Smack: Fix IPv6 handling of 0 secmark
Handle the case where the skb for an IPv6 packet contains a 0 in the secmark for a packet generated locally. This can only happen for system packets, so allow the access. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
parent
4e328b0888
commit
f7450bc6e7
|
@ -3907,6 +3907,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
|
|||
#ifdef SMACK_IPV6_SECMARK_LABELING
|
||||
if (skb && skb->secmark != 0)
|
||||
skp = smack_from_secid(skb->secmark);
|
||||
else if (smk_ipv6_localhost(&sadd))
|
||||
break;
|
||||
else
|
||||
skp = smack_ipv6host_label(&sadd);
|
||||
if (skp == NULL)
|
||||
|
|
Loading…
Reference in New Issue
Block a user