projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f583537)
selinux: fix broken peer recv check
authorChad Hanson <chanson@trustedcs.com>
Mon, 23 Dec 2013 22:45:01 +0000 (17:45 -0500)
committerPaul Moore <pmoore@redhat.com>
Mon, 23 Dec 2013 22:45:17 +0000 (17:45 -0500)
Fix a broken networking check. Return an error if peer recv fails.  If
secmark is active and the packet recv succeeds the peer recv error is
ignored.

Signed-off-by: Chad Hanson <chanson@trustedcs.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moore <pmoore@redhat.com>
security/selinux/hooks.c patch | blob | history

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 419491d8e7d20737cc2e2098882994a1fc37ca98..5db26468b5c392d3e90f1564287dc0e1cebeef3b 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4334,8 +4334,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
                }
                err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
                                   PEER__RECV, &ad);
-               if (err)
+               if (err) {
                        selinux_netlbl_err(skb, err, 0);
+                       return err;
+               }
        }
 
        if (secmark_active) {
John Crispins staging tree