* [PATCH] [XFRM] AUDIT: Fix audit buffer leakage in error path.
@ 2007-02-12 15:34 YOSHIFUJI Hideaki / 吉藤英明
2007-02-12 23:23 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2007-02-12 15:34 UTC (permalink / raw)
To: netdev, stable
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index b7e537f..af85ac9 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1999,7 +1999,7 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
if (audit_buf == NULL)
- return;
+ return;
switch(type) {
case AUDIT_MAC_IPSEC_ADDSA:
@@ -2015,7 +2015,7 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
audit_log_format(audit_buf, "SPD delete: auid=%u", auid);
break;
default:
- return;
+ goto out;
}
if (sid != 0 &&
@@ -2085,6 +2085,7 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
"ESP" : "IPCOMP"));
audit_log_format(audit_buf, " res=%u", result);
+out:
audit_log_end(audit_buf);
}
--
YOSHIFUJI Hideaki @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG-FP : 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] [XFRM] AUDIT: Fix audit buffer leakage in error path.
2007-02-12 15:34 [PATCH] [XFRM] AUDIT: Fix audit buffer leakage in error path YOSHIFUJI Hideaki / 吉藤英明
@ 2007-02-12 23:23 ` David Miller
2007-02-12 23:40 ` YOSHIFUJI Hideaki / 吉藤英明
0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2007-02-12 23:23 UTC (permalink / raw)
To: yoshfuji; +Cc: netdev, stable
From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Date: Tue, 13 Feb 2007 00:34:29 +0900 (JST)
> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Oh yes. I noticed this too while working with Joy Latten's OOPS fix
for this function.
Event types other than those 4 mentioned in the switch() statement are
illegal and should never be passed in. It is probably better to BUG()
on this situation rather than try to handle the log buffer leakage.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] [XFRM] AUDIT: Fix audit buffer leakage in error path.
2007-02-12 23:23 ` David Miller
@ 2007-02-12 23:40 ` YOSHIFUJI Hideaki / 吉藤英明
0 siblings, 0 replies; 3+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2007-02-12 23:40 UTC (permalink / raw)
To: davem; +Cc: netdev, stable, yoshfuji
In article <20070212.152317.92582928.davem@davemloft.net> (at Mon, 12 Feb 2007 15:23:17 -0800 (PST)), David Miller <davem@davemloft.net> says:
> From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
> Date: Tue, 13 Feb 2007 00:34:29 +0900 (JST)
>
> > Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
>
> Oh yes. I noticed this too while working with Joy Latten's OOPS fix
> for this function.
>
> Event types other than those 4 mentioned in the switch() statement are
> illegal and should never be passed in. It is probably better to BUG()
> on this situation rather than try to handle the log buffer leakage.
Okay, I agree and I withdraw my patch.
--yoshfuji
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-02-12 23:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-12 15:34 [PATCH] [XFRM] AUDIT: Fix audit buffer leakage in error path YOSHIFUJI Hideaki / 吉藤英明
2007-02-12 23:23 ` David Miller
2007-02-12 23:40 ` YOSHIFUJI Hideaki / 吉藤英明
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.