From patchwork Thu Jul 19 09:42:58 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Piotr Sawicki <p.sawicki2@partner.samsung.com>
X-Patchwork-Id: 10534007
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	5E14F600D0
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Thu, 19 Jul 2018 09:43:05 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A36B25826
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Thu, 19 Jul 2018 09:43:05 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3E84929455; Thu, 19 Jul 2018 09:43:05 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	FORGED_MUA_MOZILLA, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6D80725826
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Thu, 19 Jul 2018 09:43:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728087AbeGSKZW (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Thu, 19 Jul 2018 06:25:22 -0400
Received: from mailout2.w1.samsung.com ([210.118.77.12]:36069 "EHLO
	mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726724AbeGSKZW (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Thu, 19 Jul 2018 06:25:22 -0400
Received: from eucas1p1.samsung.com (unknown [182.198.249.206])
	by mailout2.w1.samsung.com (KnoxPortal) with ESMTP id
	20180719094301euoutp0246deaf719f4d5ce4499f460578458b71~Cu90kFGUv2664226642euoutp02Z
	for <linux-security-module@vger.kernel.org>;
	Thu, 19 Jul 2018 09:43:01 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 mailout2.w1.samsung.com
	20180719094301euoutp0246deaf719f4d5ce4499f460578458b71~Cu90kFGUv2664226642euoutp02Z
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com;
	s=mail20170921; t=1531993381;
	bh=4eAQttEq4ag7B6GNzebLjld3FaaUQOlzPcNTTiF06Y8=;
	h=From:Subject:To:Date:References:From;
	b=An9fTs+WIwtz0DE8n4j4QEwh40leF9mRKYVjhOa91THnKu3wjrYpOu1HUaWpnrf7t
	3SPTNzl/E850EQy5J8pW3bA//AL5XOduN5U6Lf1UzxJ4Ws1z6oEQv50wiZMXkCr5Lv
	ytQI55/Z9xGUvCcUw6erSn7LGlXViteF3lFbXeSI=
Received: from eusmges3new.samsung.com (unknown [203.254.199.245]) by
	eucas1p2.samsung.com (KnoxPortal) with ESMTP id
	20180719094300eucas1p2066712980997efdeffb7b0a71ad58d19~Cu9zsJzlu2526225262eucas1p2S;
	Thu, 19 Jul 2018 09:43:00 +0000 (GMT)
Received: from eucas1p1.samsung.com ( [182.198.249.206]) by
	eusmges3new.samsung.com (EUCPMTA) with SMTP id 89.C8.61560.42D505B5;
	Thu, 19 Jul 2018 10:43:00 +0100 (BST)
Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by
	eucas1p1.samsung.com (KnoxPortal) with ESMTPA id
	20180719094259eucas1p19513e434a8440d344934c4fe70281c9d~Cu9y7ZvVv2974129741eucas1p18;
	Thu, 19 Jul 2018 09:42:59 +0000 (GMT)
Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by
	eusmtrp1.samsung.com (KnoxPortal) with ESMTP id
	20180719094259eusmtrp1019c346deaddb5eaa6136456ae6ee507~Cu9ys7FNe1739217392eusmtrp1S;
	Thu, 19 Jul 2018 09:42:59 +0000 (GMT)
X-AuditID: cbfec7f5-1edff7000002f078-5b-5b505d2483b7
Received: from eusmtip1.samsung.com ( [203.254.199.221]) by
	eusmgms2.samsung.com (EUCPMTA) with SMTP id 36.F2.04183.32D505B5;
	Thu, 19 Jul 2018 10:42:59 +0100 (BST)
Received: from [106.120.51.16] (unknown [106.120.51.16]) by
