netlabel: If PF_INET6, check sk_buff ip header version
authorRichard Haines <richard_c_haines@btinternet.com>
Mon, 13 Nov 2017 20:54:22 +0000 (20:54 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 30 May 2018 05:52:40 +0000 (07:52 +0200)
[ Upstream commit 213d7f94775322ba44e0bbb55ec6946e9de88cea ]

When resolving a fallback label, check the sk_buff version as it
is possible (e.g. SCTP) to have family = PF_INET6 while
receiving ip_hdr(skb)->version = 4.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/netlabel/netlabel_unlabeled.c

index 22dc1b9d63625e76c72bdb80b97b1d07540fac32..c070dfc0190aa2bd84871eee50596a3d7c735636 100644 (file)
@@ -1472,6 +1472,16 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb,
                iface = rcu_dereference(netlbl_unlhsh_def);
        if (iface == NULL || !iface->valid)
                goto unlabel_getattr_nolabel;
+
+#if IS_ENABLED(CONFIG_IPV6)
+       /* When resolving a fallback label, check the sk_buff version as
+        * it is possible (e.g. SCTP) to have family = PF_INET6 while
+        * receiving ip_hdr(skb)->version = 4.
+        */
+       if (family == PF_INET6 && ip_hdr(skb)->version == 4)
+               family = PF_INET;
+#endif /* IPv6 */
+
        switch (family) {
        case PF_INET: {
                struct iphdr *hdr4;