X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fxfrm%2Fxfrm_user.c;h=81d1005830f4d23d88ba4b06c4932fef1f060345;hb=9464c7cf61b9433057924c36e6e02f303a00e768;hp=3e6a722d072ed8b75c0561b82617abd5a2d3adcd;hpb=41689045f6a3cbe0550e1d34e9cc20d2e8c432ba;p=linux-2.6.git

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 3e6a722d0..81d100583 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -427,25 +427,23 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 	if (x == NULL)
 		return -ESRCH;
 
-	if ((err = security_xfrm_state_delete(x)) != 0)
-		goto out;
-
 	if (xfrm_state_kern(x)) {
-		err = -EPERM;
-		goto out;
+		xfrm_state_put(x);
+		return -EPERM;
 	}
 
 	err = xfrm_state_delete(x);
-	if (err < 0)
-		goto out;
+	if (err < 0) {
+		xfrm_state_put(x);
+		return err;
+	}
 
 	c.seq = nlh->nlmsg_seq;
 	c.pid = nlh->nlmsg_pid;
 	c.event = nlh->nlmsg_type;
 	km_state_notify(x, &c);
-
-out:
 	xfrm_state_put(x);
+
 	return err;
 }
 
@@ -1057,8 +1055,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
 					      MSG_DONTWAIT);
 		}
 	} else {
-		if ((err = security_xfrm_policy_delete(xp)) != 0)
-			goto out;
 		c.data.byid = p->index;
 		c.event = nlh->nlmsg_type;
 		c.seq = nlh->nlmsg_seq;
@@ -1068,7 +1064,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
 
 	xfrm_pol_put(xp);
 
-out:
 	return err;
 }
 
@@ -1435,7 +1430,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *err
 	link = &xfrm_dispatch[type];
 
 	/* All operations require privileges, even GET */
-	if (security_netlink_recv(skb, CAP_NET_ADMIN)) {
+	if (security_netlink_recv(skb)) {
 		*errp = -EPERM;
 		return -1;
 	}