summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2005-04-25 05:16:19 +0200
committerDavid S. Miller <davem@davemloft.net>2005-04-25 05:16:19 +0200
commit0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5 (patch)
tree63f376b3586412af712ffac7d500516c98f7bb2c /security
parent[NET]: Document ->hard_start_xmit() locking in netdevices.txt (diff)
downloadlinux-0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5.tar.xz
linux-0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5.zip
[SELINUX]: Fix ipv6_skip_exthdr() invocation causing OOPS.
The SELinux hooks invoke ipv6_skip_exthdr() with an incorrect length final argument. However, the length argument turns out to be superfluous. I was just reading ipv6_skip_exthdr and it occured to me that we can get rid of len altogether. The only place where len is used is to check whether the skb has two bytes for ipv6_opt_hdr. This check is done by skb_header_pointer/skb_copy_bits anyway. Now it might appear that we've made the code slower by deferring the check to skb_copy_bits. However, this check should not trigger in the common case so this is OK. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2ae7d3cb8df4..0d378141c95a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2855,8 +2855,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad
nexthdr = ip6->nexthdr;
offset += sizeof(_ipv6h);
- offset = ipv6_skip_exthdr(skb, offset, &nexthdr,
- skb->tail - skb->head - offset);
+ offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
if (offset < 0)
goto out;