From: Paul Moore <pmoore@xxxxxxxxxx> Date: Mon, 6 Jun 2016 15:37:56 -0400 > On Mon, Jun 6, 2016 at 3:35 PM, Paul Moore <pmoore@xxxxxxxxxx> wrote: >> From: Paul Moore <paul@xxxxxxxxxxxxxx> >> >> It seems risky to always rely on the caller to ensure the socket's >> address family is correct before passing it to the NetLabel kAPI, >> especially since we see at least one LSM which didn't. Add address >> family checks to the *_delattr() functions to help prevent future >> problems. >> >> Cc: <stable@xxxxxxxxxxxxxxx> >> Reported-by: Maninder Singh <maninder1.s@xxxxxxxxxxx> >> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> >> --- >> net/netlabel/netlabel_kapi.c | 12 ++++++++++-- >> 1 file changed, 10 insertions(+), 2 deletions(-) > > DaveM, since this is such a trivial fix I'm adding it into my > selinux#next branch right now, but if you would prefer to carry it via > netdev#next let me know. That's fine. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
