diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2013-08-05 16:21:22 -0400 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2013-08-06 06:53:54 -0400 |
| commit | 6ea062475a9a2ea6e1394487fa0e51b3459957d1 (patch) | |
| tree | 5bafb48025b8d504ea119ee77cc4838b7a1f22fa /security | |
| parent | c095ba7224d8edc71dcef0d655911399a8bd4a3f (diff) | |
Smack: IPv6 casting error fix for 3.11
The original implementation of the Smack IPv6 port based
local controls works most of the time using a sockaddr as
a temporary variable, but not always as it overflows in
some circumstances. The correct data is a sockaddr_in6.
A struct sockaddr isn't as large as a struct sockaddr_in6.
There would need to be casting one way or the other. This
patch gets it the right way.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/smack/smack_lsm.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f7682a387b7..eefbd10e408f 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1998,12 +1998,11 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) | |||
| 1998 | * | 1998 | * |
| 1999 | * Create or update the port list entry | 1999 | * Create or update the port list entry |
| 2000 | */ | 2000 | */ |
| 2001 | static int smk_ipv6_port_check(struct sock *sk, struct sockaddr *address, | 2001 | static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, |
| 2002 | int act) | 2002 | int act) |
| 2003 | { | 2003 | { |
| 2004 | __be16 *bep; | 2004 | __be16 *bep; |
| 2005 | __be32 *be32p; | 2005 | __be32 *be32p; |
| 2006 | struct sockaddr_in6 *addr6; | ||
| 2007 | struct smk_port_label *spp; | 2006 | struct smk_port_label *spp; |
| 2008 | struct socket_smack *ssp = sk->sk_security; | 2007 | struct socket_smack *ssp = sk->sk_security; |
| 2009 | struct smack_known *skp; | 2008 | struct smack_known *skp; |
| @@ -2025,10 +2024,9 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr *address, | |||
| 2025 | /* | 2024 | /* |
| 2026 | * Get the IP address and port from the address. | 2025 | * Get the IP address and port from the address. |
| 2027 | */ | 2026 | */ |
| 2028 | addr6 = (struct sockaddr_in6 *)address; | 2027 | port = ntohs(address->sin6_port); |
| 2029 | port = ntohs(addr6->sin6_port); | 2028 | bep = (__be16 *)(&address->sin6_addr); |
| 2030 | bep = (__be16 *)(&addr6->sin6_addr); | 2029 | be32p = (__be32 *)(&address->sin6_addr); |
| 2031 | be32p = (__be32 *)(&addr6->sin6_addr); | ||
| 2032 | 2030 | ||
| 2033 | /* | 2031 | /* |
| 2034 | * It's remote, so port lookup does no good. | 2032 | * It's remote, so port lookup does no good. |
| @@ -2060,9 +2058,9 @@ auditout: | |||
| 2060 | ad.a.u.net->family = sk->sk_family; | 2058 | ad.a.u.net->family = sk->sk_family; |
| 2061 | ad.a.u.net->dport = port; | 2059 | ad.a.u.net->dport = port; |
| 2062 | if (act == SMK_RECEIVING) | 2060 | if (act == SMK_RECEIVING) |
| 2063 | ad.a.u.net->v6info.saddr = addr6->sin6_addr; | 2061 | ad.a.u.net->v6info.saddr = address->sin6_addr; |
| 2064 | else | 2062 | else |
| 2065 | ad.a.u.net->v6info.daddr = addr6->sin6_addr; | 2063 | ad.a.u.net->v6info.daddr = address->sin6_addr; |
| 2066 | #endif | 2064 | #endif |
| 2067 | return smk_access(skp, object, MAY_WRITE, &ad); | 2065 | return smk_access(skp, object, MAY_WRITE, &ad); |
| 2068 | } | 2066 | } |
| @@ -2201,7 +2199,8 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, | |||
| 2201 | case PF_INET6: | 2199 | case PF_INET6: |
| 2202 | if (addrlen < sizeof(struct sockaddr_in6)) | 2200 | if (addrlen < sizeof(struct sockaddr_in6)) |
| 2203 | return -EINVAL; | 2201 | return -EINVAL; |
| 2204 | rc = smk_ipv6_port_check(sock->sk, sap, SMK_CONNECTING); | 2202 | rc = smk_ipv6_port_check(sock->sk, (struct sockaddr_in6 *)sap, |
| 2203 | SMK_CONNECTING); | ||
| 2205 | break; | 2204 | break; |
| 2206 | } | 2205 | } |
| 2207 | return rc; | 2206 | return rc; |
| @@ -3034,7 +3033,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, | |||
| 3034 | int size) | 3033 | int size) |
| 3035 | { | 3034 | { |
| 3036 | struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; | 3035 | struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name; |
| 3037 | struct sockaddr *sap = (struct sockaddr *) msg->msg_name; | 3036 | struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name; |
| 3038 | int rc = 0; | 3037 | int rc = 0; |
| 3039 | 3038 | ||
| 3040 | /* | 3039 | /* |
| @@ -3121,9 +3120,8 @@ static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap, | |||
| 3121 | return smack_net_ambient; | 3120 | return smack_net_ambient; |
| 3122 | } | 3121 | } |
| 3123 | 3122 | ||
| 3124 | static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr *sap) | 3123 | static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) |
| 3125 | { | 3124 | { |
| 3126 | struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; | ||
| 3127 | u8 nexthdr; | 3125 | u8 nexthdr; |
| 3128 | int offset; | 3126 | int offset; |
| 3129 | int proto = -EINVAL; | 3127 | int proto = -EINVAL; |
| @@ -3181,7 +3179,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
| 3181 | struct netlbl_lsm_secattr secattr; | 3179 | struct netlbl_lsm_secattr secattr; |
| 3182 | struct socket_smack *ssp = sk->sk_security; | 3180 | struct socket_smack *ssp = sk->sk_security; |
| 3183 | struct smack_known *skp; | 3181 | struct smack_known *skp; |
| 3184 | struct sockaddr sadd; | 3182 | struct sockaddr_in6 sadd; |
| 3185 | int rc = 0; | 3183 | int rc = 0; |
| 3186 | struct smk_audit_info ad; | 3184 | struct smk_audit_info ad; |
| 3187 | #ifdef CONFIG_AUDIT | 3185 | #ifdef CONFIG_AUDIT |