Commit d7f59dc4 authored by Paul Moore's avatar Paul Moore Committed by James Morris

selinux: Fix a panic in selinux_netlbl_inode_permission()

Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission()
caused by a certain sequence of SUNRPC operations.  The problem appears to be
due to the lack of NULL pointer checking in the function; this patch adds the
pointer checks so the function will exit safely in the cases where the socket
is not completely initialized.
Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 778ef1e6
...@@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) ...@@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
if (!S_ISSOCK(inode->i_mode) || if (!S_ISSOCK(inode->i_mode) ||
((mask & (MAY_WRITE | MAY_APPEND)) == 0)) ((mask & (MAY_WRITE | MAY_APPEND)) == 0))
return 0; return 0;
sock = SOCKET_I(inode); sock = SOCKET_I(inode);
sk = sock->sk; sk = sock->sk;
if (sk == NULL)
return 0;
sksec = sk->sk_security; sksec = sk->sk_security;
if (sksec->nlbl_state != NLBL_REQUIRE) if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE)
return 0; return 0;
local_bh_disable(); local_bh_disable();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment