aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-02-13 18:03:34 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2008-02-13 19:21:20 -0500
commit2e1d146a19f2941aec08f60ca67fb2763baad595 (patch)
tree14831c6332b2d4004a7551354be46526a0c6f426
parentcba44359d15ac7a3bca2c9199b7ff403d7edc69e (diff)
Smack: check for 'struct socket' with NULL sk
There's a small problem with smack and NFS. A similar report was also sent here: http://lkml.org/lkml/2007/10/27/85 I've also added similar checks in inode_{get/set}security(). Cheating from SELinux post_create_socket(), it does the same. [akpm@linux-foundation.org: remove uneeded BUG_ON()] Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: Casey Schaufler <casey@schuafler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--security/smack/smack_lsm.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1c11e4245859..5b690482f8cb 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -701,7 +701,7 @@ static int smack_inode_getsecurity(const struct inode *inode,
701 return -EOPNOTSUPP; 701 return -EOPNOTSUPP;
702 702
703 sock = SOCKET_I(ip); 703 sock = SOCKET_I(ip);
704 if (sock == NULL) 704 if (sock == NULL || sock->sk == NULL)
705 return -EOPNOTSUPP; 705 return -EOPNOTSUPP;
706 706
707 ssp = sock->sk->sk_security; 707 ssp = sock->sk->sk_security;
@@ -1280,10 +1280,11 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
1280 */ 1280 */
1281static int smack_netlabel(struct sock *sk) 1281static int smack_netlabel(struct sock *sk)
1282{ 1282{
1283 struct socket_smack *ssp = sk->sk_security; 1283 struct socket_smack *ssp;
1284 struct netlbl_lsm_secattr secattr; 1284 struct netlbl_lsm_secattr secattr;
1285 int rc = 0; 1285 int rc = 0;
1286 1286
1287 ssp = sk->sk_security;
1287 netlbl_secattr_init(&secattr); 1288 netlbl_secattr_init(&secattr);
1288 smack_to_secattr(ssp->smk_out, &secattr); 1289 smack_to_secattr(ssp->smk_out, &secattr);
1289 if (secattr.flags != NETLBL_SECATTR_NONE) 1290 if (secattr.flags != NETLBL_SECATTR_NONE)
@@ -1331,7 +1332,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
1331 return -EOPNOTSUPP; 1332 return -EOPNOTSUPP;
1332 1333
1333 sock = SOCKET_I(inode); 1334 sock = SOCKET_I(inode);
1334 if (sock == NULL) 1335 if (sock == NULL || sock->sk == NULL)
1335 return -EOPNOTSUPP; 1336 return -EOPNOTSUPP;
1336 1337
1337 ssp = sock->sk->sk_security; 1338 ssp = sock->sk->sk_security;
@@ -1362,7 +1363,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
1362static int smack_socket_post_create(struct socket *sock, int family, 1363static int smack_socket_post_create(struct socket *sock, int family,
1363 int type, int protocol, int kern) 1364 int type, int protocol, int kern)
1364{ 1365{
1365 if (family != PF_INET) 1366 if (family != PF_INET || sock->sk == NULL)
1366 return 0; 1367 return 0;
1367 /* 1368 /*
1368 * Set the outbound netlbl. 1369 * Set the outbound netlbl.