From patchwork Tue Apr 21 20:04:22 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Moore <paul.moore@hp.com>
X-Patchwork-Id: 26283
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@bilbo.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from ozlabs.org (ozlabs.org [203.10.76.45])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mx.ozlabs.org",
	Issuer "CA Cert Signing Authority" (verified OK))
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 2D33BB6F56
	for <patchwork-incoming@bilbo.ozlabs.org>;
	Wed, 22 Apr 2009 06:04:34 +1000 (EST)
Received: by ozlabs.org (Postfix)
	id 1E097DDFB4; Wed, 22 Apr 2009 06:04:34 +1000 (EST)
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.176.167])
	by ozlabs.org (Postfix) with ESMTP id 9B8A9DDF39
	for <patchwork-incoming@ozlabs.org>;
	Wed, 22 Apr 2009 06:04:33 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751088AbZDUUE1 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Tue, 21 Apr 2009 16:04:27 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751056AbZDUUE1
	(ORCPT <rfc822; netdev-outgoing>); Tue, 21 Apr 2009 16:04:27 -0400
Received: from g1t0028.austin.hp.com ([15.216.28.35]:17006 "EHLO
	g1t0028.austin.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750743AbZDUUE0 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 21 Apr 2009 16:04:26 -0400
Received: from g5t0029.atlanta.hp.com (g5t0029.atlanta.hp.com [16.228.8.141])
	by g1t0028.austin.hp.com (Postfix) with ESMTP id 1335E1C61F;
	Tue, 21 Apr 2009 20:04:25 +0000 (UTC)
Received: from ldl.fc.hp.com (ldl.fc.hp.com [15.11.146.30])
	by g5t0029.atlanta.hp.com (Postfix) with ESMTP id 73DD21003E;
	Tue, 21 Apr 2009 20:04:25 +0000 (UTC)
Received: from localhost (ldl.fc.hp.com [127.0.0.1])
	by ldl.fc.hp.com (Postfix) with ESMTP id 279F839C06E;
	Tue, 21 Apr 2009 14:04:25 -0600 (MDT)
X-Virus-Scanned: Debian amavisd-new at ldl.fc.hp.com
Received: from ldl.fc.hp.com ([127.0.0.1])
	by localhost (ldl.fc.hp.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id zw0L4VYpBzow; Tue, 21 Apr 2009 14:04:23 -0600 (MDT)
Received: from flek.lan (squirrel.fc.hp.com [15.11.146.57])
	by ldl.fc.hp.com (Postfix) with ESMTP id 55CBE39C06D;
	Tue, 21 Apr 2009 14:04:23 -0600 (MDT)
From: Paul Moore <paul.moore@hp.com>
Subject: [PATCH] netlabel: Always remove the correct address selector
To: netdev@vger.kernel.org
Cc: linux-security-module@vger.kernel.org,
	etienne.basset@numericable.fr
Date: Tue, 21 Apr 2009 16:04:22 -0400
Message-ID: <20090421200422.10106.24767.stgit@flek.lan>
User-Agent: StGIT/0.14.3
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The NetLabel address selector mechanism has a problem where it can get
mistakenly remove the wrong selector when similar addresses are used.  The
problem is caused when multiple addresses are configured that have different
netmasks but the same address, e.g. 127.0.0.0/8 and 127.0.0.0/24.  This patch
fixes the problem.

Reported-by: Etienne Basset <etienne.basset@numericable.fr>
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Tested-by: Etienne Basset <etienne.basset@numericable.fr>
---

 net/netlabel/netlabel_addrlist.c |   26 ++++++++++----------------
 1 files changed, 10 insertions(+), 16 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/netlabel/netlabel_addrlist.c b/net/netlabel/netlabel_addrlist.c
index 834c6eb..c051913 100644
--- a/net/netlabel/netlabel_addrlist.c
+++ b/net/netlabel/netlabel_addrlist.c
@@ -256,13 +256,11 @@ struct netlbl_af4list *netlbl_af4list_remove(__be32 addr, __be32 mask,
 {
 	struct netlbl_af4list *entry;
 
-	entry = netlbl_af4list_search(addr, head);
-	if (entry != NULL && entry->addr == addr && entry->mask == mask) {
-		netlbl_af4list_remove_entry(entry);
-		return entry;
-	}
-
-	return NULL;
+	entry = netlbl_af4list_search_exact(addr, mask, head);
+	if (entry == NULL)
+		return NULL;
+	netlbl_af4list_remove_entry(entry);
+	return entry;
 }
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
@@ -299,15 +297,11 @@ struct netlbl_af6list *netlbl_af6list_remove(const struct in6_addr *addr,
 {
 	struct netlbl_af6list *entry;
 
-	entry = netlbl_af6list_search(addr, head);
-	if (entry != NULL &&
-	    ipv6_addr_equal(&entry->addr, addr) &&
-	    ipv6_addr_equal(&entry->mask, mask)) {
-		netlbl_af6list_remove_entry(entry);
-		return entry;
-	}
-
-	return NULL;
+	entry = netlbl_af6list_search_exact(addr, mask, head);
+	if (entry == NULL)
+		return NULL;
+	netlbl_af6list_remove_entry(entry);
+	return entry;
 }
 #endif /* IPv6 */