diff options
| author | Mauro Carvalho Chehab <mchehab+samsung@kernel.org> | 2019-05-28 11:21:51 -0400 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab+samsung@kernel.org> | 2019-05-28 11:21:51 -0400 |
| commit | 1e0566fd4a81bac04aed6af818e6938e6c71d389 (patch) | |
| tree | 38df614f2951905d48f744c1a9393afd3b34ce4e /security/selinux/hooks.c | |
| parent | 2c41cc0be07b5ee2f1167f41cd8a86fc5b53d82c (diff) | |
| parent | cd6c84d8f0cdc911df435bb075ba22ce3c605b07 (diff) | |
| download | linux-next-1e0566fd4a81bac04aed6af818e6938e6c71d389.tar.gz | |
Merge tag 'v5.2-rc2' into patchwork
Merge back from upstream into media tree, as there are some
patches merged upstream that has pontential of causing
conflicts (one actually rised a conflict already).
Linux 5.2-rc2
* tag 'v5.2-rc2': (377 commits)
Linux 5.2-rc2
random: fix soft lockup when trying to read from an uninitialized blocking pool
tracing: Silence GCC 9 array bounds warning
ext4: fix dcache lookup of !casefolded directories
locking/lock_events: Use this_cpu_add() when necessary
KVM: x86: fix return value for reserved EFER
tools/kvm_stat: fix fields filter for child events
KVM: selftests: Wrap vcpu_nested_state_get/set functions with x86 guard
kvm: selftests: aarch64: compile with warnings on
kvm: selftests: aarch64: fix default vm mode
kvm: selftests: aarch64: dirty_log_test: fix unaligned memslot size
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
KVM: x86/pmu: do not mask the value that is written to fixed PMUs
KVM: x86/pmu: mask the result of rdpmc according to the width of the counters
x86/kvm/pmu: Set AMD's virt PMU version to 1
KVM: x86: do not spam dmesg with VMCS/VMCB dumps
kvm: Check irqchip mode before assign irqfd
kvm: svm/avic: fix off-by-one in checking host APIC ID
KVM: selftests: do not blindly clobber registers in guest asm
KVM: selftests: Remove duplicated TEST_ASSERT in hyperv_cpuid.c
...
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c61787b15f27..3ec702cf46ca 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4637,6 +4637,14 @@ static int selinux_socket_connect_helper(struct socket *sock, err = sock_has_perm(sk, SOCKET__CONNECT); if (err) return err; + if (addrlen < offsetofend(struct sockaddr, sa_family)) + return -EINVAL; + + /* connect(AF_UNSPEC) has special handling, as it is a documented + * way to disconnect the socket + */ + if (address->sa_family == AF_UNSPEC) + return 0; /* * If a TCP, DCCP or SCTP socket, check name_connect permission @@ -4657,8 +4665,6 @@ static int selinux_socket_connect_helper(struct socket *sock, * need to check address->sa_family as it is possible to have * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. */ - if (addrlen < offsetofend(struct sockaddr, sa_family)) - return -EINVAL; switch (address->sa_family) { case AF_INET: addr4 = (struct sockaddr_in *)address; |