dccp: Call security_inet_conn_request() after setting IPv4 addresses.
stable inclusion from stable-v6.6.2 commit 0a2bcc3bb7d32f6e9ee8f31c7a3f43d1fe00c342 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8IW7G Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0a2bcc3bb7d32f6e9ee8f31c7a3f43d1fe00c342 -------------------------------- [ Upstream commit fa2df45af13091f76b89adb84a28f13818d5d631 ] Initially, commit 4237c75c ("[MLSXFRM]: Auto-labeling of child sockets") introduced security_inet_conn_request() in some functions where reqsk is allocated. The hook is added just after the allocation, so reqsk's IPv4 remote address was not initialised then. However, SELinux/Smack started to read it in netlbl_req_setattr() after the cited commits. This bug was partially fixed by commit 284904aa ("lsm: Relocate the IPv4 security_inet_conn_request() hooks"). This patch fixes the last bug in DCCPv4. Fixes: 389fb800 ("netlabel: Label incoming TCP connections correctly in SELinux") Fixes: 07feee8f ("netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections") Signed-off-by:Kuniyuki Iwashima <kuniyu@amazon.com> Acked-by:
Loading
Please sign in to comment