mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 10:01:00 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/ipv4
History
Paolo Abeni debcbc56fd netlabel: cope with NULL catmap 
[ Upstream commit eead1c2ea2 ]

The cipso and calipso code can set the MLS_CAT attribute on
successful parsing, even if the corresponding catmap has
not been allocated, as per current configuration and external
input.

Later, selinux code tries to access the catmap if the MLS_CAT flag
is present via netlbl_catmap_getlong(). That may cause null ptr
dereference while processing incoming network traffic.

Address the issue setting the MLS_CAT flag only if the catmap is
really allocated. Additionally let netlbl_catmap_getlong() cope
with NULL catmap.

Reported-by: Matthew Sheets <matthew.sheets@gd-ms.com>
Fixes: 4b8feff251 ("netlabel: fix the horribly broken catmap functions")
Fixes: ceba1832b1 ("calipso: Set the calipso socket label to match the secattr.")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-05-20 08:20:08 +02:00
..
bpfilter SPDX update for 5.2-rc2, round 1 2019-05-21 12:33:38 -07:00
netfilter netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct 2020-01-23 08:22:47 +01:00
af_inet.c net: remove empty inet_exit_net 2019-08-19 18:22:54 -07:00
ah4.c xfrm: remove type and offload_type map from xfrm_state_afinfo 2019-06-06 08:34:50 +02:00
arp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cipso_ipv4.c netlabel: cope with NULL catmap 2020-05-20 08:20:08 +02:00
datagram.c inet: stop leaking jiffies on the wire 2019-11-01 14:57:52 -07:00
devinet.c net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin 2020-04-21 09:04:45 +02:00
esp4.c xfrm: remove get_mtu indirection from xfrm_type 2019-07-01 06:16:40 +02:00
esp4_offload.c xfrm: support output_mark for offload ESP packets 2020-01-29 16:45:31 +01:00
fib_frontend.c ipv4: fix a RCU-list lock in inet_dump_fib() 2020-04-01 11:01:31 +02:00
fib_lookup.h ipv4: Use accessors for fib_info nexthop data 2019-06-04 19:26:49 -07:00
fib_notifier.c
fib_rules.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 11:00:14 -07:00
fib_semantics.c ipv4: Update fib_select_default to handle nexthop objects 2020-04-29 16:33:07 +02:00
fib_trie.c ipv4: Detect rollover in specific fib table dump 2020-01-29 16:45:24 +01:00
fou.c fou: Fix IPv6 netlink policy 2020-01-29 16:45:22 +01:00
gre_demux.c gre: fix uninit-value in __iptunnel_pull_header 2020-03-18 07:17:38 +01:00
gre_offload.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
icmp.c net: icmp: fix data-race in cmp_global_allow() 2020-01-04 19:18:40 +01:00
igmp.c net: fix __ip_mc_inc_group usage 2019-08-20 12:48:06 -07:00
inet_connection_sock.c net: memcg: fix lockdep splat in inet_csk_accept() 2020-03-18 07:17:43 +01:00
inet_diag.c inet_diag: return classid for all socket types 2020-03-18 07:17:38 +01:00
inet_fragment.c inet: frags: re-introduce skb coalescing for local delivery 2019-08-08 15:55:10 -07:00
inet_hashtables.c tcp/dccp: fix possible race __inet_lookup_established() 2020-01-04 19:19:13 +01:00
inet_timewait_sock.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
inetpeer.c inetpeer: fix data-race in inet_putpeer / inet_putpeer 2020-01-04 19:18:39 +01:00
ip_forward.c ipv4: Revert removal of rt_uses_gateway 2019-09-20 18:23:33 -07:00
ip_fragment.c inet: frags: re-introduce skb coalescing for local delivery 2019-08-08 15:55:10 -07:00
ip_gre.c net: ip_gre: Accept IFLA_INFO_DATA-less configuration 2020-04-01 11:01:46 +02:00
ip_input.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
ip_options.c netfilter: nf_tables: add support for matching IPv4 options 2019-06-21 18:35:51 +02:00
ip_output.c inet: protect against too small mtu values. 2019-12-18 16:08:17 +01:00
ip_sockglue.c ip_sockglue: Fix missing-check bug in ip_ra_control() 2019-05-25 11:00:50 -07:00
ip_tunnel.c net, ip_tunnel: fix interface lookup with no key 2020-04-29 16:32:55 +02:00
ip_tunnel_core.c ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL 2019-06-18 20:48:45 -04:00
ip_vti.c vti[6]: fix packet tx through bpf_redirect() in XinY cases 2020-04-01 11:02:05 +02:00
ipcomp.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2019-07-05 15:01:15 -07:00
ipconfig.c ipconfig: add carrier_timeout kernel parameter 2019-02-01 15:24:13 -08:00
ipip.c ipip: validate header length in ipip_tunnel_xmit 2019-07-25 17:23:40 -07:00
ipmr.c ipmr: Fix skb headroom in ipmr_get_route(). 2019-11-16 13:06:54 -08:00
ipmr_base.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-07 17:22:09 -07:00
