Smack: ipv6 label match fix

The check for a deleted entry in the list of IPv6 host addresses was being performed in the wrong place, leading to most peculiar results in some cases. This puts the check into the right place. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2024-11-14 08:02:07 +00:00 · 2016-11-07 19:01:09 -08:00 · 2016-11-07 19:01:09 -08:00 · 2e4939f702
commit 2e4939f702
parent b437aba85b
1 changed files with 6 additions and 6 deletions
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@ -2443,18 +2443,18 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
 		return NULL;

 	list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
+		/*
+		 * If the label is NULL the entry has
+		 * been renounced. Ignore it.
+		 */
+		if (snp->smk_label == NULL)
+			continue;
 		/*
 		* we break after finding the first match because
 		* the list is sorted from longest to shortest mask
 		* so we have found the most specific match
 		*/
 		for (found = 1, i = 0; i < 8; i++) {
-			/*
-			 * If the label is NULL the entry has
-			 * been renounced. Ignore it.
-			 */
-			if (snp->smk_label == NULL)
-				continue;
 			if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
 			    snp->smk_host.s6_addr16[i]) {
 				found = 0;