	eusmtip1.samsung.com (KnoxPortal) with ESMTPA id
	20180719094259eusmtip116f3547daa1055b835a8e3a7c773206a~Cu9yapXq31841518415eusmtip1R;
	Thu, 19 Jul 2018 09:42:59 +0000 (GMT)
From: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Subject: [PATCH v3 RFC] Smack: Fix handling of IPv4 traffic received by
	PF_INET6 sockets
To: LSM <linux-security-module@vger.kernel.org>,
	Casey Schaufler <casey@schaufler-ca.com>, jmorris@namei.org,
	serge@hallyn.com,
	"SMACK-discuss@lists.01.org" <SMACK-discuss@lists.01.org>
Date: Thu, 19 Jul 2018 11:42:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.9.1
MIME-Version: 1.0
Content-Language: en-US
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFlrOKsWRmVeSWpSXmKPExsWy7djPc7oqsQHRBv3TZC3ubfvFZrFu/WIm
	iw89j9gs3r9awGpx/sI5dourSzeyO7B5XNsd6dE9+x+LR8/3ZI+D7/YweRzdv4jN4/MmuQC2
	KC6blNSczLLUIn27BK6MeV/SC6aLVey/dI29gXG6UBcjB4eEgInE04b6LkYuDiGBFYwSD1u/
	MkE4XxglTk3bxALhfGaUeN68HijDCdax6vlyRojEckaJ7tk/oFreMkosaVrCBlLFBlTVs+4n
	C4gtLBAlMfvFNbAiEYG9jBIbfrwDS7AIqEp0bvnGCmKLCkRIHHmwkBHE5hUQlDg58wlYDbOA
	uMStJ/OZIGx5ie1v5zCDDJIQaGeX2LxoOTtEQ5nE8sXHoO5zkVj+6gsjhC0s8er4FnYIW0bi
	9OQeFgi7XqJ3/TE2iEE9jBKtW+exQSSsJT5P2sIMChpmAU2J9bv0IcKOEuu3XGGFhBifxI23
	ghD38ElM2jadGSLMK9HRJgRRrSPxpm8JC0RYSmJRdx5E2ENiyrfFYAcICcRKHL89kWkCo8Is
	JA/PQvLwLCQPz0I4ZwEjyypG8dTS4tz01GLjvNRyveLE3OLSvHS95PzcTYzA5HP63/GvOxj3
	/Uk6xCjAwajEw7vCKSBaiDWxrLgy9xCjBAezkgjvIw+gEG9KYmVValF+fFFpTmrxIUZpDhYl
	cd44jbooIYH0xJLU7NTUgtQimCwTB6dUA6PtU7cCF86p1vVsz+x2qQvLqHt7Xnx5Z2FJ/91b
	57ZbJa8K2M1UM1214MUJm7QIs9P9Nt65z4XMYhWNMsSOs52baOO4bFEwd8rkrRtPcz8PmtFv
	t9yhIFS24lgf6+alu9StztZ6zn85iTFaJeJOSl0fr3ul78erB8SuTd5SV3VKJu5Myn51NiWW
	4oxEQy3mouJEAJ2i46Q6AwAA
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFprGIsWRmVeSWpSXmKPExsVy+t/xu7rKsQHRBlvatC3ubfvFZrFu/WIm
	iw89j9gs3r9awGpx/sI5dourSzeyO7B5XNsd6dE9+x+LR8/3ZI+D7/YweRzdv4jN4/MmuQC2
	KD2bovzSklSFjPziElulaEMLIz1DSws9IxNLPUNj81grI1MlfTublNSczLLUIn27BL2MeV/S
	C6aLVey/dI29gXG6UBcjJ4eEgInEqufLGbsYuTiEBJYySlz5sIcRIiElMfffXnYIW1jiz7Uu
	NhBbSOA1o8SNw7kgNhtQc8+6nywgtrBAlMTsF9eYQAaJCOxllNg0rxsswSvgJrF//iImEJtF
	QFWic8s3VhBbVCBCYvXyF6wQNYISJ2c+AatnFlCX+DPvEjOELS5x68l8JghbXmL72znMExj5
	ZyFpmYWkZRaSlllIWhYwsqxiFEktLc5Nzy020itOzC0uzUvXS87P3cQIjJNtx35u2cHY9S74
	EKMAB6MSDy+Da0C0EGtiWXFl7iFGCQ5mJRHeRx5AId6UxMqq1KL8+KLSnNTiQ4ymQA9NZJYS
	Tc4HxnBeSbyhqaG5haWhubG5sZmFkjjveYPKKCGB9MSS1OzU1ILUIpg+Jg5OqQbGma+vCQSm
	nWhIZkqTeD5l3vW2wKWvG/NTZK5+Nm6zf5e0XeJFQsftIyWWzYEXJVVcM7b52rm2F1j1czkZ
	dJ1ZfSHI+8BE81P3BWa4W5ZY7ekLzan/vWXvpPuzq+2ftfvzftruIemUuv+RaVfUvL5Vr1nU
	3PUtVohpKOlUqvD+XLeJl+WIl5ASS3FGoqEWc1FxIgCkZlHXqQIAAA==
Message-Id: 
 <20180719094259eucas1p19513e434a8440d344934c4fe70281c9d~Cu9y7ZvVv2974129741eucas1p18@eucas1p1.samsung.com>
X-CMS-MailID: 20180719094259eucas1p19513e434a8440d344934c4fe70281c9d
X-Msg-Generator: CA
X-RootMTR: 20180719094259eucas1p19513e434a8440d344934c4fe70281c9d
X-EPHeader: CA
CMS-TYPE: 201P
X-CMS-RootMailID: 20180719094259eucas1p19513e434a8440d344934c4fe70281c9d
References: 
 <CGME20180719094259eucas1p19513e434a8440d344934c4fe70281c9d@eucas1p1.samsung.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

