Commit 735c736e authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] selinux: check return value for receive node permission

From: James Morris <jmorris@redhat.com>

This patch fixes a bug where the return value for a permission call is not 
checked.

The bug was introduced when I added some code in the following changeset:

<http://linux.bkbits.net:8080/linux-2.5/diffs/security/selinux/hooks.c@1.19?nav=index.html|src/|src/security|src/security/selinux|hist/security/selinux/hooks.c>

Code was added after this line:

	err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, node_perm, NULL, &ad);

without adding an explicit check of 'err', which was previously returned
from the function rather than being checked.  i.e. it would drop through
to:

	out:	
 		return err;

 	}

With the new code added, err can (and typically would) be overwritten with 
a successful value, causing the permission check to not deny permission if 
needed.  The intended denial would have been logged.

The patch below fixes this problem.
parent e9c7ac4a
...@@ -3039,6 +3039,8 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) ...@@ -3039,6 +3039,8 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
goto out; goto out;
err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, node_perm, NULL, &ad); err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, node_perm, NULL, &ad);
if (err)
goto out;
if (recv_perm) { if (recv_perm) {
u32 port_sid; u32 port_sid;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment