From patchwork Fri Mar 2 19:54:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 10255651 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 822516037F for ; Fri, 2 Mar 2018 19:55:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 744562845E for ; Fri, 2 Mar 2018 19:55:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 68BF82846D; Fri, 2 Mar 2018 19:55:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 574662845E for ; Fri, 2 Mar 2018 19:55:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932489AbeCBTzU (ORCPT ); Fri, 2 Mar 2018 14:55:20 -0500 Received: from rgout0804.bt.lon5.cpcloud.co.uk ([65.20.0.151]:11623 "EHLO rgout0804.bt.lon5.cpcloud.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932387AbeCBTyt (ORCPT ); Fri, 2 Mar 2018 14:54:49 -0500 X-OWM-Source-IP: 86.134.48.2 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-RazorGate-Vade-Classification: clean X-RazorGate-Vade-Verdict: clean 0 X-VadeSecure-score: verdict=clean score=0/300, class=clean X-SNCR-VADESECURE: CLEAN X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedtfedrieelgdduvdelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuueftkffvkffujffvgffngfevqffopdfqfgfvnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffosedttdertdertddtnecuhfhrohhmpeftihgthhgrrhguucfjrghinhgvshcuoehrihgthhgrrhgupggtpghhrghinhgvshessghtihhnthgvrhhnvghtrdgtohhmqeenucfkphepkeeirddufeegrdegkedrvdenucfrrghrrghmpehhvghloheplhhotggrlhhhohhsthdrlhhotggrlhguohhmrghinhdpihhnvghtpeekiedrudefgedrgeekrddvpdhmrghilhhfrhhomhepoehrihgthhgrrhgupggtpghhrghinhgvshessghtihhnthgv Received: from localhost.localdomain (86.134.48.2) by rgout08.bt.lon5.cpcloud.co.uk (9.0.019.21-1) (authenticated as richard_c_haines@btinternet.com) id 5A5E200C0CFFF2CD; Fri, 2 Mar 2018 19:54:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1520020489; bh=El2gEwXqjkXIbQgCsCBD58bl6j7T/wqdVqd7nctWQME=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=VFjwoKWWIUks01VRbsPPIekMI81hSUuesJ90/5FBxU76eE539xB+P0KivEOyzJRQv1rmHx28mkTowj4o7nU8EdL5buFKRzbfHrD5I1NYjLbuKtsFdEAZoeoKlqknzXtb6MZrLxQ1m1ynwMqjIjcizcUcMk7sgLP7TP8lKQMzRAk= From: Richard Haines To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-sctp@vger.kernel.org, linux-security-module@vger.kernel.org Cc: paul@paul-moore.com, vyasevich@gmail.com, nhorman@tuxdriver.com, sds@tycho.nsa.gov, eparis@parisplace.org, marcelo.leitner@gmail.com, casey@schaufler-ca.com, jmorris@namei.org, anders.roxell@linaro.org, Richard Haines Subject: [PATCH] selinux: Fix ltp test connect-syscall failure Date: Fri, 2 Mar 2018 19:54:34 +0000 Message-Id: <20180302195434.15435-1-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.14.3 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Fix the following error when running regression tests using LTP as follows: cd /opt/ltp/ cat runtest/syscalls |grep connect01>runtest/connect-syscall ./runltp -pq -f connect-syscall Running tests....... connect01 1 TPASS : bad file descriptor successful connect01 2 TPASS : invalid socket buffer successful connect01 3 TPASS : invalid salen successful connect01 4 TPASS : invalid socket successful connect01 5 TPASS : already connected successful connect01 6 TPASS : connection refused successful connect01 7 TFAIL : connect01.c:146: invalid address family ; returned -1 (expected -1), errno 22 (expected 97) INFO: ltp-pan reported some tests FAIL LTP Version: 20180118 Reported-by: Anders Roxell Signed-off-by: Richard Haines Reviewed-by: Marcelo Ricardo Leitner --- security/selinux/hooks.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 28a5c4e..d614df1 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4470,22 +4470,29 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in * need to check address->sa_family as it is possible to have * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. */ - if (address->sa_family == AF_INET) { - if (addrlen < sizeof(struct sockaddr_in)) { - err = -EINVAL; - goto out; - } + switch (address->sa_family) { + case AF_INET: + if (addrlen < sizeof(struct sockaddr_in)) + return -EINVAL; addr4 = (struct sockaddr_in *)address; snum = ntohs(addr4->sin_port); addrp = (char *)&addr4->sin_addr.s_addr; - } else { - if (addrlen < SIN6_LEN_RFC2133) { - err = -EINVAL; - goto out; - } + break; + case AF_INET6: + if (addrlen < SIN6_LEN_RFC2133) + return -EINVAL; addr6 = (struct sockaddr_in6 *)address; snum = ntohs(addr6->sin6_port); addrp = (char *)&addr6->sin6_addr.s6_addr; + break; + default: + /* Note that SCTP services expect -EINVAL, whereas + * others expect -EAFNOSUPPORT. + */ + if (sksec->sclass == SECCLASS_SCTP_SOCKET) + return -EINVAL; + else + return -EAFNOSUPPORT; } if (snum) { @@ -4589,16 +4596,27 @@ static int selinux_socket_connect_helper(struct socket *sock, * need to check address->sa_family as it is possible to have * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET. */ - if (address->sa_family == AF_INET) { + switch (address->sa_family) { + case AF_INET: addr4 = (struct sockaddr_in *)address; if (addrlen < sizeof(struct sockaddr_in)) return -EINVAL; snum = ntohs(addr4->sin_port); - } else { + break; + case AF_INET6: addr6 = (struct sockaddr_in6 *)address; if (addrlen < SIN6_LEN_RFC2133) return -EINVAL; snum = ntohs(addr6->sin6_port); + break; + default: + /* Note that SCTP services expect -EINVAL, whereas + * others expect -EAFNOSUPPORT. + */ + if (sksec->sclass == SECCLASS_SCTP_SOCKET) + return -EINVAL; + else + return -EAFNOSUPPORT; } err = sel_netport_sid(sk->sk_protocol, snum, &sid);