Commit 2e4939f7 authored by Casey Schaufler's avatar Casey Schaufler

Smack: ipv6 label match fix

The check for a deleted entry in the list of IPv6 host
addresses was being performed in the wrong place, leading
to most peculiar results in some cases. This puts the
check into the right place.
Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
parent b437aba8
...@@ -2443,18 +2443,18 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip) ...@@ -2443,18 +2443,18 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
return NULL; return NULL;
list_for_each_entry_rcu(snp, &smk_net6addr_list, list) { list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
/*
* If the label is NULL the entry has
* been renounced. Ignore it.
*/
if (snp->smk_label == NULL)
continue;
/* /*
* we break after finding the first match because * we break after finding the first match because
* the list is sorted from longest to shortest mask * the list is sorted from longest to shortest mask
* so we have found the most specific match * so we have found the most specific match
*/ */
for (found = 1, i = 0; i < 8; i++) { for (found = 1, i = 0; i < 8; i++) {
/*
* If the label is NULL the entry has
* been renounced. Ignore it.
*/
if (snp->smk_label == NULL)
continue;
if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) != if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
snp->smk_host.s6_addr16[i]) { snp->smk_host.s6_addr16[i]) {
found = 0; found = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment