[PATCH lsm/dev] netfilter: Use correct length value in ctnetlink_secctx_size
Casey Schaufler
casey at schaufler-ca.com
Fri Nov 1 18:43:03 UTC 2024
Use the correct value for the context length returned by
security_secid_to_secctx().
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
net/netfilter/nf_conntrack_netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index dd74d4c67c69..edf08cc89f17 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -663,14 +663,14 @@ static inline size_t ctnetlink_acct_size(const struct nf_conn *ct)
static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
{
#ifdef CONFIG_NF_CONNTRACK_SECMARK
- int len, ret;
+ int ret;
ret = security_secid_to_secctx(ct->secmark, NULL);
if (ret < 0)
return 0;
return nla_total_size(0) /* CTA_SECCTX */
- + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
+ + nla_total_size(sizeof(char) * ret); /* CTA_SECCTX_NAME */
#else
return 0;
#endif
More information about the Linux-security-module-archive
mailing list