From: Paul Moore Date: Fri, 27 Feb 2009 20:00:03 +0000 (-0500) Subject: selinux: Fix a panic in selinux_netlbl_inode_permission() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git selinux: Fix a panic in selinux_netlbl_inode_permission() Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission() caused by a certain sequence of SUNRPC operations. The problem appears to be due to the lack of NULL pointer checking in the function; this patch adds the pointer checks so the function will exit safely in the cases where the socket is not completely initialized. Signed-off-by: Paul Moore Signed-off-by: James Morris --- diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 3f4b26647386..350794ab9b42 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) if (!S_ISSOCK(inode->i_mode) || ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) return 0; - sock = SOCKET_I(inode); sk = sock->sk; + if (sk == NULL) + return 0; sksec = sk->sk_security; - if (sksec->nlbl_state != NLBL_REQUIRE) + if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) return 0; local_bh_disable();