aboutsummaryrefslogtreecommitdiff
path: root/security/smack
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_lsm.c5
-rw-r--r--security/smack/smackfs.c4
2 files changed, 7 insertions, 2 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 87d75417ea9..6e2dc0bab70 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2179,7 +2179,10 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
* This is the simplist possible security model
* for networking.
*/
- return smk_access(smack, ssp->smk_in, MAY_WRITE);
+ rc = smk_access(smack, ssp->smk_in, MAY_WRITE);
+ if (rc != 0)
+ netlbl_skbuff_err(skb, rc, 0);
+ return rc;
}
/**
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index e7c642458ec..c21d8c8bf0c 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -354,9 +354,11 @@ static void smk_cipso_doi(void)
doip->tags[rc] = CIPSO_V4_TAG_INVALID;
rc = netlbl_cfg_cipsov4_add_map(doip, NULL, &audit_info);
- if (rc != 0)
+ if (rc != 0) {
printk(KERN_WARNING "%s:%d add rc = %d\n",
__func__, __LINE__, rc);
+ kfree(doip);
+ }
}
/**
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 08:01:58 +0000