mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-14 06:35:12 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Eric Paris ef41aaa0b7 [IPSEC]: xfrm_policy delete security check misplaced 
The security hooks to check permissions to remove an xfrm_policy were
actually done after the policy was removed.  Since the unlinking and
deletion are done in xfrm_policy_by* functions this moves the hooks
inside those 2 functions.  There we have all the information needed to
do the security check and it can be done before the deletion.  Since
auditing requires the result of that security check err has to be passed
back and forth from the xfrm_policy_by* functions.

This patch also fixes a bug where a deletion that failed the security
check could cause improper accounting on the xfrm_policy
(xfrm_get_policy didn't have a put on the exit path for the hold taken
by xfrm_policy_by*)

It also fixes the return code when no policy is found in
xfrm_add_pol_expire.  In old code (at least back in the 2.6.18 days) err
wasn't used before the return when no policy is found and so the
initialization would cause err to be ENOENT.  But since err has since
been used above when we don't get a policy back from the xfrm_policy_by*
function we would always return 0 instead of the intended ENOENT.  Also
fixed some white space damage in the same area.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Venkat Yekkirala <vyekkirala@trustedcs.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-07 16:08:09 -08:00
..
802 [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
8021q [VLAN]: Avoid a 4-order allocation. 2007-03-02 20:44:51 -08:00
appletalk [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
atm [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ax25 [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
bluetooth [Bluetooth] Make use of device_move() for RFCOMM TTY devices 2007-02-26 11:42:41 -08:00
bridge [BRIDGE]: Fix locking of set path cost. 2007-02-28 09:42:12 -08:00
core [NET]: Fix compat_sock_common_getsockopt typo. 2007-03-06 13:44:06 -08:00
dccp [DCCP]: Revert patch which disables bidirectional mode 2007-03-07 16:08:07 -08:00
decnet [PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables 2007-02-14 08:10:00 -08:00
econet [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ethernet [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ieee80211 Merge branch 'upstream' into upstream-jgarzik 2007-02-17 18:26:09 -05:00
ipv4 [UDP]: Reread uh pointer after pskb_trim 2007-03-07 16:08:04 -08:00
ipv6 [IPV6]: Handle np->opt being NULL in ipv6_getsockopt_sticky(). 2007-03-07 16:08:05 -08:00
ipx [IPX]: Remove ancient changelog 2007-02-28 09:42:06 -08:00
irda [IRDA] net/irda/: proper prototypes 2007-02-26 11:42:43 -08:00
iucv [S390]: Add AF_IUCV socket support 2007-02-08 13:51:54 -08:00
key [IPSEC]: xfrm_policy delete security check misplaced 2007-03-07 16:08:09 -08:00
lapb [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
llc [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
netfilter [NETFILTER]: nfnetlink_log: fix crash on bridged packet 2007-03-07 16:08:03 -08:00
netlabel [NET]: Fix kfree(skb) 2007-02-28 09:42:14 -08:00
netlink [PATCH] mark struct file_operations const 8 2007-02-12 09:48:46 -08:00
netrom [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
packet [AF_PACKET]: Remove unnecessary casts. 2007-02-26 11:42:45 -08:00
rose [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
rxrpc [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
sched [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
sctp [SCTP]: Strike the transport before updating rto. 2007-02-26 11:42:50 -08:00
sunrpc [PATCH] knfsd: provide sunrpc pool_mode module option 2007-03-06 09:30:26 -08:00
tipc [NET] TIPC: Fix whitespace errors. 2007-02-10 23:20:15 -08:00
unix [NET]: Revert incorrect accept queue backlog changes. 2007-03-06 11:21:05 -08:00
wanrouter [PATCH] mark struct file_operations const 8 2007-02-12 09:48:46 -08:00
x25 [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
xfrm [IPSEC]: xfrm_policy delete security check misplaced 2007-03-07 16:08:09 -08:00
compat.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
Kconfig [S390]: Rewrite of the IUCV base code, part 2 2007-02-08 13:37:42 -08:00
Makefile [S390]: Rewrite of the IUCV base code, part 2 2007-02-08 13:37:42 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [PATCH] AUDIT_FD_PAIR 2007-02-17 21:30:15 -05:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE