diff options
| author | Paul Moore <paul.moore@hp.com> | 2009-02-27 15:00:03 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-03-01 17:30:04 -0500 |
| commit | d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02 (patch) | |
| tree | 1557550ed6478a38cc04ad480a5977580d97b5cd /security | |
| parent | 778ef1e6cbb049c9bcbf405936ee6f2b6e451892 (diff) | |
selinux: Fix a panic in selinux_netlbl_inode_permission()
Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission()
caused by a certain sequence of SUNRPC operations. The problem appears to be
due to the lack of NULL pointer checking in the function; this patch adds the
pointer checks so the function will exit safely in the cases where the socket
is not completely initialized.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/netlabel.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 3f4b26647386..350794ab9b42 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c | |||
| @@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) | |||
| 386 | if (!S_ISSOCK(inode->i_mode) || | 386 | if (!S_ISSOCK(inode->i_mode) || |
| 387 | ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) | 387 | ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) |
| 388 | return 0; | 388 | return 0; |
| 389 | |||
| 390 | sock = SOCKET_I(inode); | 389 | sock = SOCKET_I(inode); |
| 391 | sk = sock->sk; | 390 | sk = sock->sk; |
| 391 | if (sk == NULL) | ||
| 392 | return 0; | ||
| 392 | sksec = sk->sk_security; | 393 | sksec = sk->sk_security; |
| 393 | if (sksec->nlbl_state != NLBL_REQUIRE) | 394 | if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) |
| 394 | return 0; | 395 | return 0; |
| 395 | 396 | ||
| 396 | local_bh_disable(); | 397 | local_bh_disable(); |