* [78/82] secmark: do not return early if there was no error
@ 2010-11-19 21:56 Greg KH
0 siblings, 0 replies; only message in thread
From: Greg KH @ 2010-11-19 21:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: stable-review, torvalds, akpm, alan, Eric Paris, Paul Moore,
James Morris
2.6.35-stable review patch. If anyone has any objections, please let us know.
------------------
From: Eric Paris <eparis@redhat.com>
commit 15714f7b58011cf3948cab2988abea560240c74f upstream.
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark. This results
in a kernel BUG if you use SECMARK.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/netfilter/xt_SECMARK.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct
switch (info->mode) {
case SECMARK_MODE_SEL:
err = checkentry_selinux(info);
- if (err <= 0)
+ if (err)
return err;
break;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-11-19 22:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-19 21:56 [78/82] secmark: do not return early if there was no error Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox