upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-22 06:39:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

veriexec: Do not save error from file info in fingerprint status

Browse source 
We do not want or need to propagate the error from fetching file info
when determining the file status. It could cause open(2) and similar
calls to fail when trying to access devices.

Obtained from:	Juniper Networks, Inc.
This commit is contained in:
Stephen J. Kiernan 2023-06-09 10:38:07 -04:00
parent e022f2b013
commit 7bb4d1302c
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sys/security/mac_veriexec/veriexec_metadata.c
View file

@ -516,9 +516,9 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp,
status = mac_veriexec_get_fingerprint_status(vp);
if (status == FINGERPRINT_INVALID || status == FINGERPRINT_NODEV) {
found_dev = 0;
error = mac_veriexec_metadata_get_file_info(vap->va_fsid,
vap->va_fileid, vap->va_gen, &found_dev, &ip, check_files);
if (error != 0) {
if (mac_veriexec_metadata_get_file_info(vap->va_fsid,
vap->va_fileid, vap->va_gen, &found_dev, &ip,
check_files) != 0) {
status = (found_dev) ? FINGERPRINT_NOENTRY :
FINGERPRINT_NODEV;
VERIEXEC_DEBUG(3,