From patchwork Wed Jul 18 10:52:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Piotr Sawicki X-Patchwork-Id: 10532061 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9EF1A600F4 for ; Wed, 18 Jul 2018 10:52:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9C4B328F85 for ; Wed, 18 Jul 2018 10:52:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8F35D28F9B; Wed, 18 Jul 2018 10:52:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, FORGED_MUA_MOZILLA, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AC57828F85 for ; Wed, 18 Jul 2018 10:52:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727115AbeGRL3u (ORCPT ); Wed, 18 Jul 2018 07:29:50 -0400 Received: from mailout2.w1.samsung.com ([210.118.77.12]:43084 "EHLO mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728283AbeGRL3u (ORCPT ); Wed, 18 Jul 2018 07:29:50 -0400 Received: from eucas1p2.samsung.com (unknown [182.198.249.207]) by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id 20180718105229euoutp021391b99117d725b6f729a686b7c38b98~CcRMJzJrb0094300943euoutp02j for ; Wed, 18 Jul 2018 10:52:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com 20180718105229euoutp021391b99117d725b6f729a686b7c38b98~CcRMJzJrb0094300943euoutp02j DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1531911149; bh=Fz6vjbAxZOXcvCjGD26flXMCSmD08WkkL6dW5dfFl8Q=; h=From:Subject:To:Date:References:From; b=vN9Q+EThIs/w1qzR4vKE3B1bY2zIA9wnh5ozfvvcVE+msiw8+twhHQsBTIg7bPdl4 m8aqxSxljbuLW9e6LBAGRY639w9yRsMyLcuch5osDyeJU9w0szS77jxYhTEhZPW0oI L8oRVbxMNbIW72pCOhok/d0h6s4fHJ3lSXsDUz70= Received: from eusmges3new.samsung.com (unknown [203.254.199.245]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20180718105228eucas1p2e02cd6af74cdc6b29c43bd725fddc726~CcRLVOveU3044230442eucas1p2-; Wed, 18 Jul 2018 10:52:28 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges3new.samsung.com (EUCPMTA) with SMTP id 1D.36.61560.CEB1F4B5; Wed, 18 Jul 2018 11:52:28 +0100 (BST) Received: from eusmtrp2.samsung.com (unknown [182.198.249.139]) by eucas1p2.samsung.com (KnoxPortal) with ESMTPA id 20180718105227eucas1p2ac93ac9074cb916dea20b9343b32e2ed~CcRKQY2rC3014030140eucas1p2I; Wed, 18 Jul 2018 10:52:27 +0000 (GMT) Received: from eusmgms1.samsung.com (unknown [182.198.249.179]) by eusmtrp2.samsung.com (KnoxPortal) with ESMTP id 20180718105227eusmtrp29b8f2852db5d228a88c5d0e7b58add45~CcRKAdqeV2586025860eusmtrp2t; Wed, 18 Jul 2018 10:52:27 +0000 (GMT) X-AuditID: cbfec7f5-207ff7000002f078-2b-5b4f1bec3d0e Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms1.samsung.com (EUCPMTA) with SMTP id F1.F3.04178.BEB1F4B5; Wed, 18 Jul 2018 11:52:27 +0100 (BST) Received: from [106.120.51.16] (unknown [106.120.51.16]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20180718105227eusmtip22c1de03d54543fede576a41b4815e429~CcRJuWI5_2909329093eusmtip2v; Wed, 18 Jul 2018 10:52:27 +0000 (GMT) From: Piotr Sawicki Subject: [PATCH v3 RFC] Smack: Check UDP-Lite and DCCP protocols during IPv6 handling To: LSM , Casey Schaufler , jmorris@namei.org, serge@hallyn.com, "SMACK-discuss@lists.01.org" Newsgroups: gmane.linux.kernel.lsm X-Mozilla-News-Host: news://news.gmane.org Date: Wed, 18 Jul 2018 12:52:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOKsWRmVeSWpSXmKPExsWy7djP87pvpP2jDe7+0rC4t+0Xm8W69YuZ LD70PGKzeP9qAavF+Qvn2C2uLt3I7sDmcW13pEf37H8sHj3fkz0OvtvD5HF0/yI2j8+b5ALY orhsUlJzMstSi/TtErgyvu/7zVowg6ti0637LA2Mizm6GDk4JARMJM5uLuli5OIQEljBKLH0 Xg8LhPOFUWL2nqNsXYycQM5nRommPmMQG6Sh5+VpRoii5YwS9y/9ZIJw3gI5G7ewglSxgVSt +8kCYgsLhEtMW3WNFaRIRGAvo8SGH+/AEnwCShL33vxhhRirJXFq506wOIuAqsS1TS/YQWxR gQiJIw8WMoLYvAKCEidnPgGrYRYQl7j1ZD4ThC0vsf3tHGaQBRIC89gl5v9dxwbRUCbxZ/tp qAUuEp8nTWOEsIUlXh3fwg5hy0j83wkxSEKgXqJ3/TE2iEE9jBKtW+exQSSsgZq3MINCjFlA U2L9Ln2IsKPE47YN7JCA5JO48VYQ4h4+iUnbpjNDhHklOtqEIKp1JN70LWGBCEtJLOrOm8Co NAvJY7OQPDYLyWOzENYuYGRZxSieWlqcm55abJyXWq5XnJhbXJqXrpecn7uJEZh8Tv87/nUH 474/SYcYBTgYlXh4M/76RguxJpYVV+YeYpTgYFYS4T343i9aiDclsbIqtSg/vqg0J7X4EKM0 B4uSOG+cRl2UkEB6YklqdmpqQWoRTJaJg1OqgfHOxN43K2oYtsi4NkScUzqwcnpzeOoL+aPC /eEvK7NylphcydZ45JlqvedO3+seLV6z/+9F+Y83HiiQ5xYwPLOzVvGYTV3apa7DgkVfp0gf sj3n6loZ6MBwYvtNx51VDUJH7p5I17KaJlYX2bf10xyzD85L1Qt2LquI0+GwK/++0cTvwist eyWW4oxEQy3mouJEAJUY0+86AwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrAIsWRmVeSWpSXmKPExsVy+t/xe7qvpf2jDRZukLe4t+0Xm8W69YuZ LD70PGKzeP9qAavF+Qvn2C2uLt3I7sDmcW13pEf37H8sHj3fkz0OvtvD5HF0/yI2j8+b5ALY ovRsivJLS1IVMvKLS2yVog0tjPQMLS30jEws9QyNzWOtjEyV9O1sUlJzMstSi/TtEvQyvu/7 zVowg6ti0637LA2Mizm6GDk5JARMJHpenmbsYuTiEBJYyihx6epqJoiElMTcf3vZIWxhiT/X utggil4zSjy73cQCkmAD6V73E8wWFgiXmLbqGitIkYjAXkaJTfO6wRJ8AkoS9978YYWYpCVx audOsDivgJvEo0U9YHEWAVWJa5tegG0TFYiQWL38BStEjaDEyZlPwOqZBcwk5m1+yAxhi0vc ejKfCcKWl9j+dg7zBEbBWUhaZiFpmYWkZRaSlgWMLKsYRVJLi3PTc4sN9YoTc4tL89L1kvNz NzECY2vbsZ+bdzBe2hh8iFGAg1GJh/fAf99oIdbEsuLK3EOMEhzMSiK8B9/7RQvxpiRWVqUW 5ccXleakFh9iNAV6aCKzlGhyPjDu80riDU0NzS0sDc2NzY3NLJTEec8bVEYJCaQnlqRmp6YW pBbB9DFxcEo1MDZ03gvmzBJuUdr3/NiJvSu3R8f8lT0c2lVzxWDOzyK+aTKqDFaXuDlc6pcW ps9WCQ96mDGXR+r2r0L/A9u+/HB0ffo1IjMu69PXhO59Ak/mlzZe4YgoPbNw/hxlB/dEl/Us Rqdnh5tvazpg/XRrRE3k7UpL1S8xy+o+f7iqdXbyo8hcf43zDEosxRmJhlrMRcWJAGNSJTLD AgAA Message-Id: <20180718105227eucas1p2ac93ac9074cb916dea20b9343b32e2ed~CcRKQY2rC3014030140eucas1p2I@eucas1p2.samsung.com> X-CMS-MailID: 20180718105227eucas1p2ac93ac9074cb916dea20b9343b32e2ed X-Msg-Generator: CA X-RootMTR: 20180718105227eucas1p2ac93ac9074cb916dea20b9343b32e2ed X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20180718105227eucas1p2ac93ac9074cb916dea20b9343b32e2ed References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The smack_socket_sock_rcv_skb() function is checking smack labels only for UDP and TCP frames carried in IPv6 packets. From now on, it is able also to handle UDP-Lite and DCCP protocols. Signed-off-by: Piotr Sawicki --- security/smack/smack_lsm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) sip->sin6_port = uh->source; @@ -3986,7 +3987,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) #if IS_ENABLED(CONFIG_IPV6) case PF_INET6: proto = smk_skb_to_addr_ipv6(skb, &sadd); - if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) + if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && + proto != IPPROTO_TCP && proto != IPPROTO_DCCP) break; #ifdef SMACK_IPV6_SECMARK_LABELING if (skb && skb->secmark != 0) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 8b6cd5a..c2282ac 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3896,6 +3896,7 @@ static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) sip->sin6_port = th->source; break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); if (uh != NULL)