diff options
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/Kconfig | 1 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 10 | ||||
| -rw-r--r-- | security/selinux/include/netlabel.h | 16 | ||||
| -rw-r--r-- | security/selinux/netlabel.c | 16 |
4 files changed, 11 insertions, 32 deletions
diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig index 55f032f1fc2d..5711689deb6a 100644 --- a/security/selinux/Kconfig +++ b/security/selinux/Kconfig @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: GPL-2.0-only config SECURITY_SELINUX bool "NSA SELinux Support" depends on SECURITY_NETWORK && AUDIT && NET && INET diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c61787b15f27..3ec702cf46ca 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4637,6 +4637,14 @@ static int selinux_socket_connect_helper(struct socket *sock, err = sock_has_perm(sk, SOCKET__CONNECT); if (err) return err; + if (addrlen < offsetofend(struct sockaddr, sa_family)) + return -EINVAL; + + /* connect(AF_UNSPEC) has special handling, as it is a documented + * way to disconnect the socket + */ + if (address->sa_family == AF_UNSPEC) + return 0; /* * If a TCP, DCCP or SCTP socket, check name_connect permission @@ -4657,8 +4665,6 @@ static int selinux_socket_connect_helper(struct socket *sock, * need to check address->sa_family as it is possible to have * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. */ - if (addrlen < offsetofend(struct sockaddr, sa_family)) - return -EINVAL; switch (address->sa_family) { case AF_INET: addr4 = (struct sockaddr_in *)address; diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h index 8671de09c363..d30d8d7cdc9c 100644 --- a/security/selinux/include/netlabel.h +++ b/security/selinux/include/netlabel.h @@ -1,26 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* * SELinux interface to the NetLabel subsystem * * Author: Paul Moore <paul@paul-moore.com> - * */ /* * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * */ #ifndef _SELINUX_NETLABEL_H_ diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 6fd9954e1c08..abaab7683840 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -1,3 +1,4 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * SELinux NetLabel Support * @@ -5,25 +6,10 @@ * subsystem. * * Author: Paul Moore <paul@paul-moore.com> - * */ /* * (c) Copyright Hewlett-Packard Development Company, L.P., 2007, 2008 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See - * the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * */ #include <linux/spinlock.h> |