Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 5b47b8038f183b44d2d8ff1c7d11a5c1be706b34
commit5b47b8038f183b44d2d8ff1c7d11a5c1be706b34[log] [tgz]
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>Thu Aug 04 14:07:40 2011 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>Mon Aug 15 18:31:33 2011 -0700
tree1bbf8c17e07c59a744e8f7005f3fe5936b871d89
parent91f620f98412f866b385b16681d5e59b7e62e343 [diff]
net: Fix security_socket_sendmsg() bypass problem.

commit c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a upstream.

The sendmmsg() introduced by commit 228e548e "net: Add sendmmsg socket system
call" is capable of sending to multiple different destination addresses.

SMACK is using destination's address for checking sendmsg() permission.
However, security_socket_sendmsg() is called for only once even if multiple
different destination addresses are passed to sendmmsg().

Therefore, we need to call security_socket_sendmsg() for each destination
address rather than only the first destination address.

Since calling security_socket_sendmsg() every time when only single destination
address was passed to sendmmsg() is a waste of time, omit calling
security_socket_sendmsg() unless destination address of previous datagram and
that of current datagram differs.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
1 file changed
tree: 1bbf8c17e07c59a744e8f7005f3fe5936b871d89
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS