hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Smack: Fix IPv6 handling of 0 secmark 

Handle the case where the skb for an IPv6 packet contains
a 0 in the secmark for a packet generated locally. This
can only happen for system packets, so allow the access.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Casey Schaufler 2019-04-03 14:28:38 -07:00
parent 4e328b0888
commit f7450bc6e7
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/smack/smack_lsm.c
View File

@ -3907,6 +3907,8 @@ access_check:
#ifdef SMACK_IPV6_SECMARK_LABELING #ifdef SMACK_IPV6_SECMARK_LABELING
if (skb && skb->secmark != 0) if (skb && skb->secmark != 0)
skp = smack_from_secid(skb->secmark); skp = smack_from_secid(skb->secmark);
else if (smk_ipv6_localhost(&sadd))
break;
else else
skp = smack_ipv6host_label(&sadd); skp = smack_ipv6host_label(&sadd);
if (skp == NULL) if (skp == NULL)