diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-08-04 14:07:40 (GMT) |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-08-05 10:31:03 (GMT) |
| commit | c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a (patch) | |
| tree | 2b0d63c14a5e565e97c2b5deb0fc0b5c1890bb08 /fs/nls/nls_cp857.c | |
| parent | 98382f419f32d2c12d021943b87dea555677144b (diff) | |
| download | linux-fsl-qoriq-c71d8ebe7a4496fb7231151cb70a6baa0cb56f9a.tar.xz | |
net: Fix security_socket_sendmsg() bypass problem.
The sendmmsg() introduced by commit 228e548e "net: Add sendmmsg socket system
call" is capable of sending to multiple different destination addresses.
SMACK is using destination's address for checking sendmsg() permission.
However, security_socket_sendmsg() is called for only once even if multiple
different destination addresses are passed to sendmmsg().
Therefore, we need to call security_socket_sendmsg() for each destination
address rather than only the first destination address.
Since calling security_socket_sendmsg() every time when only single destination
address was passed to sendmmsg() is a waste of time, omit calling
security_socket_sendmsg() unless destination address of previous datagram and
that of current datagram differs.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Anton Blanchard <anton@samba.org>
Cc: stable <stable@kernel.org> [3.0+]
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs/nls/nls_cp857.c')
0 files changed, 0 insertions, 0 deletions