A socket which has sk_family set to PF_INET6 is able to receive not
only IPv6 but also IPv4 traffic (IPv4-mapped IPv6 addresses).

Prior to this patch, the smk_skb_to_addr_ipv6() could have been
called for socket buffers containing IPv4 packets, in result such
traffic was allowed.

Signed-off-by: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
---
Changes in v2:
 - Properly pass the family variable to other functions
 - Fix coding style
Changes in v3:
 - Fix formatting issues caused by improper email client configuration
---
 security/smack/smack_lsm.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 19de675..8b6cd5a 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3924,15 +3924,19 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 	struct smack_known *skp = NULL;
 	int rc = 0;
 	struct smk_audit_info ad;
+	u16 family = sk->sk_family;
 #ifdef CONFIG_AUDIT
 	struct lsm_network_audit net;
 #endif
 #if IS_ENABLED(CONFIG_IPV6)
 	struct sockaddr_in6 sadd;
 	int proto;
+
+	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
+		family = PF_INET;
 #endif /* CONFIG_IPV6 */
 
-	switch (sk->sk_family) {
+	switch (family) {
 	case PF_INET:
 #ifdef CONFIG_SECURITY_SMACK_NETFILTER
 		/*
@@ -3950,7 +3954,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		 */
 		netlbl_secattr_init(&secattr);
 
-		rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
+		rc = netlbl_skbuff_getattr(skb, family, &secattr);
 		if (rc == 0)
 			skp = smack_from_secattr(&secattr, ssp);
 		else
@@ -3963,7 +3967,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 #endif
 #ifdef CONFIG_AUDIT
 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
-		ad.a.u.net->family = sk->sk_family;
+		ad.a.u.net->family = family;
 		ad.a.u.net->netif = skb->skb_iif;
 		ipv4_skb_to_auditdata(skb, &ad.a, NULL);
 #endif
@@ -3977,7 +3981,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
 					MAY_WRITE, rc);
 		if (rc != 0)
-			netlbl_skbuff_err(skb, sk->sk_family, rc, 0);
+			netlbl_skbuff_err(skb, family, rc, 0);
 		break;
 #if IS_ENABLED(CONFIG_IPV6)
 	case PF_INET6:
@@ -3993,7 +3997,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 			skp = smack_net_ambient;
 #ifdef CONFIG_AUDIT
 		smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
-		ad.a.u.net->family = sk->sk_family;
+		ad.a.u.net->family = family;
 		ad.a.u.net->netif = skb->skb_iif;
 		ipv6_skb_to_auditdata(skb, &ad.a, NULL);
 #endif /* CONFIG_AUDIT */