Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Oct 2005 20:48:40 GMT
From:      Todd Miller <millert@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 85307 for review
Message-ID:  <200510142048.j9EKmeq2089043@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=85307

Change 85307 by millert@millert_ibook on 2005/10/14 20:48:08

	Fix the bug in MAC_INTERNALIZE where the return code from the 
	policies' internalize ops was not being checked. Also invert the
	logic for comparing the label namespace.  Also invert the logic
	for comparing label namespaces in the MAC_EXTERNALIZE macro to
	clarify the source.  From the DSEP branch (wsalamon).

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 (text+ko) ====

@@ -264,24 +264,22 @@
 			continue;					\
 									\
 		for (idx = 0; idx < ME_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(ME_mpc->mpc_labelnames[idx], element) == 0){\
-				if (count == 0) {			\
-					error = sbuf_printf(&sb, "%s/",	\
-					    element);			\
-					if (error)			\
-						break;			\
-				} else {				\
-					error = sbuf_printf(&sb, ",");	\
-					if (error)			\
-						break;			\
-				}					\
-				error = 				\
-			    ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
-				    (label, element, &sb);		\
+			if (strcmp(ME_mpc->mpc_labelnames[idx], element) != 0)\
+				continue;				\
+			if (count == 0) {				\
+				error = sbuf_printf(&sb, "%s/",	element);\
+				if (error)				\
+					break;				\
+			} else {					\
+				error = sbuf_printf(&sb, ",");		\
 				if (error)				\
 					break;				\
-				count++;				\
 			}						\
+			error = ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
+				    (label, element, &sb);		\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\
@@ -404,13 +402,13 @@
 			continue;					\
 									\
 		for (idx = 0; idx < MI_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(MI_mpc->mpc_labelnames[idx], element) == 0){\
-			    MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
+			if (strcmp(MI_mpc->mpc_labelnames[idx], element) != 0) \
+				continue;				\
+			error = MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
 				    (label, element, element_data);	\
-				if (error)				\
-					break;				\
-				count++;				\
-			}						\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510142048.j9EKmeq2089043>