From patchwork Wed Jul 18 07:01:46 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Piotr Sawicki <p.sawicki2@partner.samsung.com>
X-Patchwork-Id: 10531429
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	34DD7600F4
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 18 Jul 2018 07:01:56 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1F4B5212D8
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 18 Jul 2018 07:01:56 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 0F4EA2848B; Wed, 18 Jul 2018 07:01:56 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	FORGED_MUA_MOZILLA, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ECFEF212D8
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 18 Jul 2018 07:01:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1725975AbeGRHiP (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Wed, 18 Jul 2018 03:38:15 -0400
Received: from mailout2.w1.samsung.com ([210.118.77.12]:50786 "EHLO
	mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1725974AbeGRHiP (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Wed, 18 Jul 2018 03:38:15 -0400
Received: from eucas1p2.samsung.com (unknown [182.198.249.207])
	by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id
	20180718070151euoutp02e072ce7eb4782ad9e24a2a681ba2d863~CZHz15t_m1155211552euoutp02q
	for <linux-security-module@vger.kernel.org>;
	Wed, 18 Jul 2018 07:01:51 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com
	20180718070151euoutp02e072ce7eb4782ad9e24a2a681ba2d863~CZHz15t_m1155211552euoutp02q
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com;
	s=mail20170921; t=1531897311;
	bh=9Y0tUmXn1WjPI+HXEzN3NMqthz5OBr+EuP6+5GGhlus=;
	h=From:Subject:To:Date:References:From;
	b=u+vQ3ZrtdUFhKzQMgONe+WxmnoTCV0DoKTOeEjSQ/5neU8D+9ivQPhjLIArp6Ohis
	JQjwiraBwVTkw4IusYBpJLK614mMaGn3AnnGxYflk1m+5xBH6cz2v3vKkpvxC2K+6A
	mATeJkM68dkcHHljd7vqBLoJGzWzk/Hz7hbwWJxc=
Received: from eusmges2new.samsung.com (unknown [203.254.199.244]) by
	eucas1p1.samsung.com (KnoxPortal) with ESMTP id
	20180718070150eucas1p1623d5c8de9440d19c35b841c66089ff3~CZHy6G-zH0148701487eucas1p1b;
	Wed, 18 Jul 2018 07:01:50 +0000 (GMT)
Received: from eucas1p1.samsung.com ( [182.198.249.206]) by
	eusmges2new.samsung.com (EUCPMTA) with SMTP id EC.72.05751.DD5EE4B5;
	Wed, 18 Jul 2018 08:01:49 +0100 (BST)
Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by
	eucas1p1.samsung.com (KnoxPortal) with ESMTPA id
	20180718070149eucas1p1786f17e073ca72ae39a62bd4e82aa778~CZHyDgs-U0818808188eucas1p1c;
	Wed, 18 Jul 2018 07:01:49 +0000 (GMT)
Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by
	eusmtrp1.samsung.com (KnoxPortal) with ESMTP id
	20180718070148eusmtrp163b31a04b0d52de6f623372e22f04aba~CZHxzZj5K0983909839eusmtrp1k;
	Wed, 18 Jul 2018 07:01:48 +0000 (GMT)
X-AuditID: cbfec7f4-c47ff70000001677-e7-5b4ee5dd891d
Received: from eusmtip1.samsung.com ( [203.254.199.221]) by
	eusmgms2.samsung.com (EUCPMTA) with SMTP id 42.91.04183.CD5EE4B5;
	Wed, 18 Jul 2018 08:01:48 +0100 (BST)
Received: from [106.120.51.16] (unknown [106.120.51.16]) by
	eusmtip1.samsung.com (KnoxPortal) with ESMTPA id
	20180718070148eusmtip1151d846c60b7ec3008435efc33ce011e~CZHxfjg2F3186831868eusmtip1x;
	Wed, 18 Jul 2018 07:01:48 +0000 (GMT)
From: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Subject: [PATCH v2 RFC] Smack: Fix handling of IPv4 traffic received by
	PF_INET6 sockets
To: LSM <linux-security-module@vger.kernel.org>,
	Casey Schaufler <casey@schaufler-ca.com>, jmorris@namei.org,
	serge@hallyn.com,
	"SMACK-discuss@lists.01.org" <SMACK-discuss@lists.01.org>,
	Piotr Sawicki <p.sawicki2@partner.samsung.com>
Newsgroups: gmane.linux.kernel.lsm
X-Mozilla-News-Host: news://news.gmane.org
Date: Wed, 18 Jul 2018 09:01:46 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.9.1
MIME-Version: 1.0
Content-Language: en-US
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFlrBKsWRmVeSWpSXmKPExsWy7djPc7p3n/pFG7Qe0LO4t+0Xm8W69YuZ
	LD70PGKzeP9qAavF+Qvn2C2uLt3I7sDmcW13pEf37H8sHj3fkz0OvtvD5HF0/yI2j8+b5ALY
	orhsUlJzMstSi/TtErgy+p6eZyvoEq1o+t3M3MDYLNjFyMEhIWAicayjvIuRi0NIYAWjxMMT
	29khnC+MEpt2n2WCcD4zSqya8J21i5ETrOPm581sEInljBITJmxjgXDeMkp8njWFDaSKDaiq
	Z91PFhBbWCBKYuLxI2CjRATeM0rsWbIQbBSfgJLEvTd/oMZqSZzauROsgUVAVWLC+3uMILao
	QITEkQcLwWxeAUGJkzOfgNUwC4hL3HoynwnClpfY/nYOM8gCCYF57BIvl3eyQTSUSdx5tY8J
	YoGLROP/1cwQtrDEq+Nb2CFsGYnTk3tYIOx6id71x9ggBvUwSrRunccGkbCW+DxpCzMoyJgF
	NCXW79KHCDtKHJrZyggJST6JG28FIe7hk5i0bTozRJhXoqNNCKJaR+JN3xIWiLCUxKLuvAmM
	SrOQPDYLyWOzkDw2C2HtAkaWVYziqaXFuempxUZ5qeV6xYm5xaV56XrJ+bmbGIHp5/S/4192
	MO76k3SIUYCDUYmH98B/32gh1sSy4srcQ4wSHMxKIrxHPwCFeFMSK6tSi/Lji0pzUosPMUpz
	sCiJ88Zp1EUJCaQnlqRmp6YWpBbBZJk4OKUaGLcn2lfMmidgyBxUwlJr/0RgX9H6eXk1Qanu
	s7XqzU+umrj8su1UiwlfX3YtEn663uHgY46dc5beV/70KMjXPbL9V+/VuP2femo1BTUrvGq5
	dJ1UmjJE1PVF+rMOv3ComFPPNjOi0DRO3eBqfAinsKpVRrzY9LCW9bE/Pwsu05iZ8fTRtKf7
	lFiKMxINtZiLihMBhhSd2zsDAAA=
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFtrAIsWRmVeSWpSXmKPExsVy+t/xu7p3nvpFGyy9Ympxb9svNot16xcz
	WXzoecRm8f7VAlaL8xfOsVtcXbqR3YHN49ruSI/u2f9YPHq+J3scfLeHyePo/kVsHp83yQWw
	RenZFOWXlqQqZOQXl9gqRRtaGOkZWlroGZlY6hkam8daGZkq6dvZpKTmZJalFunbJehl9D09
	z1bQJVrR9LuZuYGxWbCLkZNDQsBE4ubnzWxdjFwcQgJLGSV27b7DBJGQkpj7by87hC0s8eda
	F1TRa0aJDRengBWxAXX3rPvJAmILC0RJTDx+hAmkSETgPaPE9su7WUESfAJKEvfe/GGFmKQl
	cWrnTrAGXgE3icbmV4wgNouAqsSE9/fAbFGBCInVy1+wQtQISpyc+QSsnlnATGLe5ofMELa4
	xK0n85kgbHmJ7W/nME9gFJyFpGUWkpZZSFpmIWlZwMiyilEktbQ4Nz232EivODG3uDQvXS85
	P3cTIzC2th37uWUHY9e74EOMAhyMSjy8B/77RguxJpYVV+YeYpTgYFYS4T36ASjEm5JYWZVa
	lB9fVJqTWnyI0RTooYnMUqLJ+cC4zyuJNzQ1NLewNDQ3Njc2s1AS5z1vUBklJJCeWJKanZpa
	kFoE08fEwSnVwBi4ZZp6b42ll3fH6p59llpJ33p6RcozInZJqum3tK/V5lj+55p52A9B8Rcn
	JZudMr8777i5/JCi8MyyqGXtlcr/bl4wX305wV6J6dueC0oiX+uNnKcl8PeduF8mtOB53U63
	nBu7ee9+LjA0ef1W9VLSscuyj765S1gLe6apL1QOZLin6LCxV4mlOCPRUIu5qDgRAOS22rLD
	AgAA
Message-Id: 
 <20180718070149eucas1p1786f17e073ca72ae39a62bd4e82aa778~CZHyDgs-U0818808188eucas1p1c@eucas1p1.samsung.com>
X-CMS-MailID: 20180718070149eucas1p1786f17e073ca72ae39a62bd4e82aa778
X-Msg-Generator: CA
X-RootMTR: 20180718070149eucas1p1786f17e073ca72ae39a62bd4e82aa778
X-EPHeader: CA
CMS-TYPE: 201P
X-CMS-RootMailID: 20180718070149eucas1p1786f17e073ca72ae39a62bd4e82aa778
References: 
 <CGME20180718070149eucas1p1786f17e073ca72ae39a62bd4e82aa778@eucas1p1.samsung.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

