projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4e328b0)
Smack: Fix IPv6 handling of 0 secmark
authorCasey Schaufler <casey@schaufler-ca.com>
Wed, 3 Apr 2019 21:28:38 +0000 (14:28 -0700)
committerCasey Schaufler <casey@schaufler-ca.com>
Wed, 3 Apr 2019 21:28:38 +0000 (14:28 -0700)
Handle the case where the skb for an IPv6 packet contains
a 0 in the secmark for a packet generated locally. This
can only happen for system packets, so allow the access.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c patch | blob | history

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index bd45c91..b9abcdb 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3907,6 +3907,8 @@ access_check:
 #ifdef SMACK_IPV6_SECMARK_LABELING
                if (skb && skb->secmark != 0)
                        skp = smack_from_secid(skb->secmark);
+               else if (smk_ipv6_localhost(&sadd))
+                       break;
                else
                        skp = smack_ipv6host_label(&sadd);
                if (skp == NULL)