summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexey Kodanev <alexey.kodanev@oracle.com>2018-05-11 20:15:13 +0300
committerPaul Moore <paul@paul-moore.com>2018-05-14 15:20:59 -0400
commit4152dc91b5932e7fe49a5afed62a068b2f31d196 (patch)
treedf0c291add6164031dbce1f413f585b77eb51758
parent88b7d370bb4b1280717ebdacd6748456f9ba484f (diff)
selinux: correctly handle sa_family cases in selinux_sctp_bind_connect()
Allow to pass the socket address structure with AF_UNSPEC family for compatibility purposes. selinux_socket_bind() will further check it for INADDR_ANY and selinux_socket_connect_helper() should return EINVAL. For a bad address family return EINVAL instead of AFNOSUPPORT error, i.e. what is expected from SCTP protocol in such case. Fixes: d452930fd3b9 ("selinux: Add SCTP support") Suggested-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--security/selinux/hooks.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f5f2d6a582f0..efeb1db8f61d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5269,6 +5269,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
while (walk_size < addrlen) {
addr = addr_buf;
switch (addr->sa_family) {
+ case AF_UNSPEC:
case AF_INET:
len = sizeof(struct sockaddr_in);
break;
@@ -5276,7 +5277,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
len = sizeof(struct sockaddr_in6);
break;
default:
- return -EAFNOSUPPORT;
+ return -EINVAL;
}
err = -EINVAL;