Skip to content

Commit 345591f

Browse files
JeremiahM37JeremiahM37
committed
fail closed in wolfIP filter glue
1 parent eef64a0 commit 345591f

1 file changed

Lines changed: 10 additions & 7 deletions

File tree

src/wolfip/packet_filter_glue.c

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,9 @@ static int wolfip_dispatch_event(
163163
if (WOLFSENTRY_THREAD_TAILER(WOLFSENTRY_THREAD_FLAG_NONE) < 0)
164164
return -WOLFIP_EACCES;
165165

166+
if (ws_ret < 0)
167+
return -WOLFIP_EACCES;
168+
166169
if (wolfip_action_rejects(*action_results))
167170
return -WOLFIP_EACCES;
168171

@@ -209,7 +212,7 @@ static int wolfip_filter_ethernet(
209212
action_results = WOLFSENTRY_ACTION_RES_SOCK_ERROR;
210213
break;
211214
default:
212-
return 0;
215+
return -WOLFIP_EACCES;
213216
}
214217

215218
wolfip_set_link_sockaddrs(&remote.remote, &local.local, event, outbound);
@@ -261,7 +264,7 @@ static int wolfip_filter_ipv4(
261264
action_results = WOLFSENTRY_ACTION_RES_SOCK_ERROR;
262265
break;
263266
default:
264-
return 0;
267+
return -WOLFIP_EACCES;
265268
}
266269

267270
wolfip_set_ipv4_sockaddrs(&remote.remote, &local.local, event, outbound);
@@ -360,7 +363,7 @@ static int wolfip_filter_tcp(
360363
action_results = WOLFSENTRY_ACTION_RES_DEROGATORY;
361364
break;
362365
default:
363-
return 0;
366+
return -WOLFIP_EACCES;
364367
}
365368

366369
wolfip_set_ipv4_sockaddrs(&remote.remote, &local.local, event, outbound);
@@ -442,7 +445,7 @@ static int wolfip_filter_udp(
442445
WOLFSENTRY_ACTION_RES_EXCLUDE_REJECT_ROUTES;
443446
break;
444447
default:
445-
return 0;
448+
return -WOLFIP_EACCES;
446449
}
447450

448451
wolfip_set_ipv4_sockaddrs(&remote.remote, &local.local, event, outbound);
@@ -504,7 +507,7 @@ static int wolfip_filter_icmp(
504507
action_results = WOLFSENTRY_ACTION_RES_SOCK_ERROR;
505508
break;
506509
default:
507-
return 0;
510+
return -WOLFIP_EACCES;
508511
}
509512

510513
wolfip_set_ipv4_sockaddrs(&remote.remote, &local.local, event, outbound);
@@ -519,7 +522,7 @@ static int wolfip_filter_with_wolfsentry(void *arg, const struct wolfIP_filter_e
519522
struct wolfsentry_context *wolfsentry = (struct wolfsentry_context *)arg;
520523

521524
if ((wolfsentry == NULL) || (event == NULL))
522-
return 0;
525+
return -WOLFIP_EACCES;
523526

524527
switch (event->meta.ip_proto) {
525528
case WOLFIP_FILTER_PROTO_ETH:
@@ -533,7 +536,7 @@ static int wolfip_filter_with_wolfsentry(void *arg, const struct wolfIP_filter_e
533536
case WOLFIP_FILTER_PROTO_ICMP:
534537
return wolfip_filter_icmp(wolfsentry, event);
535538
default:
536-
return 0;
539+
return -WOLFIP_EACCES;
537540
}
538541
}
539542

0 commit comments

Comments
 (0)