Smack: check for 'struct socket' with NULL sk
There's a small problem with smack and NFS. A similar report was also sent here: http://lkml.org/lkml/2007/10/27/85 I've also added similar checks in inode_{get/set}security(). Cheating from SELinux post_create_socket(), it does the same. [akpm@linux-foundation.org: remove uneeded BUG_ON()] Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: Casey Schaufler <casey@schuafler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
cba44359d1
commit
2e1d146a19
1 changed files with 5 additions and 4 deletions
|
@ -701,7 +701,7 @@ static int smack_inode_getsecurity(const struct inode *inode,
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
sock = SOCKET_I(ip);
|
sock = SOCKET_I(ip);
|
||||||
if (sock == NULL)
|
if (sock == NULL || sock->sk == NULL)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
ssp = sock->sk->sk_security;
|
ssp = sock->sk->sk_security;
|
||||||
|
@ -1280,10 +1280,11 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
|
||||||
*/
|
*/
|
||||||
static int smack_netlabel(struct sock *sk)
|
static int smack_netlabel(struct sock *sk)
|
||||||
{
|
{
|
||||||
struct socket_smack *ssp = sk->sk_security;
|
struct socket_smack *ssp;
|
||||||
struct netlbl_lsm_secattr secattr;
|
struct netlbl_lsm_secattr secattr;
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
|
ssp = sk->sk_security;
|
||||||
netlbl_secattr_init(&secattr);
|
netlbl_secattr_init(&secattr);
|
||||||
smack_to_secattr(ssp->smk_out, &secattr);
|
smack_to_secattr(ssp->smk_out, &secattr);
|
||||||
if (secattr.flags != NETLBL_SECATTR_NONE)
|
if (secattr.flags != NETLBL_SECATTR_NONE)
|
||||||
|
@ -1331,7 +1332,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
sock = SOCKET_I(inode);
|
sock = SOCKET_I(inode);
|
||||||
if (sock == NULL)
|
if (sock == NULL || sock->sk == NULL)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
ssp = sock->sk->sk_security;
|
ssp = sock->sk->sk_security;
|
||||||
|
@ -1362,7 +1363,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
|
||||||
static int smack_socket_post_create(struct socket *sock, int family,
|
static int smack_socket_post_create(struct socket *sock, int family,
|
||||||
int type, int protocol, int kern)
|
int type, int protocol, int kern)
|
||||||
{
|
{
|
||||||
if (family != PF_INET)
|
if (family != PF_INET || sock->sk == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
/*
|
/*
|
||||||
* Set the outbound netlbl.
|
* Set the outbound netlbl.
|
||||||
|
|
Loading…
Reference in a new issue