Pull bugzilla-5966 into release branch

[linux-2.6] / net / ipv4 / cipso_ipv4.c

diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 60aafb4a8adff56c8fa3fd54d664fd76e2ee7177..c976dd7e9758f5e4fbf9f0cfe38c0e68002154c1 100644 (file)
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -732,11 +732,12 @@ static int cipso_v4_map_lvl_hton(const struct cipso_v4_doi *doi_def,
                *net_lvl = host_lvl;
                return 0;
        case CIPSO_V4_MAP_STD:
-               if (host_lvl < doi_def->map.std->lvl.local_size) {
+               if (host_lvl < doi_def->map.std->lvl.local_size &&
+                   doi_def->map.std->lvl.local[host_lvl] < CIPSO_V4_INV_LVL) {
                        *net_lvl = doi_def->map.std->lvl.local[host_lvl];
                        return 0;
                }
-               break;
+               return -EPERM;
        }
 
        return -EINVAL;
@@ -771,7 +772,7 @@ static int cipso_v4_map_lvl_ntoh(const struct cipso_v4_doi *doi_def,
                        *host_lvl = doi_def->map.std->lvl.cipso[net_lvl];
                        return 0;
                }
-               break;
+               return -EPERM;
        }
 
        return -EINVAL;