Smack change for Linux 5.6
-----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJeO2KSAAoJEDilFXyMQ8gRvdAP/iQU5AUl4an9ZZpWIcgbotF7 EyDQrvtvfdVaDMOdq4Pf7uGs9CFYCpuhOTGE3nN4lpIHmpuS8hPqAC04Nmezcsrg oHPFsaGPShD6npQIwJhsrXIvj1ah7pAOn0uE7QCIKWd+dJGsWqL2uDtRZO1KV6Js N2w+T4ulrIs0dRqx6P8pGx8igGdpBCkS3Hz39+Ac+ng5SXgrS8QFivVspp4UgYqV 3E4tDw0QRsxJAyOigphndsmjtRWjTh3BKDX9q0hWUtNfk17OfqIbsvT6GlOMa5FX Ru2o6DG/DBjgZl+1nRomKTeEfmkD+8EQJVn8HXqsGdZRjcUeXJ1A9jw+c1OgHJg0 kYzC3EvFbj47x2N7EQiIRefOKJlGLEqjy4ASuEcgemLertBhu2bIp8g8fa0lgfpN 2RdGjXME7XnpVlmf8jhL+oJKvu8Us/5lw5sjDmx1lRA448aB+QMzUcj6bVBel8Ls UbjjNM4LA3+G7AQdtfOhth6P5ueqlKDrXIN7j/sijmMXrysfY4tgk15mSG1TtbQb y/9yVMsdatyRugdzEU/UyAN7D/RH011DVTztoans+SMvKFS9jxesIYSlopJJNDsI MMd8Ptirxa8sStjLnealZAIqFqe+S58torxm85nFwxTzkRuYLCLKmFH0KEI904Gn /oZZ6CIYoLYlerzQDNwF =WBOT -----END PGP SIGNATURE----- Merge tag 'Smack-for-5.6' of git://github.com/cschaufler/smack-next Pull smack fix from Casey Schaufler: "One fix for an obscure error found using an old version of ping(1) that did not use IPv6 sockets in the documented way" * tag 'Smack-for-5.6' of git://github.com/cschaufler/smack-next: broken ping to ipv6 linklocal addresses on debian buster
This commit is contained in:
commit
85e5529625
|
@ -2831,42 +2831,39 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
|
|||
int addrlen)
|
||||
{
|
||||
int rc = 0;
|
||||
#if IS_ENABLED(CONFIG_IPV6)
|
||||
struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
|
||||
#endif
|
||||
#ifdef SMACK_IPV6_SECMARK_LABELING
|
||||
struct smack_known *rsp;
|
||||
struct socket_smack *ssp;
|
||||
#endif
|
||||
|
||||
if (sock->sk == NULL)
|
||||
return 0;
|
||||
|
||||
if (sock->sk->sk_family != PF_INET &&
|
||||
(!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6))
|
||||
return 0;
|
||||
if (addrlen < offsetofend(struct sockaddr, sa_family))
|
||||
return 0;
|
||||
if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
|
||||
struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
|
||||
#ifdef SMACK_IPV6_SECMARK_LABELING
|
||||
ssp = sock->sk->sk_security;
|
||||
struct smack_known *rsp;
|
||||
#endif
|
||||
|
||||
switch (sock->sk->sk_family) {
|
||||
case PF_INET:
|
||||
if (addrlen < sizeof(struct sockaddr_in) ||
|
||||
sap->sa_family != AF_INET)
|
||||
return -EINVAL;
|
||||
rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
|
||||
break;
|
||||
case PF_INET6:
|
||||
if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6)
|
||||
return -EINVAL;
|
||||
if (addrlen < SIN6_LEN_RFC2133)
|
||||
return 0;
|
||||
#ifdef SMACK_IPV6_SECMARK_LABELING
|
||||
rsp = smack_ipv6host_label(sip);
|
||||
if (rsp != NULL)
|
||||
if (rsp != NULL) {
|
||||
struct socket_smack *ssp = sock->sk->sk_security;
|
||||
|
||||
rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
|
||||
SMK_CONNECTING);
|
||||
SMK_CONNECTING);
|
||||
}
|
||||
#endif
|
||||
#ifdef SMACK_IPV6_PORT_LABELING
|
||||
rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
|
||||
#endif
|
||||
break;
|
||||
return rc;
|
||||
}
|
||||
if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
|
||||
return 0;
|
||||
rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user