lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 May 2019 11:37:58 +0200 From: Paolo Abeni <pabeni@...hat.com> To: netdev@...r.kernel.org Cc: selinux@...r.kernel.org, Paul Moore <paul@...l-moore.com>, David Miller <davem@...emloft.net> Subject: [PATCH net v2] Revert "selinux: do not report error on connect(AF_UNSPEC)" This reverts commit c7e0d6cca86581092cbbf2cd868b3601495554cf. It was agreed a slightly different fix via the selinux tree. v1 -> v2: - use the correct reverted commit hash Signed-off-by: Paolo Abeni <pabeni@...hat.com> --- Note: this is targeting the 'net' tree --- security/selinux/hooks.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d82b87c16b0a..c61787b15f27 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4649,7 +4649,7 @@ static int selinux_socket_connect_helper(struct socket *sock, struct lsm_network_audit net = {0,}; struct sockaddr_in *addr4 = NULL; struct sockaddr_in6 *addr6 = NULL; - unsigned short snum = 0; + unsigned short snum; u32 sid, perm; /* sctp_connectx(3) calls via selinux_sctp_bind_connect() @@ -4674,12 +4674,12 @@ static int selinux_socket_connect_helper(struct socket *sock, break; default: /* Note that SCTP services expect -EINVAL, whereas - * others must handle this at the protocol level: - * connect(AF_UNSPEC) on a connected socket is - * a documented way disconnect the socket. + * others expect -EAFNOSUPPORT. */ if (sksec->sclass == SECCLASS_SCTP_SOCKET) return -EINVAL; + else + return -EAFNOSUPPORT; } err = sel_netport_sid(sk->sk_protocol, snum, &sid); -- 2.20.1
Powered by blists - more mailing lists