selinux: Fix a panic in selinux_netlbl_inode_permission()
Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission() caused by a certain sequence of SUNRPC operations. The problem appears to be due to the lack of NULL pointer checking in the function; this patch adds the pointer checks so the function will exit safely in the cases where the socket is not completely initialized. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
778ef1e6cb
commit
d7f59dc464
|
@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
|
||||||
if (!S_ISSOCK(inode->i_mode) ||
|
if (!S_ISSOCK(inode->i_mode) ||
|
||||||
((mask & (MAY_WRITE | MAY_APPEND)) == 0))
|
((mask & (MAY_WRITE | MAY_APPEND)) == 0))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
sock = SOCKET_I(inode);
|
sock = SOCKET_I(inode);
|
||||||
sk = sock->sk;
|
sk = sock->sk;
|
||||||
|
if (sk == NULL)
|
||||||
|
return 0;
|
||||||
sksec = sk->sk_security;
|
sksec = sk->sk_security;
|
||||||
if (sksec->nlbl_state != NLBL_REQUIRE)
|
if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
local_bh_disable();
|
local_bh_disable();
|
||||||
|
|
Loading…
Reference in New Issue