Smack: check for 'struct socket' with NULL sk

There's a small problem with smack and NFS. A similar report was also
sent here: http://lkml.org/lkml/2007/10/27/85

I've also added similar checks in inode_{get/set}security().  Cheating from
SELinux post_create_socket(), it does the same.

[akpm@linux-foundation.org: remove uneeded BUG_ON()]
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schuafler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Ahmed S. Darwish 2008-02-13 15:03:34 -08:00 committed by Linus Torvalds
parent cba44359d1
commit 2e1d146a19

View file

@ -701,7 +701,7 @@ static int smack_inode_getsecurity(const struct inode *inode,
return -EOPNOTSUPP; return -EOPNOTSUPP;
sock = SOCKET_I(ip); sock = SOCKET_I(ip);
if (sock == NULL) if (sock == NULL || sock->sk == NULL)
return -EOPNOTSUPP; return -EOPNOTSUPP;
ssp = sock->sk->sk_security; ssp = sock->sk->sk_security;
@ -1280,10 +1280,11 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
*/ */
static int smack_netlabel(struct sock *sk) static int smack_netlabel(struct sock *sk)
{ {
struct socket_smack *ssp = sk->sk_security; struct socket_smack *ssp;
struct netlbl_lsm_secattr secattr; struct netlbl_lsm_secattr secattr;
int rc = 0; int rc = 0;
ssp = sk->sk_security;
netlbl_secattr_init(&secattr); netlbl_secattr_init(&secattr);
smack_to_secattr(ssp->smk_out, &secattr); smack_to_secattr(ssp->smk_out, &secattr);
if (secattr.flags != NETLBL_SECATTR_NONE) if (secattr.flags != NETLBL_SECATTR_NONE)
@ -1331,7 +1332,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
return -EOPNOTSUPP; return -EOPNOTSUPP;
sock = SOCKET_I(inode); sock = SOCKET_I(inode);
if (sock == NULL) if (sock == NULL || sock->sk == NULL)
return -EOPNOTSUPP; return -EOPNOTSUPP;
ssp = sock->sk->sk_security; ssp = sock->sk->sk_security;
@ -1362,7 +1363,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
static int smack_socket_post_create(struct socket *sock, int family, static int smack_socket_post_create(struct socket *sock, int family,
int type, int protocol, int kern) int type, int protocol, int kern)
{ {
if (family != PF_INET) if (family != PF_INET || sock->sk == NULL)
return 0; return 0;
/* /*
* Set the outbound netlbl. * Set the outbound netlbl.