selinux: correctly handle sa_family cases in selinux_sctp_bind_connect()

Allow to pass the socket address structure with AF_UNSPEC family for
compatibility purposes. selinux_socket_bind() will further check it
for INADDR_ANY and selinux_socket_connect_helper() should return
EINVAL.

For a bad address family return EINVAL instead of AFNOSUPPORT error,
i.e. what is expected from SCTP protocol in such case.

Fixes: d452930fd3b9 ("selinux: Add SCTP support")
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f5f2d6a582f0..efeb1db8f61d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5269,6 +5269,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
         while (walk_size < addrlen) {
                 addr = addr_buf;
                 switch (addr->sa_family) {
+                case AF_UNSPEC:
                 case AF_INET:
                         len = sizeof(struct sockaddr_in);
                         break;
@@ -5276,7 +5277,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
                         len = sizeof(struct sockaddr_in6);
                         break;
                 default:
-                        return -EAFNOSUPPORT;
+                        return -EINVAL;
                 }
 
                 err = -EINVAL;