selinux: fix random read in selinux_ip_postroute_compat()
authorEric Dumazet <edumazet@google.com>
Thu, 5 Nov 2015 21:39:24 +0000 (13:39 -0800)
committerDavid S. Miller <davem@davemloft.net>
Thu, 5 Nov 2015 21:45:51 +0000 (16:45 -0500)
commit212cd0895330b775f2db49451f046a5ca4e5704b
treec4f9be4c046587df4fad72299a5888096153f4c9
parent432599d7a7062ad7e37e72601607dc35596afe40
selinux: fix random read in selinux_ip_postroute_compat()

In commit e446f9dfe17b ("net: synack packets can be attached to request
sockets"), I missed one remaining case of invalid skb->sk->sk_security
access.

Dmitry Vyukov got a KASan report pointing to it.

Add selinux_skb_sk() helper that is responsible to get back to the
listener if skb is attached to a request socket, instead of
duplicating the logic.

Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
security/selinux/hooks.c