NetLabel: convert a BUG_ON in the CIPSO code to a runtime check

This patch changes a BUG_ON in the CIPSO code to a runtime check.  It should
also increase the readability of the code as it replaces an unexplained
constant with a well defined macro.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index d466bd5186a1f320563e40db27689918da9facdb..6afc398c6a220a4a1d7e2a9af314ae1a05c00de3 100644 (file)
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1142,7 +1142,9 @@ static int cipso_v4_map_cat_rng_hton(const struct cipso_v4_doi *doi_def,
        u32 cat_size = 0;
 
        /* make sure we don't overflow the 'array[]' variable */
-       BUG_ON(net_cat_len > 30);
+       if (net_cat_len >
+           (CIPSO_V4_OPT_LEN_MAX - CIPSO_V4_HDR_LEN - CIPSO_V4_TAG_RNG_BLEN))
+               return -ENOSPC;
 
        for (;;) {
                iter = netlbl_secattr_catmap_walk(secattr->mls_cat, iter + 1);