I see this bug crept in here: http://marc.theaimsgroup.com/?l=linux-netdev&m=114956850915839&w=2
Are you planning to fix this or did you want me to? > -----Original Message----- > From: Joy Latten [mailto:[EMAIL PROTECTED] > Sent: Monday, February 12, 2007 5:40 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [email protected] > Subject: Deleting xfrms > > > I was looking at a patch D.Miller posted for xfrm_audit_log() > and could not help but notice that in pfkey_spddelete() and > xfrm_get_policy() we delete policy first and then check to see if we > have permissions to. Am I missing the original intentions or > is this incorrect? Shouldn't it be check the permissions > first and then > call xfrm_policy_bysel_ctx()? > > pfkey_spddelete() in af_key.c: > > xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, > pol->sadb_x_policy_dir-1, > &sel, tmp.security, 1); > security_xfrm_policy_free(&tmp); > > xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, > AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, > xp, NULL); > > if (xp == NULL) > return -ENOENT; > > err = 0; > > if ((err = security_xfrm_policy_delete(xp))) > goto out; > c.seq = hdr->sadb_msg_seq; > c.pid = hdr->sadb_msg_pid; > c.event = XFRM_MSG_DELPOLICY; > km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c); > > > xfrm_get_policy() in xfrm_user.c is very similar. > > Regards, > Joy > -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
