vserver 1.9.5.x5

[linux-2.6.git] / security / selinux / ss / conditional.c

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index f8958ba..372e6a7 100644 (file)
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -219,15 +219,16 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
 {
        char *key = NULL;
        struct cond_bool_datum *booldatum;
-       __u32 *buf, len;
+       u32 buf[3], len;
+       int rc;
 
        booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL);
        if (!booldatum)
                return -1;
        memset(booldatum, 0, sizeof(struct cond_bool_datum));
 
-       buf = next_entry(fp, sizeof(__u32) * 3);
-       if (!buf)
+       rc = next_entry(buf, fp, sizeof buf);
+       if (rc < 0)
                goto err;
 
        booldatum->value = le32_to_cpu(buf[0]);
@@ -238,13 +239,12 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
 
        len = le32_to_cpu(buf[2]);
 
-       buf = next_entry(fp, len);
-       if (!buf)
-               goto err;
        key = kmalloc(len + 1, GFP_KERNEL);
        if (!key)
                goto err;
-       memcpy(key, buf, len);
+       rc = next_entry(key, fp, len);
+       if (rc < 0)
+               goto err;
        key[len] = 0;
        if (hashtab_insert(h, key, booldatum))
                goto err;
@@ -262,15 +262,15 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
        struct avtab_key key;
        struct avtab_datum datum;
        struct avtab_node *node_ptr;
-       int len, i;
-       __u32 *buf;
-       __u8 found;
+       int rc;
+       u32 buf[1], i, len;
+       u8 found;
 
        *ret_list = NULL;
 
        len = 0;
-       buf = next_entry(fp, sizeof(__u32));
-       if (!buf)
+       rc = next_entry(buf, fp, sizeof buf);
+       if (rc < 0)
                return -1;
 
        len = le32_to_cpu(buf[0]);
@@ -369,27 +369,27 @@ static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
 
 static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 {
-       __u32 *buf;
-       int len, i;
+       u32 buf[2], len, i;
+       int rc;
        struct cond_expr *expr = NULL, *last = NULL;
 
-       buf = next_entry(fp, sizeof(__u32));
-       if (!buf)
+       rc = next_entry(buf, fp, sizeof(u32));
+       if (rc < 0)
                return -1;
 
        node->cur_state = le32_to_cpu(buf[0]);
 
        len = 0;
-       buf = next_entry(fp, sizeof(__u32));
-       if (!buf)
+       rc = next_entry(buf, fp, sizeof(u32));
+       if (rc < 0)
                return -1;
 
        /* expr */
        len = le32_to_cpu(buf[0]);
 
        for (i = 0; i < len; i++ ) {
-               buf = next_entry(fp, sizeof(__u32) * 2);
-               if (!buf)
+               rc = next_entry(buf, fp, sizeof(u32) * 2);
+               if (rc < 0)
                        goto err;
 
                expr = kmalloc(sizeof(struct cond_expr), GFP_KERNEL);
@@ -401,8 +401,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
                expr->expr_type = le32_to_cpu(buf[0]);
                expr->bool = le32_to_cpu(buf[1]);
 
-               if (!expr_isvalid(p, expr))
+               if (!expr_isvalid(p, expr)) {
+                       kfree(expr);
                        goto err;
+               }
 
                if (i == 0) {
                        node->expr = expr;
@@ -425,11 +427,11 @@ err:
 int cond_read_list(struct policydb *p, void *fp)
 {
        struct cond_node *node, *last = NULL;
-       __u32 *buf;
-       int i, len;
+       u32 buf[1], i, len;
+       int rc;
 
-       buf = next_entry(fp, sizeof(__u32));
-       if (!buf)
+       rc = next_entry(buf, fp, sizeof buf);
+       if (rc < 0)
                return -1;
 
        len = le32_to_cpu(buf[0]);