NetLabel: convert a BUG_ON in the CIPSO code to a runtime check

This patch changes a BUG_ON in the CIPSO code to a runtime check. It should also increase the readability of the code as it replaces an unexplained constant with a well defined macro. Signed-off-by: N Paul Moore <paul.moore@hp.com> Signed-off-by: N James Morris <jmorris@namei.org>

NetLabel: convert a BUG_ON in the CIPSO code to a runtime check
This patch changes a BUG_ON in the CIPSO code to a runtime check. It should also increase the readability of the code as it replaces an unexplained constant with a well defined macro. Signed-off-by: N Paul Moore <paul.moore@hp.com> Signed-off-by: N James Morris <jmorris@namei.org>
128c6b6c · Paul Moore · James Morris · f998e8cb · 128c6b6c
显示空白变更内容
内联并排

Showing with 3 addition and 1 deletion

net/ipv4/cipso_ipv4.c net/ipv4/cipso_ipv4.c +3 -1

未找到文件。
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1142,7 +1142,9 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def,
 	u32 cat_size = 0;

 	/* make sure we don't overflow the 'array[]' variable */
-	BUG_ON(net_cat_len > 30);
+	if (net_cat_len >
+	    (CIPSO_V4_OPT_LEN_MAX - CIPSO_V4_HDR_LEN - CIPSO_V4_TAG_RNG_BLEN))
+		return -ENOSPC;

 	for (;;) {
 		iter = netlbl_secattr_catmap_walk(secattr->mls_cat, iter + 1);