git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge to Fedora kernel-2.6.18-1.2224_FC5 patched with stable patch-2.6.18.1-vs2.0...
[linux-2.6.git]
/
net
/
xfrm
/
xfrm_user.c
diff --git
a/net/xfrm/xfrm_user.c
b/net/xfrm/xfrm_user.c
index
81d1005
..
3e6a722
100644
(file)
--- a/
net/xfrm/xfrm_user.c
+++ b/
net/xfrm/xfrm_user.c
@@
-427,23
+427,25
@@
static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
if (x == NULL)
return -ESRCH;
if (x == NULL)
return -ESRCH;
+ if ((err = security_xfrm_state_delete(x)) != 0)
+ goto out;
+
if (xfrm_state_kern(x)) {
if (xfrm_state_kern(x)) {
-
xfrm_state_put(x)
;
-
return -EPERM
;
+
err = -EPERM
;
+
goto out
;
}
err = xfrm_state_delete(x);
}
err = xfrm_state_delete(x);
- if (err < 0) {
- xfrm_state_put(x);
- return err;
- }
+ if (err < 0)
+ goto out;
c.seq = nlh->nlmsg_seq;
c.pid = nlh->nlmsg_pid;
c.event = nlh->nlmsg_type;
km_state_notify(x, &c);
c.seq = nlh->nlmsg_seq;
c.pid = nlh->nlmsg_pid;
c.event = nlh->nlmsg_type;
km_state_notify(x, &c);
- xfrm_state_put(x);
+out:
+ xfrm_state_put(x);
return err;
}
return err;
}
@@
-1055,6
+1057,8
@@
static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
MSG_DONTWAIT);
}
} else {
MSG_DONTWAIT);
}
} else {
+ if ((err = security_xfrm_policy_delete(xp)) != 0)
+ goto out;
c.data.byid = p->index;
c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq;
c.data.byid = p->index;
c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq;
@@
-1064,6
+1068,7
@@
static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
xfrm_pol_put(xp);
xfrm_pol_put(xp);
+out:
return err;
}
return err;
}
@@
-1430,7
+1435,7
@@
static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *err
link = &xfrm_dispatch[type];
/* All operations require privileges, even GET */
link = &xfrm_dispatch[type];
/* All operations require privileges, even GET */
- if (security_netlink_recv(skb)) {
+ if (security_netlink_recv(skb
, CAP_NET_ADMIN
)) {
*errp = -EPERM;
return -1;
}
*errp = -EPERM;
return -1;
}