secmark: do not return early if there was no error

commit 15714f7b58011cf3948cab2988abea560240c74f upstream. Commit 4a5a5c73 attempted to pass decent error messages back to userspace for netfilter errors. In xt_SECMARK.c however the patch screwed up and returned on 0 (aka no error) early and didn't finish setting up secmark. This results in a kernel BUG if you use SECMARK. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Eric Paris <eparis@redhat.com> 2010-10-12 11:40:08 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2010-11-22 11:00:17 -0800
commit: e0b20e1140f0a2b691cffd28c7ac2a29d59b96ee (patch)
tree: 8d972aabfed0bbd04f578a702c5a27a46bc71ed8
parent: badaad1d7392eebf646b2e2d4dfe2586e40a8f18 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index 23b2d6c486b5..364ad1600129 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
 	switch (info->mode) {
 	case SECMARK_MODE_SEL:
 		err = checkentry_selinux(info);
-		if (err <= 0)
+		if (err)
 			return err;
 		break;
author	Eric Paris <eparis@redhat.com>	2010-10-12 11:40:08 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2010-11-22 11:00:17 -0800
commit	e0b20e1140f0a2b691cffd28c7ac2a29d59b96ee (patch)
tree	8d972aabfed0bbd04f578a702c5a27a46bc71ed8
parent	badaad1d7392eebf646b2e2d4dfe2586e40a8f18 (diff)