diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2005-04-24 20:16:19 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2005-04-24 20:16:19 -0700 |
| commit | 0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5 (patch) | |
| tree | 63f376b3586412af712ffac7d500516c98f7bb2c /security | |
| parent | aa77d26961fa4ecb11fe4209578dcd62ad15819d (diff) | |
| download | linux-3.10-0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5.tar.gz linux-3.10-0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5.tar.bz2 linux-3.10-0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5.zip | |
[SELINUX]: Fix ipv6_skip_exthdr() invocation causing OOPS.
The SELinux hooks invoke ipv6_skip_exthdr() with an incorrect
length final argument. However, the length argument turns out
to be superfluous.
I was just reading ipv6_skip_exthdr and it occured to me that we can
get rid of len altogether. The only place where len is used is to
check whether the skb has two bytes for ipv6_opt_hdr. This check
is done by skb_header_pointer/skb_copy_bits anyway.
Now it might appear that we've made the code slower by deferring
the check to skb_copy_bits. However, this check should not trigger
in the common case so this is OK.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2ae7d3cb8df..0d378141c95 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2855,8 +2855,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad nexthdr = ip6->nexthdr; offset += sizeof(_ipv6h); - offset = ipv6_skip_exthdr(skb, offset, &nexthdr, - skb->tail - skb->head - offset); + offset = ipv6_skip_exthdr(skb, offset, &nexthdr); if (offset < 0) goto out; |