diff options
author | James Morris <jamorris@linux.microsoft.com> | 2019-04-30 18:06:51 +0200 |
---|---|---|
committer | James Morris <jamorris@linux.microsoft.com> | 2019-04-30 18:06:51 +0200 |
commit | 5f9b4992b722d31226607d611658408cd2c50fd1 (patch) | |
tree | 0b730e3c6ee888c224a0d570facb503bc5abad59 /security | |
parent | Merge branch 'smack-for-5.2' of https://github.com/cschaufler/next-smack into... (diff) | |
parent | smack: Check address length before reading address family (diff) | |
download | linux-5f9b4992b722d31226607d611658408cd2c50fd1.tar.xz linux-5f9b4992b722d31226607d611658408cd2c50fd1.zip |
Merge branch 'smack-for-5.2-b' of https://github.com/cschaufler/next-smack into next-smack
Smack: Fix IPv6 handling of 0 secmark (2019-04-03 14:28:38 -0700)
Diffstat (limited to 'security')
-rw-r--r-- | security/smack/smack_lsm.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index b9abcdb36a73..b5b333d72637 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2806,13 +2806,17 @@ static int smack_socket_socketpair(struct socket *socka, * * Records the label bound to a port. * - * Returns 0 + * Returns 0 on success, and error code otherwise */ static int smack_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { - if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) + if (sock->sk != NULL && sock->sk->sk_family == PF_INET6) { + if (addrlen < SIN6_LEN_RFC2133 || + address->sa_family != AF_INET6) + return -EINVAL; smk_ipv6_port_label(sock, address); + } return 0; } #endif /* SMACK_IPV6_PORT_LABELING */ @@ -2848,12 +2852,13 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, switch (sock->sk->sk_family) { case PF_INET: - if (addrlen < sizeof(struct sockaddr_in)) + if (addrlen < sizeof(struct sockaddr_in) || + sap->sa_family != AF_INET) return -EINVAL; rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); break; case PF_INET6: - if (addrlen < sizeof(struct sockaddr_in6)) + if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6) return -EINVAL; #ifdef SMACK_IPV6_SECMARK_LABELING rsp = smack_ipv6host_label(sip); @@ -3683,9 +3688,15 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, switch (sock->sk->sk_family) { case AF_INET: + if (msg->msg_namelen < sizeof(struct sockaddr_in) || + sip->sin_family != AF_INET) + return -EINVAL; rc = smack_netlabel_send(sock->sk, sip); break; case AF_INET6: + if (msg->msg_namelen < SIN6_LEN_RFC2133 || + sap->sin6_family != AF_INET6) + return -EINVAL; #ifdef SMACK_IPV6_SECMARK_LABELING rsp = smack_ipv6host_label(sap); if (rsp != NULL) |