diff options
author | Eric Paris <eparis@redhat.com> | 2010-10-12 11:40:08 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-11-22 11:03:17 -0800 |
commit | 6bd415f814fe58a973d494c0669c09c8bacdf8f4 (patch) | |
tree | f32897b49d303d219f62eb2bf61cc9f5ab4334bb /net/netfilter | |
parent | 9c1560611de6c695d146f9b4e78d576d3338b1ed (diff) |
secmark: do not return early if there was no error
commit 15714f7b58011cf3948cab2988abea560240c74f upstream.
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark. This results
in a kernel BUG if you use SECMARK.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/xt_SECMARK.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index 23b2d6c486b5..364ad1600129 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c @@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par) switch (info->mode) { case SECMARK_MODE_SEL: err = checkentry_selinux(info); - if (err <= 0) + if (err) return err; break; |