summaryrefslogtreecommitdiffstats
path: root/security/smack
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2015-11-08 19:54:08 +0100
committerDavid S. Miller <davem@davemloft.net>2015-11-09 02:56:38 +0100
commit8827d90e29e664aa959817467a3da72041ca2269 (patch)
treeb93d7f1df7eeb6411f300f9b94e1737f96ff350e /security/smack
parentnet: add skb_to_full_sk() helper and use it in selinux_netlbl_skbuff_setsid() (diff)
downloadlinux-8827d90e29e664aa959817467a3da72041ca2269.tar.xz
linux-8827d90e29e664aa959817467a3da72041ca2269.zip
smack: use skb_to_full_sk() helper
This module wants to access sk->sk_security, which is not available for request sockets. Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_netfilter.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index 6d1706c9777e..aa6bf1b22ec5 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -17,6 +17,7 @@
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netdevice.h>
+#include <net/inet_sock.h>
#include "smack.h"
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
@@ -25,11 +26,12 @@ static unsigned int smack_ipv6_output(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ struct sock *sk = skb_to_full_sk(skb);
struct socket_smack *ssp;
struct smack_known *skp;
- if (skb && skb->sk && skb->sk->sk_security) {
- ssp = skb->sk->sk_security;
+ if (sk && sk->sk_security) {
+ ssp = sk->sk_security;
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}
@@ -42,11 +44,12 @@ static unsigned int smack_ipv4_output(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ struct sock *sk = skb_to_full_sk(skb);
struct socket_smack *ssp;
struct smack_known *skp;
- if (skb && skb->sk && skb->sk->sk_security) {
- ssp = skb->sk->sk_security;
+ if (sk && sk->sk_security) {
+ ssp = sk->sk_security;
skp = ssp->smk_out;
skb->secmark = skp->smk_secid;
}