git: 7bb4d1302cf7 - main - veriexec: Do not save error from file info in fingerprint status
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 09 Jun 2023 14:50:13 UTC
The branch main has been updated by stevek: URL: https://cgit.FreeBSD.org/src/commit/?id=7bb4d1302cf76bf84a76232532a3b7d4d28554bf commit 7bb4d1302cf76bf84a76232532a3b7d4d28554bf Author: Stephen J. Kiernan <stevek@FreeBSD.org> AuthorDate: 2023-06-09 14:38:07 +0000 Commit: Stephen J. Kiernan <stevek@FreeBSD.org> CommitDate: 2023-06-09 14:49:59 +0000 veriexec: Do not save error from file info in fingerprint status We do not want or need to propagate the error from fetching file info when determining the file status. It could cause open(2) and similar calls to fail when trying to access devices. Obtained from: Juniper Networks, Inc. --- sys/security/mac_veriexec/veriexec_metadata.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/security/mac_veriexec/veriexec_metadata.c b/sys/security/mac_veriexec/veriexec_metadata.c index 4ff635335e9f..4e25b1672575 100644 --- a/sys/security/mac_veriexec/veriexec_metadata.c +++ b/sys/security/mac_veriexec/veriexec_metadata.c @@ -516,9 +516,9 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp, status = mac_veriexec_get_fingerprint_status(vp); if (status == FINGERPRINT_INVALID || status == FINGERPRINT_NODEV) { found_dev = 0; - error = mac_veriexec_metadata_get_file_info(vap->va_fsid, - vap->va_fileid, vap->va_gen, &found_dev, &ip, check_files); - if (error != 0) { + if (mac_veriexec_metadata_get_file_info(vap->va_fsid, + vap->va_fileid, vap->va_gen, &found_dev, &ip, + check_files) != 0) { status = (found_dev) ? FINGERPRINT_NOENTRY : FINGERPRINT_NODEV; VERIEXEC_DEBUG(3,