[PATCH 2/3] smack: Check address length before reading address family
James Morris
jmorris at namei.org
Mon Apr 29 19:58:56 UTC 2019
On Fri, 12 Apr 2019, Casey Schaufler wrote:
> On 4/12/2019 3:59 AM, Tetsuo Handa wrote:
> > KMSAN will complain if valid address length passed to bind()/connect()/
> > sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes.
> >
> > Also, since smk_ipv6_port_label()/smack_netlabel_send()/
> > smack_ipv6host_label()/smk_ipv6_check()/smk_ipv6_port_check() are not
> > checking valid address length and/or address family, make sure we check
> > both. The minimal valid length in smack_socket_connect() is changed from
> > sizeof(struct sockaddr_in6) bytes to SIN6_LEN_RFC2133 bytes, for it seems
> > that Smack is not using "struct sockaddr_in6"->sin6_scope_id field.
> >
> > Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
>
> Acked-by: Casey Schaufler <casey at schaufler-ca.com>
Casey: will you be taking this via your tree?
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list