Re: [PATCH 1/6] secmark: do not return early if there was no error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2010-09-24 22:45, Eric Paris wrote:

>Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
>netfilter errors.  In xt_SECMARK.c however the patch screwed up and returned
>on 0 (aka no error) early and didn't finish setting up secmark.  This results
>in a kernel BUG if you use SECMARK.

>+++ b/net/netfilter/xt_SECMARK.c
>@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
> 	switch (info->mode) {
> 	case SECMARK_MODE_SEL:
> 		err = checkentry_selinux(info);
>-		if (err <= 0)
>+		if (err)
> 			return err;

Indeed the = is unwanted and err < 0 was intended here.
Sorry for the slip.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux