diff options
| author | Richard Haines <richard_c_haines@btinternet.com> | 2018-03-02 14:54:34 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2018-03-02 16:09:09 -0500 |
| commit | 68741a8adab900fafb407532e6bae0887f14fbe0 (patch) | |
| tree | c5c9d56e701ff3154d4f5c262d95c4953fb0eca7 /security/selinux/hooks.c | |
| parent | e5a5ca96a42ca7eee19cf8694377308771350950 (diff) | |
selinux: Fix ltp test connect-syscall failure
Fix the following error when running regression tests using LTP as follows:
cd /opt/ltp/
cat runtest/syscalls |grep connect01>runtest/connect-syscall
./runltp -pq -f connect-syscall
Running tests.......
connect01 1 TPASS : bad file descriptor successful
connect01 2 TPASS : invalid socket buffer successful
connect01 3 TPASS : invalid salen successful
connect01 4 TPASS : invalid socket successful
connect01 5 TPASS : already connected successful
connect01 6 TPASS : connection refused successful
connect01 7 TFAIL : connect01.c:146: invalid address family ;
returned -1 (expected -1), errno 22 (expected 97)
INFO: ltp-pan reported some tests FAIL
LTP Version: 20180118
Reported-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 337fb325e5cc..e7eaef2ea021 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -4517,22 +4517,29 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 4517 | * need to check address->sa_family as it is possible to have | 4517 | * need to check address->sa_family as it is possible to have |
| 4518 | * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. | 4518 | * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. |
| 4519 | */ | 4519 | */ |
| 4520 | if (address->sa_family == AF_INET) { | 4520 | switch (address->sa_family) { |
| 4521 | if (addrlen < sizeof(struct sockaddr_in)) { | 4521 | case AF_INET: |
| 4522 | err = -EINVAL; | 4522 | if (addrlen < sizeof(struct sockaddr_in)) |
| 4523 | goto out; | 4523 | return -EINVAL; |
| 4524 | } | ||
| 4525 | addr4 = (struct sockaddr_in *)address; | 4524 | addr4 = (struct sockaddr_in *)address; |
| 4526 | snum = ntohs(addr4->sin_port); | 4525 | snum = ntohs(addr4->sin_port); |
| 4527 | addrp = (char *)&addr4->sin_addr.s_addr; | 4526 | addrp = (char *)&addr4->sin_addr.s_addr; |
| 4528 | } else { | 4527 | break; |
| 4529 | if (addrlen < SIN6_LEN_RFC2133) { | 4528 | case AF_INET6: |
| 4530 | err = -EINVAL; | 4529 | if (addrlen < SIN6_LEN_RFC2133) |
| 4531 | goto out; | 4530 | return -EINVAL; |
| 4532 | } | ||
| 4533 | addr6 = (struct sockaddr_in6 *)address; | 4531 | addr6 = (struct sockaddr_in6 *)address; |
| 4534 | snum = ntohs(addr6->sin6_port); | 4532 | snum = ntohs(addr6->sin6_port); |
| 4535 | addrp = (char *)&addr6->sin6_addr.s6_addr; | 4533 | addrp = (char *)&addr6->sin6_addr.s6_addr; |
| 4534 | break; | ||
| 4535 | default: | ||
| 4536 | /* Note that SCTP services expect -EINVAL, whereas | ||
| 4537 | * others expect -EAFNOSUPPORT. | ||
| 4538 | */ | ||
| 4539 | if (sksec->sclass == SECCLASS_SCTP_SOCKET) | ||
| 4540 | return -EINVAL; | ||
| 4541 | else | ||
| 4542 | return -EAFNOSUPPORT; | ||
| 4536 | } | 4543 | } |
| 4537 | 4544 | ||
| 4538 | if (snum) { | 4545 | if (snum) { |
| @@ -4636,16 +4643,27 @@ static int selinux_socket_connect_helper(struct socket *sock, | |||
| 4636 | * need to check address->sa_family as it is possible to have | 4643 | * need to check address->sa_family as it is possible to have |
| 4637 | * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. | 4644 | * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. |
| 4638 | */ | 4645 | */ |
| 4639 | if (address->sa_family == AF_INET) { | 4646 | switch (address->sa_family) { |
| 4647 | case AF_INET: | ||
| 4640 | addr4 = (struct sockaddr_in *)address; | 4648 | addr4 = (struct sockaddr_in *)address; |
| 4641 | if (addrlen < sizeof(struct sockaddr_in)) | 4649 | if (addrlen < sizeof(struct sockaddr_in)) |
| 4642 | return -EINVAL; | 4650 | return -EINVAL; |
| 4643 | snum = ntohs(addr4->sin_port); | 4651 | snum = ntohs(addr4->sin_port); |
| 4644 | } else { | 4652 | break; |
| 4653 | case AF_INET6: | ||
| 4645 | addr6 = (struct sockaddr_in6 *)address; | 4654 | addr6 = (struct sockaddr_in6 *)address; |
| 4646 | if (addrlen < SIN6_LEN_RFC2133) | 4655 | if (addrlen < SIN6_LEN_RFC2133) |
| 4647 | return -EINVAL; | 4656 | return -EINVAL; |
| 4648 | snum = ntohs(addr6->sin6_port); | 4657 | snum = ntohs(addr6->sin6_port); |
| 4658 | break; | ||
| 4659 | default: | ||
| 4660 | /* Note that SCTP services expect -EINVAL, whereas | ||
| 4661 | * others expect -EAFNOSUPPORT. | ||
| 4662 | */ | ||
| 4663 | if (sksec->sclass == SECCLASS_SCTP_SOCKET) | ||
| 4664 | return -EINVAL; | ||
| 4665 | else | ||
| 4666 | return -EAFNOSUPPORT; | ||
| 4649 | } | 4667 | } |
| 4650 | 4668 | ||
| 4651 | err = sel_netport_sid(sk->sk_protocol, snum, &sid); | 4669 | err = sel_netport_sid(sk->sk_protocol, snum, &sid); |