On Sunday, June 15, 2014 01:19:01 AM Namhyung Kim wrote:
> The node->cur_state and len can be read in a single call of next_entry().
> And setting len before reading is a dead write so can be eliminated.
>
> Signed-off-by: Namhyung Kim <namhyung@xxxxxxxxxx>
> ---
> security/selinux/ss/conditional.c | 9 ++-------
> 1 file changed, 2 insertions(+), 7 deletions(-)
>
> diff --git a/security/selinux/ss/conditional.c
> b/security/selinux/ss/conditional.c index 377d148e7157..4766a38fae9a 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -402,19 +402,14 @@ static int cond_read_node(struct policydb *p, struct
> cond_node *node, void *fp) int rc;
> struct cond_expr *expr = NULL, *last = NULL;
>
> - rc = next_entry(buf, fp, sizeof(u32));
> + rc = next_entry(buf, fp, sizeof(buf));
This is a bit nit-picky, but how about using "sizeof(u32) * 2"? It is more
consistent with the rest of the function and helps underscore that we are
reading two 32-bit values.
Assuming you're okay with the change I can fix it up when I apply the patch.
> if (rc)
> return rc;
>
> node->cur_state = le32_to_cpu(buf[0]);
>
> - len = 0;
> - rc = next_entry(buf, fp, sizeof(u32));
> - if (rc)
> - return rc;
> -
> /* expr */
> - len = le32_to_cpu(buf[0]);
> + len = le32_to_cpu(buf[1]);
>
> for (i = 0; i < len; i++) {
> rc = next_entry(buf, fp, sizeof(u32) * 2);
--
paul moore
www.paul-moore.com
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
