Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 81bd0d56298f93af6ac233d8a7e8b29aa4b094b7
commit81bd0d56298f93af6ac233d8a7e8b29aa4b094b7[log] [tgz]
authorRoman Kubiak <r.kubiak@samsung.com>Thu Dec 17 13:24:35 2015 +0100
committerCasey Schaufler <casey@schaufler-ca.com>Thu Dec 17 10:21:56 2015 -0800
tree4fb0eb956481a9155e1cd9fffcd04083d3dfc601
parent79be093500791cc25cc31bcaec5a4db62e21497b [diff]
Smack: type confusion in smak sendmsg() handler

Smack security handler for sendmsg() syscall
is vulnerable to type confusion issue what
can allow to privilege escalation into root
or cause denial of service.

A malicious attacker can create socket of one
type for example AF_UNIX and pass is into
sendmsg() function ensuring that this is
AF_INET socket.

Remedy
Do not trust user supplied data.
Proposed fix below.

Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Signed-off-by: Mateusz Fruba <m.fruba@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
1 file changed
tree: 4fb0eb956481a9155e1cd9fffcd04083d3dfc601
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS