On Fri, 27 Feb 2009, Paul Moore wrote: > Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission() > caused by a certain sequence of SUNRPC operations. The problem appears to be > due to the lack of NULL pointer checking in the function; this patch adds the > pointer checks so the function will exit safely in the cases where the socket > is not completely initialized. >From which kernel does this happen? Does it happen for the standard configuration when SELinux is enabled? > > Signed-off-by: Paul Moore <paul.moore@xxxxxx> > --- > > security/selinux/netlabel.c | 5 +++-- > 1 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c > index 3f4b266..350794a 100644 > --- a/security/selinux/netlabel.c > +++ b/security/selinux/netlabel.c > @@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) > if (!S_ISSOCK(inode->i_mode) || > ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) > return 0; > - > sock = SOCKET_I(inode); > sk = sock->sk; > + if (sk == NULL) > + return 0; > sksec = sk->sk_security; > - if (sksec->nlbl_state != NLBL_REQUIRE) > + if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) > return 0; > > local_bh_disable(); > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
