Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 338437f6 authored by Dan Carpenter's avatar Dan Carpenter Committed by James Morris
Browse files

selinux: fix error codes in cond_read_bool() 



The original code always returned -1 (-EPERM) on error.  The new code
returns either -ENOMEM, or -EINVAL or it propagates the error codes from
lower level functions next_entry() or hashtab_insert().

next_entry() returns -EINVAL.
hashtab_insert() returns -EINVAL, -EEXIST, or -ENOMEM.

Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Acked-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 38184c52

security/selinux/ss/conditional.c

+8 −5
Original line number Diff line number Diff line
@@ -223,34 +223,37 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) 


	booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL);

	if (!booldatum)

		return -1;

		return -ENOMEM;



	rc = next_entry(buf, fp, sizeof buf);

	if (rc < 0)

	if (rc)

		goto err;



	booldatum->value = le32_to_cpu(buf[0]);

	booldatum->state = le32_to_cpu(buf[1]);



	rc = -EINVAL;

	if (!bool_isvalid(booldatum))

		goto err;



	len = le32_to_cpu(buf[2]);



	rc = -ENOMEM;

	key = kmalloc(len + 1, GFP_KERNEL);

	if (!key)

		goto err;

	rc = next_entry(key, fp, len);

	if (rc < 0)

	if (rc)

		goto err;

	key[len] = '\0';

	if (hashtab_insert(h, key, booldatum))

	rc = hashtab_insert(h, key, booldatum);

	if (rc)

		goto err;



	return 0;

err:

	cond_destroy_bool(key, booldatum, NULL);

	return -1;

	return rc;

}



struct cond_insertf_data {