summaryrefslogtreecommitdiffstats
path: root/net/socket.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-06-07 01:15:56 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2018-06-07 01:15:56 +0200
commit10b1eb7d8ce5635a7deb273f8291d8a0a7681de1 (patch)
tree946b7d496a4e24db5120be376e075b52982fae83 /net/socket.c
parentMerge tag 'printk-for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/... (diff)
parentdh key: get rid of stack allocated array for zeroes (diff)
downloadlinux-10b1eb7d8ce5635a7deb273f8291d8a0a7681de1.tar.xz
linux-10b1eb7d8ce5635a7deb273f8291d8a0a7681de1.zip
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security system updates from James Morris: - incorporate new socketpair() hook into LSM and wire up the SELinux and Smack modules. From David Herrmann: "The idea is to allow SO_PEERSEC to be called on AF_UNIX sockets created via socketpair(2), and return the same information as if you emulated socketpair(2) via a temporary listener socket. Right now SO_PEERSEC will return the unlabeled credentials for a socketpair, rather than the actual credentials of the creating process." - remove the unused security_settime LSM hook (Sargun Dhillon). - remove some stack allocated arrays from the keys code (Tycho Andersen) * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: dh key: get rid of stack allocated array for zeroes dh key: get rid of stack allocated array big key: get rid of stack array allocation smack: provide socketpair callback selinux: provide socketpair callback net: hook socketpair() into LSM security: add hook for socketpair() security: remove security_settime
Diffstat (limited to 'net/socket.c')
-rw-r--r--net/socket.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/socket.c b/net/socket.c
index 2d752e9eb3f9..af57d85bcb48 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1445,6 +1445,13 @@ int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
goto out;
}
+ err = security_socket_socketpair(sock1, sock2);
+ if (unlikely(err)) {
+ sock_release(sock2);
+ sock_release(sock1);
+ goto out;
+ }
+
err = sock1->ops->socketpair(sock1, sock2);
if (unlikely(err < 0)) {
sock_release(sock2);