Commit 2e1d146a authored by Ahmed S. Darwish's avatar Ahmed S. Darwish Committed by Linus Torvalds
Browse files

Smack: check for 'struct socket' with NULL sk

There's a small problem with smack and NFS. A similar report was also
sent here: http://lkml.org/lkml/2007/10/27/85



I've also added similar checks in inode_{get/set}security().  Cheating from
SELinux post_create_socket(), it does the same.

[akpm@linux-foundation.org: remove uneeded BUG_ON()]
Signed-off-by: default avatarAhmed S. Darwish <darwish.07@gmail.com>
Acked-by: default avatarCasey Schaufler <casey@schuafler-ca.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent cba44359
......@@ -701,7 +701,7 @@ static int smack_inode_getsecurity(const struct inode *inode,
return -EOPNOTSUPP;
sock = SOCKET_I(ip);
if (sock == NULL)
if (sock == NULL || sock->sk == NULL)
return -EOPNOTSUPP;
ssp = sock->sk->sk_security;
......@@ -1280,10 +1280,11 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
*/
static int smack_netlabel(struct sock *sk)
{
struct socket_smack *ssp = sk->sk_security;
struct socket_smack *ssp;
struct netlbl_lsm_secattr secattr;
int rc = 0;
ssp = sk->sk_security;
netlbl_secattr_init(&secattr);
smack_to_secattr(ssp->smk_out, &secattr);
if (secattr.flags != NETLBL_SECATTR_NONE)
......@@ -1331,7 +1332,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
return -EOPNOTSUPP;
sock = SOCKET_I(inode);
if (sock == NULL)
if (sock == NULL || sock->sk == NULL)
return -EOPNOTSUPP;
ssp = sock->sk->sk_security;
......@@ -1362,7 +1363,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
static int smack_socket_post_create(struct socket *sock, int family,
int type, int protocol, int kern)
{
if (family != PF_INET)
if (family != PF_INET || sock->sk == NULL)
return 0;
/*
* Set the outbound netlbl.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment