Smack: check for 'struct socket' with NULL sk
There's a small problem with smack and NFS. A similar report was also sent here: http://lkml.org/lkml/2007/10/27/85 I've also added similar checks in inode_{get/set}security(). Cheating from SELinux post_create_socket(), it does the same. [akpm@linux-foundation.org: remove uneeded BUG_ON()] Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: Casey Schaufler <casey@schuafler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
cba44359d1
commit
2e1d146a19
|
@ -701,7 +701,7 @@ static int smack_inode_getsecurity(const struct inode *inode,
|
|||
return -EOPNOTSUPP;
|
||||
|
||||
sock = SOCKET_I(ip);
|
||||
if (sock == NULL)
|
||||
if (sock == NULL || sock->sk == NULL)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
ssp = sock->sk->sk_security;
|
||||
|
@ -1280,10 +1280,11 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
|
|||
*/
|
||||
static int smack_netlabel(struct sock *sk)
|
||||
{
|
||||
struct socket_smack *ssp = sk->sk_security;
|
||||
struct socket_smack *ssp;
|
||||
struct netlbl_lsm_secattr secattr;
|
||||
int rc = 0;
|
||||
|
||||
ssp = sk->sk_security;
|
||||
netlbl_secattr_init(&secattr);
|
||||
smack_to_secattr(ssp->smk_out, &secattr);
|
||||
if (secattr.flags != NETLBL_SECATTR_NONE)
|
||||
|
@ -1331,7 +1332,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
|
|||
return -EOPNOTSUPP;
|
||||
|
||||
sock = SOCKET_I(inode);
|
||||
if (sock == NULL)
|
||||
if (sock == NULL || sock->sk == NULL)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
ssp = sock->sk->sk_security;
|
||||
|
@ -1362,7 +1363,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
|
|||
static int smack_socket_post_create(struct socket *sock, int family,
|
||||
int type, int protocol, int kern)
|
||||
{
|
||||
if (family != PF_INET)
|
||||
if (family != PF_INET || sock->sk == NULL)
|
||||
return 0;
|
||||
/*
|
||||
* Set the outbound netlbl.
|
||||
|
|
Loading…
Reference in New Issue