set all of the
undefined CIPSOv4 level and category mappings to a sentinel value. The result
is the mappings data in the kernel contains bogus mappings which always map to
zero. Having level and category mappings that map to zero could result in the
kernel assigning incorrect security attributes to packets.
This patch restores the old/correct behavior by initializing the mapping
data to the correct sentinel value.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
| -rw-r--r-- | net/netlabel/netlabel_cipso_v4.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index a6ce1d6d5c5..bd4540891b7 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c @@ -162,6 +162,7 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) struct nlattr *nla_b; int nla_a_rem; int nla_b_rem; + u32 iter; if (!info->attrs[NLBL_CIPSOV4_A_TAGLST] || !info->attrs[NLBL_CIPSOV4_A_MLSLVLLST]) @@ -223,6 +224,10 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) ret_val = -ENOMEM; goto add_std_failure; } + for (iter = 0; iter < doi_def->map.std->lvl.local_size; iter++) + doi_def->map.std->lvl.local[iter] = CIPSO_V4_INV_LVL; + for (iter = 0; iter < doi_def->map.std->lvl.cipso_size; iter++) + doi_def->map.std->lvl.cipso[iter] = CIPSO_V4_INV_LVL; nla_for_each_nested(nla_a, info->attrs[NLBL_CIPSOV4_A_MLSLVLLST], nla_a_rem) @@ -296,6 +301,10 @@ static int netlbl_cipsov4_add_std(struct genl_info *info) ret_val = -ENOMEM; goto add_std_failure; } + for (iter = 0; iter < doi_def->map.std->cat.local_size; iter++) + doi_def->map.std->cat.local[iter] = CIPSO_V4_INV_CAT; + for (iter = 0; iter < doi_def->map.std->cat.cipso_size; iter++) + doi_def->map.std->cat.cipso[iter] = CIPSO_V4_INV_CAT; nla_for_each_nested(nla_a, info->attrs[NLBL_CIPSOV4_A_MLSCATLST], nla_a_rem) |