Skip to content

Commit 23be1e0

Browse files
q2venPaolo Abeni
authored andcommitted
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
Initially, commit 4237c75 ("[MLSXFRM]: Auto-labeling of child sockets") introduced security_inet_conn_request() in some functions where reqsk is allocated. The hook is added just after the allocation, so reqsk's IPv6 remote address was not initialised then. However, SELinux/Smack started to read it in netlbl_req_setattr() after commit e1adea9 ("calipso: Allow request sockets to be relabelled by the lsm."). Commit 284904a ("lsm: Relocate the IPv4 security_inet_conn_request() hooks") fixed that kind of issue only in TCPv4 because IPv6 labeling was not supported at that time. Finally, the same issue was introduced again in IPv6. Let's apply the same fix on DCCPv6 and TCPv6. Fixes: e1adea9 ("calipso: Allow request sockets to be relabelled by the lsm.") Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
1 parent fa2df45 commit 23be1e0

File tree

2 files changed

+7
-6
lines changed

2 files changed

+7
-6
lines changed

net/dccp/ipv6.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -360,15 +360,15 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
360360
if (dccp_parse_options(sk, dreq, skb))
361361
goto drop_and_free;
362362

363-
if (security_inet_conn_request(sk, skb, req))
364-
goto drop_and_free;
365-
366363
ireq = inet_rsk(req);
367364
ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
368365
ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
369366
ireq->ireq_family = AF_INET6;
370367
ireq->ir_mark = inet_request_mark(sk, skb);
371368

369+
if (security_inet_conn_request(sk, skb, req))
370+
goto drop_and_free;
371+
372372
if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
373373
np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
374374
np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {

net/ipv6/syncookies.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -181,14 +181,15 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
181181
treq = tcp_rsk(req);
182182
treq->tfo_listener = false;
183183

184-
if (security_inet_conn_request(sk, skb, req))
185-
goto out_free;
186-
187184
req->mss = mss;
188185
ireq->ir_rmt_port = th->source;
189186
ireq->ir_num = ntohs(th->dest);
190187
ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
191188
ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
189+
190+
if (security_inet_conn_request(sk, skb, req))
191+
goto out_free;
192+
192193
if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) ||
193194
np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
194195
np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {

0 commit comments

Comments
 (0)