From patchwork Tue Jul 10 07:05:12 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Piotr Sawicki <p.sawicki2@partner.samsung.com>
X-Patchwork-Id: 10516251
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	13B5B601D4
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Tue, 10 Jul 2018 07:05:24 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 014B328C53
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Tue, 10 Jul 2018 07:05:24 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E585428C07; Tue, 10 Jul 2018 07:05:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	FORGED_MUA_MOZILLA, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C0D9628C07
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Tue, 10 Jul 2018 07:05:22 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750998AbeGJHFV (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Tue, 10 Jul 2018 03:05:21 -0400
Received: from mailout1.w1.samsung.com ([210.118.77.11]:47342 "EHLO
	mailout1.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750985AbeGJHFS (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Tue, 10 Jul 2018 03:05:18 -0400
Received: from eucas1p1.samsung.com (unknown [182.198.249.206])
	by mailout1.w1.samsung.com (KnoxPortal) with ESMTP id
	20180710070516euoutp01c0c05cecbcb4b0405cef424bc837ec45~-8AhBUGla1419814198euoutp01V
	for <linux-security-module@vger.kernel.org>;
	Tue, 10 Jul 2018 07:05:16 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com
	20180710070516euoutp01c0c05cecbcb4b0405cef424bc837ec45~-8AhBUGla1419814198euoutp01V
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com;
	s=mail20170921; t=1531206316;
	bh=dDuThzKdmFsDu6+dNnIhFTAXmMlMRQyojISCgUiI3SI=;
	h=From:Subject:To:Date:References:From;
	b=FmJsqhgVeevcnqk3yUjDQ0PWtPI+IPZ2kxcMPd29uNLD03IYCQjxOhyGJQ2fmTFn8
	FS14KYnDOieoUaDWhNOFrY5rGAaV5tkILPcOvAdwBFtfnd/PaUjF+5rBLdnB9qWJuT
	IyZEMAwRAZsoJZpi38U5zyPz4eZvgPMBPif4smSA=
Received: from eusmges3new.samsung.com (unknown [203.254.199.245]) by
	eucas1p2.samsung.com (KnoxPortal) with ESMTP id
	20180710070515eucas1p2a6cd5d36835c913c1a8db3e2331c716e~-8AgZHWOS2735127351eucas1p2g;
	Tue, 10 Jul 2018 07:05:15 +0000 (GMT)
Received: from eucas1p1.samsung.com ( [182.198.249.206]) by
	eusmges3new.samsung.com (EUCPMTA) with SMTP id EE.A0.10409.BAA544B5;
	Tue, 10 Jul 2018 08:05:15 +0100 (BST)
Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by
	eucas1p1.samsung.com (KnoxPortal) with ESMTPA id
	20180710070515eucas1p1dddc12cc44c820971809a242e8cee106~-8AfqiO9s0149301493eucas1p1h;
	Tue, 10 Jul 2018 07:05:15 +0000 (GMT)
Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by
	eusmtrp1.samsung.com (KnoxPortal) with ESMTP id
	20180710070514eusmtrp120358266d26644faf4cde94a42610a8c~-8Afay3n60762507625eusmtrp1C;
	Tue, 10 Jul 2018 07:05:14 +0000 (GMT)
X-AuditID: cbfec7f5-b45ff700000028a9-14-5b445aab48ae
Received: from eusmtip2.samsung.com ( [203.254.199.222]) by
	eusmgms2.samsung.com (EUCPMTA) with SMTP id 00.E1.04183.AAA544B5;
	Tue, 10 Jul 2018 08:05:14 +0100 (BST)
Received: from [106.120.51.16] (unknown [106.120.51.16]) by
	eusmtip2.samsung.com (KnoxPortal) with ESMTPA id