A socket which has sk_family set to PF_INET6 is able to receive not
only IPv6 but also IPv4 traffic (IPv4-mapped IPv6 addresses).

Prior to this patch, the smk_skb_to_addr_ipv6() could have been
called for socket buffers containing IPv4 packets, in result such
traffic was allowed.

Signed-off-by: Piotr Sawicki <p.sawicki2@partner.samsung.com>
---
  security/smack/smack_lsm.c | 14 +++++++++-----
  1 file changed, 9 insertions(+), 5 deletions(-)

  		/*
@@ -3950,7 +3954,7 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  		 */
  		netlbl_secattr_init(&secattr);

-		rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
+		rc = netlbl_skbuff_getattr(skb, family, &secattr);
  		if (rc == 0)
  			skp = smack_from_secattr(&secattr, ssp);
  		else
@@ -3963,7 +3967,7 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  #endif
  #ifdef CONFIG_AUDIT
  		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
-		ad.a.u.net->family = sk->sk_family;
+		ad.a.u.net->family = family;
  		ad.a.u.net->netif = skb->skb_iif;
  		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
  #endif
@@ -3977,7 +3981,7 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
  					MAY_WRITE, rc);
  		if (rc != 0)
-			netlbl_skbuff_err(skb, sk->sk_family, rc, 0);
+			netlbl_skbuff_err(skb, family, rc, 0);
  		break;
  #if IS_ENABLED(CONFIG_IPV6)
  	case PF_INET6:
@@ -3993,7 +3997,7 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  			skp = smack_net_ambient;
  #ifdef CONFIG_AUDIT
  		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
-		ad.a.u.net->family = sk->sk_family;
+		ad.a.u.net->family = family;
  		ad.a.u.net->netif = skb->skb_iif;
  		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
  #endif /* CONFIG_AUDIT */

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 19de675..8b6cd5a 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3924,15 +3924,19 @@ static int smack_socket_sock_rcv_skb(struct sock 
*sk, struct sk_buff *skb)
  	struct smack_known *skp = NULL;
  	int rc = 0;
  	struct smk_audit_info ad;
+	u16 family = sk->sk_family;
  #ifdef CONFIG_AUDIT
  	struct lsm_network_audit net;
  #endif
  #if IS_ENABLED(CONFIG_IPV6)
  	struct sockaddr_in6 sadd;
  	int proto;
+
+	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
+		family = PF_INET;
  #endif /* CONFIG_IPV6 */

-	switch (sk->sk_family) {
+	switch (family) {
  	case PF_INET:
  #ifdef CONFIG_SECURITY_SMACK_NETFILTER