PERFORCE change 79563 for review
Christian S.J. Peron
csjp at FreeBSD.org
Mon Jul 4 15:37:27 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=79563
Change 79563 by csjp at csjp_xor on 2005/07/04 15:36:57
-Simplify loop logic by using the inital strsep loop to
process dependencies. This eliminates a second walk of
the dependency list.
-Remove now un-used variables
-Add error checking of vn_extattr_get(9)
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#14 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#14 (text+ko) ====
@@ -505,10 +505,9 @@
static int
mac_chkexec_check_depends(struct vnode *vp, struct ucred *cred)
{
- char *depends, **ap, *paths[10];
- int error, i, npaths;
struct nameidata nd;
- int alen;
+ char *depends, *ap;
+ int alen, error;
size_t ealen;
ASSERT_VOP_LOCKED(vp, "no vlock held");
@@ -525,15 +524,16 @@
depends = malloc(alen + 1, M_CHKEXEC, M_WAITOK | M_ZERO);
error = vn_extattr_get(vp, IO_NODELOCKED, MAC_CHKEXEC_ATTRN,
MAC_CHKEXEC_DEP, &alen, depends, curthread);
- for (npaths = 0, ap = paths;
- (*ap = strsep(&depends, ":")) != NULL; npaths++)
- if (**ap != '\0')
- if (++ap >= &paths[10])
- break;
- for (i = 0; i < npaths; i++) {
+ if (error) {
+ free(depends, M_CHKEXEC);
+ return (error);
+ }
+ for (; (ap = strsep(&depends, ":")) != NULL && error == 0;) {
+ if (strlen(ap) == 0)
+ continue;
mtx_lock(&Giant);
NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_SYSSPACE,
- paths[i], curthread);
+ ap, curthread);
if ((error = namei(&nd)) != 0) {
free(depends, M_CHKEXEC);
mtx_unlock(&Giant);
@@ -543,13 +543,9 @@
NDFREE(&nd, NDF_ONLY_PNBUF);
vput(nd.ni_vp);
mtx_unlock(&Giant);
- if (error) {
- free(depends, M_CHKEXEC);
- return (error);
- }
}
free(depends, M_CHKEXEC);
- return (0);
+ return (error);
}
static int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list