summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2016-06-06 21:17:20 +0200
committerPaul Moore <paul@paul-moore.com>2016-06-06 21:17:20 +0200
commit0e0e36774081534783aa8eeb9f6fbddf98d3c061 (patch)
treec773e3db77e120826b2a0902786f5c8ef3cdc918
parentselinux: Only apply bounds checking to source types (diff)
downloadlinux-0e0e36774081534783aa8eeb9f6fbddf98d3c061.tar.xz
linux-0e0e36774081534783aa8eeb9f6fbddf98d3c061.zip
netlabel: add address family checks to netlbl_{sock,req}_delattr()
It seems risky to always rely on the caller to ensure the socket's address family is correct before passing it to the NetLabel kAPI, especially since we see at least one LSM which didn't. Add address family checks to the *_delattr() functions to help prevent future problems. Cc: <stable@vger.kernel.org> Reported-by: Maninder Singh <maninder1.s@samsung.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--net/netlabel/netlabel_kapi.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 1325776daa27..bd007a9fd921 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -824,7 +824,11 @@ socket_setattr_return:
*/
void netlbl_sock_delattr(struct sock *sk)
{
- cipso_v4_sock_delattr(sk);
+ switch (sk->sk_family) {
+ case AF_INET:
+ cipso_v4_sock_delattr(sk);
+ break;
+ }
}
/**
@@ -987,7 +991,11 @@ req_setattr_return:
*/
void netlbl_req_delattr(struct request_sock *req)
{
- cipso_v4_req_delattr(req);
+ switch (req->rsk_ops->family) {
+ case AF_INET:
+ cipso_v4_req_delattr(req);
+ break;
+ }
}
/**