From patchwork Thu Jul 19 09:45:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Piotr Sawicki X-Patchwork-Id: 10534015 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 72CC9600D0 for ; Thu, 19 Jul 2018 09:45:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DCF3205A9 for ; Thu, 19 Jul 2018 09:45:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4FA2027FA1; Thu, 19 Jul 2018 09:45:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, FORGED_MUA_MOZILLA, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CC391205A9 for ; Thu, 19 Jul 2018 09:45:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726724AbeGSK1k (ORCPT ); Thu, 19 Jul 2018 06:27:40 -0400 Received: from mailout1.w1.samsung.com ([210.118.77.11]:33002 "EHLO mailout1.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726519AbeGSK1k (ORCPT ); Thu, 19 Jul 2018 06:27:40 -0400 Received: from eucas1p1.samsung.com (unknown [182.198.249.206]) by mailout1.w1.samsung.com (KnoxPortal) with ESMTP id 20180719094519euoutp01d0a75cd055905a85b9f117de84133b4b~Cu-1FVEWt1157311573euoutp01P for ; Thu, 19 Jul 2018 09:45:19 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20180719094519euoutp01d0a75cd055905a85b9f117de84133b4b~Cu-1FVEWt1157311573euoutp01P DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1531993519; bh=LvNMGsSrx/dN//QIGpzcfEFk/pFVIg8G3eP4jxiDU24=; h=From:Subject:To:Date:References:From; b=YsLsFqpdXC9/Jdwj+nkIrtmMMRo7QQShcIKFVjCVhHUKmRYR6YMCzDWzW6fYpJMLJ XFAbIvvq/itzbhyyxZVW4mShz9pbyZaimQ0deDBaUJBwHGGBBn+OEV83TOeW8Rehyq unFhvlgPdf+XuBX4XLd9iAo4PlRRUQXyWiD3zzlw= Received: from eusmges3new.samsung.com (unknown [203.254.199.245]) by eucas1p1.samsung.com (KnoxPortal) with ESMTP id 20180719094519eucas1p137322ea00d0f3f9f77c7fdefd240b17c~Cu-0a1QkD0189701897eucas1p10; Thu, 19 Jul 2018 09:45:19 +0000 (GMT) Received: from eucas1p1.samsung.com ( [182.198.249.206]) by eusmges3new.samsung.com (EUCPMTA) with SMTP id 7B.19.61560.EAD505B5; Thu, 19 Jul 2018 10:45:18 +0100 (BST) Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by eucas1p2.samsung.com (KnoxPortal) with ESMTPA id 20180719094518eucas1p21032c7af4afc37854db8ea84836d6fe3~Cu-zsE2gF2522125221eucas1p2i; Thu, 19 Jul 2018 09:45:18 +0000 (GMT) Received: from eusmgms1.samsung.com (unknown [182.198.249.179]) by eusmtrp1.samsung.com (KnoxPortal) with ESMTP id 20180719094517eusmtrp179836dc1c383589f81e608d363ca88fc~Cu-zdjAho1798217982eusmtrp1u; Thu, 19 Jul 2018 09:45:17 +0000 (GMT) X-AuditID: cbfec7f5-207ff7000002f078-d1-5b505daee807 Received: from eusmtip1.samsung.com ( [203.254.199.221]) by eusmgms1.samsung.com (EUCPMTA) with SMTP id 90.C6.04178.DAD505B5; Thu, 19 Jul 2018 10:45:17 +0100 (BST) Received: from [106.120.51.16] (unknown [106.120.51.16]) by eusmtip1.samsung.com (KnoxPortal) with ESMTPA id 20180719094517eusmtip163e886c5d6ec653622321875f6843d45~Cu-zJHkSY1230512305eusmtip10; Thu, 19 Jul 2018 09:45:17 +0000 (GMT) From: Piotr Sawicki Subject: [PATCH v4 RFC] Smack: Check UDP-Lite and DCCP protocols during IPv6 handling To: LSM , Casey Schaufler , jmorris@namei.org, serge@hallyn.com, "SMACK-discuss@lists.01.org" Date: Thu, 19 Jul 2018 11:45:16 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Language: en-US X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOKsWRmVeSWpSXmKPExsWy7djPc7rrYgOiDb5M1bW4t+0Xm8W69YuZ LD70PGKzeP9qAavF+Qvn2C2uLt3I7sDmcW13pEf37H8sHj3fkz0OvtvD5HF0/yI2j8+b5ALY