diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2024-12-21 01:02:46 +0300 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2025-01-05 06:11:22 +0300 |
| commit | 3b44cd0998678b55a0df20b514bca0e298f4ff48 (patch) | |
| tree | 64449229b850dad9768d26e1433f1df8240bee3c /net/netfilter | |
| parent | b00083aed484a2885bc92c6a7a85d7952c101d75 (diff) | |
| download | linux-3b44cd0998678b55a0df20b514bca0e298f4ff48.tar.xz | |
net: corrections for security_secid_to_secctx returns
security_secid_to_secctx() returns the size of the new context,
whereas previous versions provided that via a pointer parameter.
Correct the type of the value returned in nfqnl_get_sk_secctx()
and the check for error in netlbl_unlhsh_add(). Add an error
check.
Fixes: 2d470c778120 ("lsm: replace context+len with lsm_context")
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nfnetlink_queue.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 5110f29b2f40..5c913987901a 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -470,9 +470,9 @@ static int nfqnl_put_sk_classid(struct sk_buff *skb, struct sock *sk) return 0; } -static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsm_context *ctx) +static int nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsm_context *ctx) { - u32 seclen = 0; + int seclen = 0; #if IS_ENABLED(CONFIG_NETWORK_SECMARK) if (!skb || !sk_fullsock(skb->sk)) @@ -568,7 +568,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; struct lsm_context ctx; - u32 seclen = 0; + int seclen = 0; ktime_t tstamp; size = nlmsg_total_size(sizeof(struct nfgenmsg)) @@ -643,7 +643,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { seclen = nfqnl_get_sk_secctx(entskb, &ctx); - if (seclen >= 0) + if (seclen < 0) + return NULL; + if (seclen) size += nla_total_size(seclen); } @@ -782,7 +784,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, if (nfqnl_put_sk_classid(skb, entskb->sk) < 0) goto nla_put_failure; - if (seclen && nla_put(skb, NFQA_SECCTX, ctx.len, ctx.context)) + if (seclen > 0 && nla_put(skb, NFQA_SECCTX, ctx.len, ctx.context)) goto nla_put_failure; if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0) |