| Message ID | 20171113205422.2918-1-richard_c_haines@btinternet.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On Mon, Nov 13, 2017 at 3:54 PM, Richard Haines <richard_c_haines@btinternet.com> wrote: > When resolving a fallback label, check the sk_buff version as it > is possible (e.g. SCTP) to have family = PF_INET6 while > receiving ip_hdr(skb)->version = 4. > > Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> > --- > net/netlabel/netlabel_unlabeled.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) Thanks Richard. Acked-by: Paul Moore <paul@paul-moore.com> > diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c > index 22dc1b9..c070dfc 100644 > --- a/net/netlabel/netlabel_unlabeled.c > +++ b/net/netlabel/netlabel_unlabeled.c > @@ -1472,6 +1472,16 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, > iface = rcu_dereference(netlbl_unlhsh_def); > if (iface == NULL || !iface->valid) > goto unlabel_getattr_nolabel; > + > +#if IS_ENABLED(CONFIG_IPV6) > + /* When resolving a fallback label, check the sk_buff version as > + * it is possible (e.g. SCTP) to have family = PF_INET6 while > + * receiving ip_hdr(skb)->version = 4. > + */ > + if (family == PF_INET6 && ip_hdr(skb)->version == 4) > + family = PF_INET; > +#endif /* IPv6 */ > + > switch (family) { > case PF_INET: { > struct iphdr *hdr4; > -- > 2.13.6
On Mon, Nov 13, 2017 at 5:13 PM, Paul Moore <paul@paul-moore.com> wrote: > On Mon, Nov 13, 2017 at 3:54 PM, Richard Haines > <richard_c_haines@btinternet.com> wrote: >> When resolving a fallback label, check the sk_buff version as it >> is possible (e.g. SCTP) to have family = PF_INET6 while >> receiving ip_hdr(skb)->version = 4. >> >> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> >> --- >> net/netlabel/netlabel_unlabeled.c | 10 ++++++++++ >> 1 file changed, 10 insertions(+) > > Thanks Richard. > > Acked-by: Paul Moore <paul@paul-moore.com> I don't believe the netdev folks picked this up, but I haven't heard any objections (and I can't imagine there would be any) so I'm going to go ahead and pull this into the selinux/next tree. >> diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c >> index 22dc1b9..c070dfc 100644 >> --- a/net/netlabel/netlabel_unlabeled.c >> +++ b/net/netlabel/netlabel_unlabeled.c >> @@ -1472,6 +1472,16 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, >> iface = rcu_dereference(netlbl_unlhsh_def); >> if (iface == NULL || !iface->valid) >> goto unlabel_getattr_nolabel; >> + >> +#if IS_ENABLED(CONFIG_IPV6) >> + /* When resolving a fallback label, check the sk_buff version as >> + * it is possible (e.g. SCTP) to have family = PF_INET6 while >> + * receiving ip_hdr(skb)->version = 4. >> + */ >> + if (family == PF_INET6 && ip_hdr(skb)->version == 4) >> + family = PF_INET; >> +#endif /* IPv6 */ >> + >> switch (family) { >> case PF_INET: { >> struct iphdr *hdr4; >> -- >> 2.13.6
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 22dc1b9..c070dfc 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1472,6 +1472,16 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb, iface = rcu_dereference(netlbl_unlhsh_def); if (iface == NULL || !iface->valid) goto unlabel_getattr_nolabel; + +#if IS_ENABLED(CONFIG_IPV6) + /* When resolving a fallback label, check the sk_buff version as + * it is possible (e.g. SCTP) to have family = PF_INET6 while + * receiving ip_hdr(skb)->version = 4. + */ + if (family == PF_INET6 && ip_hdr(skb)->version == 4) + family = PF_INET; +#endif /* IPv6 */ + switch (family) { case PF_INET: { struct iphdr *hdr4;
When resolving a fallback label, check the sk_buff version as it is possible (e.g. SCTP) to have family = PF_INET6 while receiving ip_hdr(skb)->version = 4. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> --- net/netlabel/netlabel_unlabeled.c | 10 ++++++++++ 1 file changed, 10 insertions(+)