	20180710070514eusmtip2bfcca2fc630deba6fc852eb4c9c516a0~-8AfGZs0u1053310533eusmtip2b;
	Tue, 10 Jul 2018 07:05:14 +0000 (GMT)
From: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Subject: [PATCH RFC] Smack: Fix handling of IPv4 traffic received by
	PF_INET6 sockets
To: linux-security-module@vger.kernel.org,
	Casey Schaufler <casey@schaufler-ca.com>, jmorris@namei.org,
	serge@hallyn.com,
	"SMACK-discuss@lists.01.org" <SMACK-discuss@lists.01.org>
Newsgroups: gmane.linux.kernel.lsm
X-Mozilla-News-Host: news://news.gmane.org
Date: Tue, 10 Jul 2018 09:05:12 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.8.0
MIME-Version: 1.0
Content-Language: en-US
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFprLKsWRmVeSWpSXmKPExsWy7djPc7qro1yiDe5tVrW4t+0Xm8W69YuZ
	LD70PGKzOH/hHLvF1aUb2R1YPa7tjvTonv2PxaPne7LH0f2L2Dw+b5ILYI3isklJzcksSy3S
	t0vgyrj2poWx4ItgxYOdH9kbGLfxdTFyckgImEgc2/2TpYuRi0NIYAWjxOaNa9khnC+MEt2H
	tjFCOJ8ZJeZ132SDadnRcQTMFhJYzijxZmkERNFbRonpa64xgSTYgIp61oHM5eQQFgiX+Hmj
	hw2kSERgO6PEp6sL2UESfAJKEvfe/GGFmKolcWrnTrAGFgFVib19X8E2iApESGyc8IkZxOYV
	EJQ4OfMJWA2zgLjErSfzmSBseYntb+cwgyyQEOhml3h99g8TREOZxNKXM4EGcQAlXCReHPCA
	2CUs8er4FnYIW0bi9OQeFgi7XqJ3/TE2iDk9jBKtW+dBvWwt8XnSFmaQOcwCmhLrd+lDhB0l
	bpx4wwgxnk/ixltBiHP4JCZtm84MEeaV6GgTgqjWkXjTt4QFIiwlsag7bwKj0iwkf81C8tcs
	JH/NQli7gJFlFaN4amlxbnpqsXFearlecWJucWleul5yfu4mRmCiOf3v+NcdjPv+JB1iFOBg
	VOLh3ZDqHC3EmlhWXJl7iFGCg1lJhNcgByjEm5JYWZValB9fVJqTWnyIUZqDRUmcN06jLkpI
	ID2xJDU7NbUgtQgmy8TBKdXAqLlm+uPXi/kfmKUls3H0WkVJ+XWxTX7xLXzh4vMuahdq+26o
	edx8fji39UsB22vdHwc49D88OzP3w7rFWXuaWQX8GEJv2e/sXmT8IO7OCkNWfZ5Xm/IN5TaE
	XQmdsWJ25aTvsflKE1uOHAz58UmNM4HHqjj5ZvncmXJMTw86eS6X7vf6NOvyEiWW4oxEQy3m
	ouJEAOKrtMgwAwAA
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsVy+t/xe7qrolyiDaZt1re4t+0Xm8W69YuZ
	LD70PGKzOH/hHLvF1aUb2R1YPa7tjvTonv2PxaPne7LH0f2L2Dw+b5ILYI3SsynKLy1JVcjI
	Ly6xVYo2tDDSM7S00DMysdQzNDaPtTIyVdK3s0lJzcksSy3St0vQy7j2poWx4ItgxYOdH9kb
	GLfxdTFyckgImEjs6DjC1sXIxSEksJRR4s3UCawQCSmJuf/2skPYwhJ/rnVBFb1mlOiY+Qws
	wQbU3bPuJwuILSwQLnH11FRWkCIRge2MEk9bW5hAEnwCShL33vyBmqolcWrnTrAGXgE3iQuf
	VrKB2CwCqhJ7+76C2aICERJN89awQ9QISpyc+QSsnlnATGLe5ofMELa4xK0n85kgbHmJ7W/n
	ME9gFJyFpGUWkpZZSFpmIWlZwMiyilEktbQ4Nz232EivODG3uDQvXS85P3cTIzCOth37uWUH
	Y9e74EOMAhyMSjy8G1Kdo4VYE8uKK3MPMUpwMCuJ8BrkAIV4UxIrq1KL8uOLSnNSiw8xmgI9
	NJFZSjQ5HxjjeSXxhqaG5haWhubG5sZmFkrivOcNKqOEBNITS1KzU1MLUotg+pg4OKUaGO37
	eTKnOwa5MnYf5z5y0H22/8P5Yct9Ik09bVlDOZqtFicl6JdPyn0hwmx09fjiT6eqEn0005YJ
	PRRJTrBSuuys6PBj4u/nImLt1q5epyp8Hy7zu5O1jGX3mSsO0ueymbsNNaxsjO9ceNfwYlVo
	Q71h40M7g6g3CU0b488U1e9/tX6azmMXJZbijERDLeai4kQAGQNxWbkCAAA=
Message-Id: 
 <20180710070515eucas1p1dddc12cc44c820971809a242e8cee106~-8AfqiO9s0149301493eucas1p1h@eucas1p1.samsung.com>
X-CMS-MailID: 20180710070515eucas1p1dddc12cc44c820971809a242e8cee106
X-Msg-Generator: CA
X-RootMTR: 20180710070515eucas1p1dddc12cc44c820971809a242e8cee106
X-EPHeader: CA
CMS-TYPE: 201P
X-CMS-RootMailID: 20180710070515eucas1p1dddc12cc44c820971809a242e8cee106
References: 
 <CGME20180710070515eucas1p1dddc12cc44c820971809a242e8cee106@eucas1p1.samsung.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