orhsUlJzMstSi/TtErgyPh0/xFxwkLtiQs8mtgbGbZxdjJwcEgImEleWfGcEsYUEVjBKnDjs 18XIBWR/YZRYuXoqE4TzmVHix6ZPzDAdi0/fZoFILGeU2P76D5TzllHi2uUr7CBVbEBVPet+ soDYwgLhEle3HwUbJSKwl1Fiw493YAkWAVWJ31e2gTWICkRIHHmwEOwQXgFBiZMzn4DVMAuI S9x6Mp8JwpaX2P52DjPIIAmBdnaJFS2PgBwOoIYyickr4yDOc5F4+Os5K4QtLPHq+BZ2CFtG 4vTkHhYIu16id/0xNog5PYwSrVvnsUEkrCU+T9oCNpNZQFNi/S59iLCjxMcbk5lAwhICfBI3 3gpCnMMnMWnbdGaIMK9ER5sQRLWOxJu+JSwQYSmJRd15EGEPidPXe9khIR0r8eL2caYJjAqz kPw7C8m/s5D8OwvhnAWMLKsYxVNLi3PTU4uN81LL9YoTc4tL89L1kvNzNzECk8/pf8e/7mDc 9yfpEKMAB6MSD+8Kp4BoIdbEsuLK3EOMEhzMSiK8jzyAQrwpiZVVqUX58UWlOanFhxilOViU xHnjNOqihATSE0tSs1NTC1KLYLJMHJxSDYy7dm7Kzfv2eP/0+0w+qvL3y70mLy2s9bw4q/gs j1mWM4fVnsRJ36s4L/ZpLLsXIdR+/Nlv8aVf8m96Z8Zt+l/1Ts1s7jWfv1umb05tnvq39ESC ulD2eYlFL7eUqWnv/n3Z+5jz9OqXKYdsmToUjoZuXDPtButDwdLc2Rceiu89uzQrJPPMitta SizFGYmGWsxFxYkAU8EPtDoDAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBIsWRmVeSWpSXmKPExsVy+t/xu7prYwOiDeZNtLC4t+0Xm8W69YuZ LD70PGKzeP9qAavF+Qvn2C2uLt3I7sDmcW13pEf37H8sHj3fkz0OvtvD5HF0/yI2j8+b5ALY ovRsivJLS1IVMvKLS2yVog0tjPQMLS30jEws9QyNzWOtjEyV9O1sUlJzMstSi/TtEvQyPh0/ xFxwkLtiQs8mtgbGbZxdjJwcEgImEotP32bpYuTiEBJYyihxou0gM0RCSmLuv73sELawxJ9r XWwQRa8ZJaYe/8cIkmAD6u5Z95MFxBYWCJe4uv0oE0iRiMBeRolN87rBErwCbhJnml6ATWIR UJX4fWUbmC0qECGxevkLVogaQYmTM5+A1TMLqEv8mXeJGcIWl7j1ZD4ThC0vsf3tHOYJjPyz kLTMQtIyC0nLLCQtCxhZVjGKpJYW56bnFhvqFSfmFpfmpesl5+duYgTGyrZjPzfvYLy0MfgQ owAHoxIPL4NrQLQQa2JZcWXuIUYJDmYlEd5HHkAh3pTEyqrUovz4otKc1OJDjKZAD01klhJN zgfGcV5JvKGpobmFpaG5sbmxmYWSOO95g8ooIYH0xJLU7NTUgtQimD4mDk6pBsYqTW0O+V+M fmHuQj+z2G6LRF301lohU/iNi33qVd57T1fv+Zz6PZHPzfYP/8slXXNOHdk7cU/7rBjG2mLx EzX/SopdYx4mnr0v/D2A54LnRpnTW5m39lzdNlOfQfBX8uGUCsUpSR/m+3awbpLb1Nm7aW6J g51XuXHY2bmvQ2eIl7y7UCiw9pUSS3FGoqEWc1FxIgDKJoXLqwIAAA== Message-Id: <20180719094518eucas1p21032c7af4afc37854db8ea84836d6fe3~Cu-zsE2gF2522125221eucas1p2i@eucas1p2.samsung.com> X-CMS-MailID: 20180719094518eucas1p21032c7af4afc37854db8ea84836d6fe3 X-Msg-Generator: CA X-RootMTR: 20180719094518eucas1p21032c7af4afc37854db8ea84836d6fe3 X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20180719094518eucas1p21032c7af4afc37854db8ea84836d6fe3 References: Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The smack_socket_sock_rcv_skb() function is checking smack labels only for UDP and TCP frames carried in IPv6 packets. From now on, it is able also to handle UDP-Lite and DCCP protocols. Signed-off-by: Piotr Sawicki Acked-by: Casey Schaufler --- Changes in v2: - Add missing Signed-off-by field Changes in v3: - Fix the email subject Changes in v4: - Fix formatting issues caused by improper email client configuration --- security/smack/smack_lsm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 8b6cd5a..c2282ac 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3896,6 +3896,7 @@ static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip) sip->sin6_port = th->source; break; case IPPROTO_UDP: + case IPPROTO_UDPLITE: uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph); if (uh != NULL) sip->sin6_port = uh->source; @@ -3986,7 +3987,8 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) #if IS_ENABLED(CONFIG_IPV6) case PF_INET6: proto = smk_skb_to_addr_ipv6(skb, &sadd); - if (proto != IPPROTO_UDP && proto != IPPROTO_TCP) + if (proto != IPPROTO_UDP && proto != IPPROTO_UDPLITE && + proto != IPPROTO_TCP && proto != IPPROTO_DCCP) break; #ifdef SMACK_IPV6_SECMARK_LABELING if (skb && skb->secmark != 0)