From patchwork Fri May 11 17:15:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kodanev X-Patchwork-Id: 10394761 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D29A560153 for ; Fri, 11 May 2018 17:06:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DAF2428F4F for ; Fri, 11 May 2018 17:06:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CFB6728F68; Fri, 11 May 2018 17:06:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5553428F4F for ; Fri, 11 May 2018 17:06:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751273AbeEKRGV (ORCPT ); Fri, 11 May 2018 13:06:21 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:46910 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750950AbeEKRGU (ORCPT ); Fri, 11 May 2018 13:06:20 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w4BH1rA5185011; Fri, 11 May 2018 17:05:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2017-10-26; bh=8rnPzc8pA40Rd8W2aHFAQLsGMwVZi+jWYYfSukvtkF0=; b=NRho8EckoGjX3Vz1KwMcZxLQXGYJ5+x2ToTmZsS/anOJmPslD6S+4kV/+IzN04uIuDcZ tbC/TmLyXjwgB/j0P15YtFuiSwp8vRQyNBYHqVcL7+XcVlPcRTxPSNbbX0a4c6UO6hfJ eYcN/BtQwPsWfcbpBA0qMwK1gso9kcPPBhnkrczjSo/aogZrnsTBO97JvFoSU/IvyLPu /+RXX/Tnf17UVbyrzpHTgNRRzFoGBTjm94qvFsccZmzPZfIRhygqsAsmXLhcVokZE9MA SHM4h3g3YqFJ8JPbUlv7q3AI6Vn9WWnN6qRE0YIVXZATmkxUMme8rP9tzMK/qd0jNWWF tw== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2130.oracle.com with ESMTP id 2hwabcsavv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 11 May 2018 17:05:45 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w4BH5iLt006809 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 11 May 2018 17:05:44 GMT Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w4BH5hlZ026301; Fri, 11 May 2018 17:05:44 GMT Received: from ak.ru.oracle.com (/10.162.80.29) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 11 May 2018 10:05:43 -0700 From: Alexey Kodanev To: selinux@tycho.nsa.gov Cc: Richard Haines , Paul Moore , Stephen Smalley , Eric Paris , linux-security-module@vger.kernel.org, netdev , Alexey Kodanev Subject: [PATCH v2 3/3] selinux: correctly handle sa_family cases in selinux_sctp_bind_connect() Date: Fri, 11 May 2018 20:15:13 +0300 Message-Id: <1526058913-14198-3-git-send-email-alexey.kodanev@oracle.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1526058913-14198-1-git-send-email-alexey.kodanev@oracle.com> References: <1526058913-14198-1-git-send-email-alexey.kodanev@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8890 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=13 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=678 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805110159 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Allow to pass the socket address structure with AF_UNSPEC family for compatibility purposes. selinux_socket_bind() will further check it for INADDR_ANY and selinux_socket_connect_helper() should return EINVAL. For a bad address family return EINVAL instead of AFNOSUPPORT error, i.e. what is expected from SCTP protocol in such case. Fixes: d452930fd3b9 ("selinux: Add SCTP support") Suggested-by: Paul Moore Signed-off-by: Alexey Kodanev --- v2: new patch in v2 security/selinux/hooks.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e7882e5a..be5817d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5277,6 +5277,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, while (walk_size < addrlen) { addr = addr_buf; switch (addr->sa_family) { + case AF_UNSPEC: case AF_INET: len = sizeof(struct sockaddr_in); break; @@ -5284,7 +5285,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, len = sizeof(struct sockaddr_in6); break; default: - return -EAFNOSUPPORT; + return -EINVAL; } err = -EINVAL;