diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1126c10a5e82..86305c2f555a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1090,7 +1090,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc | |||
| 1090 | return SECCLASS_NETLINK_ROUTE_SOCKET; | 1090 | return SECCLASS_NETLINK_ROUTE_SOCKET; |
| 1091 | case NETLINK_FIREWALL: | 1091 | case NETLINK_FIREWALL: |
| 1092 | return SECCLASS_NETLINK_FIREWALL_SOCKET; | 1092 | return SECCLASS_NETLINK_FIREWALL_SOCKET; |
| 1093 | case NETLINK_INET_DIAG: | 1093 | case NETLINK_SOCK_DIAG: |
| 1094 | return SECCLASS_NETLINK_TCPDIAG_SOCKET; | 1094 | return SECCLASS_NETLINK_TCPDIAG_SOCKET; |
| 1095 | case NETLINK_NFLOG: | 1095 | case NETLINK_NFLOG: |
| 1096 | return SECCLASS_NETLINK_NFLOG_SOCKET; | 1096 | return SECCLASS_NETLINK_NFLOG_SOCKET; |
| @@ -3561,19 +3561,20 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, | |||
| 3561 | u8 nexthdr; | 3561 | u8 nexthdr; |
| 3562 | int ret = -EINVAL, offset; | 3562 | int ret = -EINVAL, offset; |
| 3563 | struct ipv6hdr _ipv6h, *ip6; | 3563 | struct ipv6hdr _ipv6h, *ip6; |
| 3564 | __be16 frag_off; | ||
| 3564 | 3565 | ||
| 3565 | offset = skb_network_offset(skb); | 3566 | offset = skb_network_offset(skb); |
| 3566 | ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); | 3567 | ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); |
| 3567 | if (ip6 == NULL) | 3568 | if (ip6 == NULL) |
| 3568 | goto out; | 3569 | goto out; |
| 3569 | 3570 | ||
| 3570 | ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr); | 3571 | ad->u.net.v6info.saddr = ip6->saddr; |
| 3571 | ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr); | 3572 | ad->u.net.v6info.daddr = ip6->daddr; |
| 3572 | ret = 0; | 3573 | ret = 0; |
| 3573 | 3574 | ||
| 3574 | nexthdr = ip6->nexthdr; | 3575 | nexthdr = ip6->nexthdr; |
| 3575 | offset += sizeof(_ipv6h); | 3576 | offset += sizeof(_ipv6h); |
| 3576 | offset = ipv6_skip_exthdr(skb, offset, &nexthdr); | 3577 | offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); |
| 3577 | if (offset < 0) | 3578 | if (offset < 0) |
| 3578 | goto out; | 3579 | goto out; |
| 3579 | 3580 | ||
| @@ -3871,7 +3872,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in | |||
| 3871 | if (family == PF_INET) | 3872 | if (family == PF_INET) |
| 3872 | ad.u.net.v4info.saddr = addr4->sin_addr.s_addr; | 3873 | ad.u.net.v4info.saddr = addr4->sin_addr.s_addr; |
| 3873 | else | 3874 | else |
| 3874 | ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr); | 3875 | ad.u.net.v6info.saddr = addr6->sin6_addr; |
| 3875 | 3876 | ||
| 3876 | err = avc_has_perm(sksec->sid, sid, | 3877 | err = avc_has_perm(sksec->sid, sid, |
| 3877 | sksec->sclass, node_perm, &ad); | 3878 | sksec->sclass, node_perm, &ad); |