asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net/ipv6
History
Kuniyuki Iwashima 8b3639cb78 dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 
[ Upstream commit 23be1e0e2a83a8543214d2599a31d9a2185a796b ]

Initially, commit 4237c75c0a ("[MLSXFRM]: Auto-labeling of child
sockets") introduced security_inet_conn_request() in some functions
where reqsk is allocated.  The hook is added just after the allocation,
so reqsk's IPv6 remote address was not initialised then.

However, SELinux/Smack started to read it in netlbl_req_setattr()
after commit e1adea9270 ("calipso: Allow request sockets to be
relabelled by the lsm.").

Commit 284904aa79 ("lsm: Relocate the IPv4 security_inet_conn_request()
hooks") fixed that kind of issue only in TCPv4 because IPv6 labeling was
not supported at that time.  Finally, the same issue was introduced again
in IPv6.

Let's apply the same fix on DCCPv6 and TCPv6.

Fixes: e1adea9270 ("calipso: Allow request sockets to be relabelled by the lsm.")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-11-20 10:29:21 +01:00
..
ila ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() 2023-03-17 08:31:44 +01:00
netfilter treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
addrconf.c net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr 2023-09-23 10:48:13 +02:00
addrconf_core.c
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-25 17:40:17 +01:00
af_inet6.c dccp: Call inet6_destroy_sock() via sk->sk_destruct(). 2023-04-26 11:21:53 +02:00
ah6.c
anycast.c
calipso.c cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-17 16:43:44 +01:00
datagram.c ipv6: Fix datagram socket connection with DSCP. 2023-02-22 12:47:21 +01:00
esp6.c net: ipv6: fix return value check in esp_remove_trailer 2023-10-25 11:16:45 +02:00
esp6_offload.c xfrm: Linearize the skb after offloading if needed. 2023-06-28 10:15:29 +02:00
exthdrs.c ipv6: fix out-of-bound access in ip6_parse_tlv() 2021-07-20 16:15:52 +02:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-30 12:42:14 +01:00
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c
fou6.c
icmp.c icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). 2023-08-11 11:45:18 +02:00
inet6_connection_sock.c
inet6_hashtables.c secure_seq: use the 64 bits of the siphash for port offset calculation 2022-06-06 08:24:20 +02:00
ip6_checksum.c
ip6_fib.c ipv6: annotate accesses to fn->fn_sernum 2022-02-08 18:23:09 +01:00
ip6_flowlabel.c treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
ip6_gre.c net:ipv6: check return value of pskb_trim() 2023-08-11 11:45:26 +02:00
ip6_icmp.c net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending 2021-03-04 09:39:59 +01:00
ip6_input.c tcp/udp: Make early_demux back namespacified. 2022-11-10 17:46:54 +01:00
ip6_offload.c gso: do not skip outer ip header in case of ipip and net_failover 2022-03-02 11:38:12 +01:00
ip6_offload.h
ip6_output.c ipv6: avoid atomic fragment on GSO packets 2023-11-20 10:29:17 +01:00
ip6_tunnel.c net: tunnels: annotate lockless accesses to dev->needed_headroom 2023-03-22 13:27:09 +01:00
ip6_udp_tunnel.c
ip6_vti.c ip6_vti: fix slab-use-after-free in decode_session6 2023-08-30 16:31:48 +02:00
ip6mr.c ip6mr: Fix skb_under_panic in ip6mr_cache_report() 2023-08-11 11:45:37 +02:00
ipcomp6.c
ipv6_sockglue.c udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). 2023-04-26 11:21:52 +02:00
Kconfig
Makefile
mcast.c mld: fix panic in mld_newpack() 2021-06-03 08:38:11 +02:00
mcast_snoop.c
mip6.c
ndisc.c ipv6: adjust ndisc_is_useropt() to also return true for PIO 2023-08-16 18:12:59 +02:00
netfilter.c
output_core.c ipv6: use prandom_u32() for ID generation 2021-07-20 16:16:00 +02:00
ping.c ping6: Fix send to link-local addresses with VRF. 2023-06-21 15:39:58 +02:00
proc.c
protocol.c
raw.c ipv{4,6}/raw: fix output xfrm lookup wrt protocol 2023-06-09 10:23:54 +02:00
reassembly.c vrf: Increment Icmp6InMsgs on the original netdev 2023-08-11 11:45:18 +02:00
route.c ipv6: fix WARNING in ip6_route_net_exit_late() 2022-11-10 17:46:53 +01:00
seg6.c ipv6: sr: fix out-of-bounds read when setting HMAC data. 2022-09-15 12:17:06 +02:00
seg6_hmac.c net: ipv6: unexport __init-annotated seg6_hmac_net_init() 2022-07-07 17:35:10 +02:00
seg6_iptunnel.c seg6: fix skb checksum evaluation in SRH encapsulation/insertion 2022-07-21 21:09:29 +02:00
seg6_local.c seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors 2022-07-21 21:09:29 +02:00
sit.c sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-05-17 11:13:23 +02:00
syncookies.c dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 10:29:21 +01:00
sysctl_net_ipv6.c
tcp_ipv6.c inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). 2023-04-26 11:21:53 +02:00
tcpv6_offload.c
tunnel6.c
udp.c udp6: fix udp6_ehashfn() typo 2023-08-11 11:45:18 +02:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2023-04-26 11:21:52 +02:00
udp_offload.c
udplite.c udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). 2023-05-30 12:42:14 +01:00
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c xfrm: fix tunnel model fragmentation behavior 2022-04-15 14:14:36 +02:00
xfrm6_policy.c xfrm6: fix inet6_dev refcount underflow problem 2023-10-25 11:17:03 +02:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c