Unverified Commit 68f265f5 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!11221 apparmor: Fix null pointer deref when receiving skb during sock creation 

Merge Pull Request from: @ci-robot 
 
PR sync from: Gu Bowen <gubowen5@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/ECECEILKWASDUD7VRUYGFVVH3D2NPRPF/ 
 
https://gitee.com/src-openeuler/kernel/issues/IAKPW7 
 
Link:https://gitee.com/openeuler/kernel/pulls/11221

 

Reviewed-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents 7c48e108 e9b5f8ad

security/apparmor/lsm.c

+7 −0
Original line number Diff line number Diff line
@@ -1048,6 +1048,13 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 
	if (!skb->secmark)

		return 0;



	/*

	 * If reach here before socket_post_create hook is called, in which

	 * case label is null, drop the packet.

	 */

	if (!ctx->label)

		return -EACCES;



	return apparmor_secmark_check(ctx->label, OP_RECVMSG, AA_MAY_RECEIVE,

				      skb->secmark, sk);

}