diff options
| author | James Morris <jamorris@linux.microsoft.com> | 2019-04-30 12:06:51 -0400 |
|---|---|---|
| committer | James Morris <jamorris@linux.microsoft.com> | 2019-04-30 12:06:51 -0400 |
| commit | 5f9b4992b722d31226607d611658408cd2c50fd1 (patch) | |
| tree | 0b730e3c6ee888c224a0d570facb503bc5abad59 /security | |
| parent | f075b344c6ca7730c910e7d2ba667e9dad652435 (diff) | |
| parent | b9ef5513c99bf9c8bfd9c9e8051b67f52b2dee1e (diff) | |
Merge branch 'smack-for-5.2-b' of https://github.com/cschaufler/next-smack into next-smack
Smack: Fix IPv6 handling of 0 secmark (2019-04-03 14:28:38 -0700)
Diffstat (limited to 'security')
| -rw-r--r-- | security/smack/smack_lsm.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index b9abcdb36a73..b5b333d72637 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -2806,13 +2806,17 @@ static int smack_socket_socketpair(struct socket *socka, | |||
| 2806 | * | 2806 | * |
| 2807 | * Records the label bound to a port. | 2807 | * Records the label bound to a port. |
| 2808 | * | 2808 | * |
| 2809 | * Returns 0 | 2809 | * Returns 0 on success, and error code otherwise |
| 2810 | */ | 2810 | */ |
| 2811 | static int smack_socket_bind(struct socket *sock, struct sockaddr *address, | 2811 | static int smack_socket_bind(struct socket *sock, struct sockaddr *address, |
| 2812 | int addrlen) | 2812 | int addrlen) |
| 2813 | { | 2813 | { |
| 2814 | if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) | 2814 | if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { |
| 2815 | if (addrlen < SIN6_LEN_RFC2133 || | ||
| 2816 | address->sa_family != AF_INET6) | ||
| 2817 | return -EINVAL; | ||
| 2815 | smk_ipv6_port_label(sock, address); | 2818 | smk_ipv6_port_label(sock, address); |
| 2819 | } | ||
| 2816 | return 0; | 2820 | return 0; |
| 2817 | } | 2821 | } |
| 2818 | #endif /* SMACK_IPV6_PORT_LABELING */ | 2822 | #endif /* SMACK_IPV6_PORT_LABELING */ |
| @@ -2848,12 +2852,13 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, | |||
| 2848 | 2852 | ||
| 2849 | switch (sock->sk->sk_family) { | 2853 | switch (sock->sk->sk_family) { |
| 2850 | case PF_INET: | 2854 | case PF_INET: |
| 2851 | if (addrlen < sizeof(struct sockaddr_in)) | 2855 | if (addrlen < sizeof(struct sockaddr_in) || |
| 2856 | sap->sa_family != AF_INET) | ||
| 2852 | return -EINVAL; | 2857 | return -EINVAL; |
| 2853 | rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); | 2858 | rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); |
| 2854 | break; | 2859 | break; |
| 2855 | case PF_INET6: | 2860 | case PF_INET6: |
| 2856 | if (addrlen < sizeof(struct sockaddr_in6)) | 2861 | if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6) |
| 2857 | return -EINVAL; | 2862 | return -EINVAL; |
| 2858 | #ifdef SMACK_IPV6_SECMARK_LABELING | 2863 | #ifdef SMACK_IPV6_SECMARK_LABELING |
| 2859 | rsp = smack_ipv6host_label(sip); | 2864 | rsp = smack_ipv6host_label(sip); |
| @@ -3683,9 +3688,15 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, | |||
| 3683 | 3688 | ||
| 3684 | switch (sock->sk->sk_family) { | 3689 | switch (sock->sk->sk_family) { |
| 3685 | case AF_INET: | 3690 | case AF_INET: |
| 3691 | if (msg->msg_namelen < sizeof(struct sockaddr_in) || | ||
| 3692 | sip->sin_family != AF_INET) | ||
| 3693 | return -EINVAL; | ||
| 3686 | rc = smack_netlabel_send(sock->sk, sip); | 3694 | rc = smack_netlabel_send(sock->sk, sip); |
| 3687 | break; | 3695 | break; |
| 3688 | case AF_INET6: | 3696 | case AF_INET6: |
| 3697 | if (msg->msg_namelen < SIN6_LEN_RFC2133 || | ||
| 3698 | sap->sin6_family != AF_INET6) | ||
| 3699 | return -EINVAL; | ||
| 3689 | #ifdef SMACK_IPV6_SECMARK_LABELING | 3700 | #ifdef SMACK_IPV6_SECMARK_LABELING |
| 3690 | rsp = smack_ipv6host_label(sap); | 3701 | rsp = smack_ipv6host_label(sap); |
| 3691 | if (rsp != NULL) | 3702 | if (rsp != NULL) |