A socket which has sk_family set to PF_INET6 is able to receive not
only IPv6 but also IPv4 traffic (IPv4-mapped IPv6 addresses).

Prior to this patch, the smk_skb_to_addr_ipv6() could have been
called for socket buffers containing IPv4 packets, in result such
traffic was allowed.

Signed-off-by: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com
---
  security/smack/smack_lsm.c | 12 ++++++++----
  1 file changed, 8 insertions(+), 4 deletions(-)

  		/*
@@ -3950,7 +3954,7 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  		 */
  		netlbl_secattr_init(&secattr);

-		rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
+		rc = netlbl_skbuff_getattr(skb, family, &secattr);
  		if (rc == 0)
  			skp = smack_from_secattr(&secattr, ssp);
  		else
@@ -3963,7 +3967,7 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  #endif
  #ifdef CONFIG_AUDIT
  		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
-		ad.a.u.net->family = sk->sk_family;
+		ad.a.u.net->family = family;
  		ad.a.u.net->netif = skb->skb_iif;
  		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
  #endif
@@ -3977,7 +3981,7 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
  					MAY_WRITE, rc);
  		if (rc != 0)
-			netlbl_skbuff_err(skb, sk->sk_family, rc, 0);
+			netlbl_skbuff_err(skb, family, rc, 0);
  		break;
  #if IS_ENABLED(CONFIG_IPV6)
  	case PF_INET6:

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 19de675..1315de4 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3924,15 +3924,19 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  	struct smack_known *skp = NULL;
  	int rc = 0;
  	struct smk_audit_info ad;
+	u16 family = sk->sk_family;
  #ifdef CONFIG_AUDIT
  	struct lsm_network_audit net;
  #endif
  #if IS_ENABLED(CONFIG_IPV6)
  	struct sockaddr_in6 sadd;
  	int proto;
+
+	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
+		family = PF_INET;
  #endif /* CONFIG_IPV6 */

-	switch (sk->sk_family) {
+	switch (family) {
  	case PF_INET:
  #ifdef CONFIG_SECURITY_SMACK_NETFILTER