NetLabel: return the correct error for translated CIPSOv4 tags

The CIPSOv4 translated tag #1 mapping does not always return the correct error
code if the desired mapping does not exist; instead of returning -EPERM it
returns -ENOSPC indicating that the buffer is not large enough to hold the
translated value.  This was caused by failing to check a specific error
condition.  This patch fixes this so that unknown mappings return
-EPERM which is consistent with the rest of the related CIPSOv4 code.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index a056278..c305de6 100644 (file)
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -867,6 +867,8 @@ static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def,
                                return -EPERM;
 
                        net_spot = host_cat_array[host_spot];
+                       if (net_spot >= CIPSO_V4_INV_CAT)
+                               return -EPERM;
                        if (net_spot >= net_clen_bits)
                                return -ENOSPC;
                        cipso_v4_bitmap_setbit(net_cat, net_spot, 1);
@@ -935,6 +937,8 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
                                return -EPERM;
 
                        host_spot = net_cat_array[net_spot];
+                       if (host_spot >= CIPSO_V4_INV_CAT)
+                               return -EPERM;
                        if (host_spot >= host_clen_bits)
                                return -ENOSPC;
                        cipso_v4_bitmap_setbit(host_cat, host_spot, 1);