Smack: Fix IPv6 handling of 0 secmark

Handle the case where the skb for an IPv6 packet contains
a 0 in the secmark for a packet generated locally. This
can only happen for system packets, so allow the access.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Casey Schaufler 2019-04-03 14:28:38 -07:00
parent 4e328b0888
commit f7450bc6e7

View File

@ -3907,6 +3907,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
#ifdef SMACK_IPV6_SECMARK_LABELING
if (skb && skb->secmark != 0)
skp = smack_from_secid(skb->secmark);
else if (smk_ipv6_localhost(&sadd))
break;
else
skp = smack_ipv6host_label(&sadd);
if (skp == NULL)