diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-02-13 18:03:34 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-13 19:21:20 -0500 |
commit | 2e1d146a19f2941aec08f60ca67fb2763baad595 (patch) | |
tree | 14831c6332b2d4004a7551354be46526a0c6f426 | |
parent | cba44359d15ac7a3bca2c9199b7ff403d7edc69e (diff) |
Smack: check for 'struct socket' with NULL sk
There's a small problem with smack and NFS. A similar report was also
sent here: http://lkml.org/lkml/2007/10/27/85
I've also added similar checks in inode_{get/set}security(). Cheating from
SELinux post_create_socket(), it does the same.
[akpm@linux-foundation.org: remove uneeded BUG_ON()]
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schuafler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | security/smack/smack_lsm.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1c11e4245859..5b690482f8cb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -701,7 +701,7 @@ static int smack_inode_getsecurity(const struct inode *inode, | |||
701 | return -EOPNOTSUPP; | 701 | return -EOPNOTSUPP; |
702 | 702 | ||
703 | sock = SOCKET_I(ip); | 703 | sock = SOCKET_I(ip); |
704 | if (sock == NULL) | 704 | if (sock == NULL || sock->sk == NULL) |
705 | return -EOPNOTSUPP; | 705 | return -EOPNOTSUPP; |
706 | 706 | ||
707 | ssp = sock->sk->sk_security; | 707 | ssp = sock->sk->sk_security; |
@@ -1280,10 +1280,11 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp) | |||
1280 | */ | 1280 | */ |
1281 | static int smack_netlabel(struct sock *sk) | 1281 | static int smack_netlabel(struct sock *sk) |
1282 | { | 1282 | { |
1283 | struct socket_smack *ssp = sk->sk_security; | 1283 | struct socket_smack *ssp; |
1284 | struct netlbl_lsm_secattr secattr; | 1284 | struct netlbl_lsm_secattr secattr; |
1285 | int rc = 0; | 1285 | int rc = 0; |
1286 | 1286 | ||
1287 | ssp = sk->sk_security; | ||
1287 | netlbl_secattr_init(&secattr); | 1288 | netlbl_secattr_init(&secattr); |
1288 | smack_to_secattr(ssp->smk_out, &secattr); | 1289 | smack_to_secattr(ssp->smk_out, &secattr); |
1289 | if (secattr.flags != NETLBL_SECATTR_NONE) | 1290 | if (secattr.flags != NETLBL_SECATTR_NONE) |
@@ -1331,7 +1332,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
1331 | return -EOPNOTSUPP; | 1332 | return -EOPNOTSUPP; |
1332 | 1333 | ||
1333 | sock = SOCKET_I(inode); | 1334 | sock = SOCKET_I(inode); |
1334 | if (sock == NULL) | 1335 | if (sock == NULL || sock->sk == NULL) |
1335 | return -EOPNOTSUPP; | 1336 | return -EOPNOTSUPP; |
1336 | 1337 | ||
1337 | ssp = sock->sk->sk_security; | 1338 | ssp = sock->sk->sk_security; |
@@ -1362,7 +1363,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, | |||
1362 | static int smack_socket_post_create(struct socket *sock, int family, | 1363 | static int smack_socket_post_create(struct socket *sock, int family, |
1363 | int type, int protocol, int kern) | 1364 | int type, int protocol, int kern) |
1364 | { | 1365 | { |
1365 | if (family != PF_INET) | 1366 | if (family != PF_INET || sock->sk == NULL) |
1366 | return 0; | 1367 | return 0; |
1367 | /* | 1368 | /* |
1368 | * Set the outbound netlbl. | 1369 | * Set the outbound netlbl. |