Kconfig vti[6]: fix packet tx through bpf_redirect() in XinY cases 2020-04-01 11:02:05 +02:00
Makefile net: Initial nexthop code 2019-05-28 21:37:30 -07:00
metrics.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
netfilter.c netfilter: ipv4: remove useless export_symbol 2019-01-28 11:32:58 +01:00
netlink.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
nexthop.c net: include struct nhmsg size in nh nlmsg size 2020-02-01 09:34:39 +00:00
ping.c ip: support SO_MARK cmsg 2019-09-13 21:44:19 +02:00
proc.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-17 20:20:36 -07:00
protocol.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
raw.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
raw_diag.c inet_diag: return classid for all socket types 2020-03-18 07:17:38 +01:00
route.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
syncookies.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sysctl_net_ipv4.c net/ipv4: fix sysctl max for fib_multipath_hash_policy 2019-11-18 17:25:36 -08:00
tcp.c tcp: repair: fix TCP_QUEUE_SEQ implementation 2020-04-01 11:01:39 +02:00
tcp_bbr.c tcp_bbr: improve arithmetic division in bbr_update_bw() 2020-01-29 16:45:21 +01:00
tcp_bic.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_bpf.c bpf/sockmap: Read psock ingress_msg before sk_receive_queue 2020-01-23 08:22:47 +01:00
tcp_cdg.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_cong.c tcp: fix tcp_set_congestion_control() use from bpf hook 2019-07-18 20:33:48 -07:00
tcp_cubic.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_dctcp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tcp_dctcp.h tcp: refactor DCTCP ECN ACK handling 2018-10-10 22:26:00 -07:00
tcp_diag.c tcp: annotate tp->write_seq lockless reads 2019-10-13 10:13:08 -07:00
tcp_fastopen.c tcp: add rcu protection around tp->fastopen_rsk 2019-10-13 10:13:08 -07:00
tcp_highspeed.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_htcp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_hybla.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_illinois.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_input.c tcp: fix TFO SYNACK undo to avoid double-timestamp-undo 2020-04-08 09:08:45 +02:00
tcp_ipv4.c tcp/dccp: fix possible race __inet_lookup_established() 2020-01-04 19:19:13 +01:00
tcp_lp.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_metrics.c tcp: refactor setting the initial congestion window 2019-05-01 11:47:54 -04:00
tcp_minisocks.c tcp: annotate tp->snd_nxt lockless reads 2019-10-13 10:13:08 -07:00
tcp_nv.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_offload.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tcp_output.c tcp: ensure skb->dev is NULL before leaving TCP stack 2020-04-01 11:01:39 +02:00
tcp_rate.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
tcp_recovery.c tcp: introduce tcp_skb_timestamp_us() helper 2018-09-21 19:37:59 -07:00
tcp_scalable.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_timer.c tcp: add rcu protection around tp->fastopen_rsk 2019-10-13 10:13:08 -07:00
tcp_ulp.c bpf: Sockmap/tls, push write_space updates through ulp updates 2020-01-23 08:22:45 +01:00
tcp_vegas.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_vegas.h
tcp_veno.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_westwood.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tcp_yeah.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
tunnel4.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
udp.c udp: rehash on disconnect 2020-03-05 16:43:33 +01:00
udp_diag.c inet_diag: return classid for all socket types 2020-03-18 07:17:38 +01:00
udp_impl.h udp: add missing rehash callback to udplite 2019-01-17 15:01:08 -08:00
udp_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
udp_tunnel.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
udplite.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm4_input.c xfrm: reset transport header back to network header after all input transforms ahave been applied 2018-09-04 10:26:30 +02:00
xfrm4_output.c xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish 2020-04-29 16:33:11 +02:00
xfrm4_policy.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:18:58 +01:00
xfrm4_protocol.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm4_state.c xfrm: remove eth_proto value from xfrm_state_afinfo 2019-06-06 08:34:50 +02:00
xfrm4_tunnel.c xfrm: remove type and offload_type map from xfrm_state_afinfo 2019-06-06 08:34:50 +02:00