Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 3a7c384ffd ipv4: tcp: unicast_sock should not land outside of TCP stack 
commit be9f4a44e7 (ipv4: tcp: remove per net tcp_sock) added a
selinux regression, reported and bisected by John Stultz

selinux_ip_postroute_compat() expect to find a valid sk->sk_security
pointer, but this field is NULL for unicast_sock

It turns out that unicast_sock are really temporary stuff to be able
to reuse  part of IP stack (ip_append_data()/ip_push_pending_frames())

Fact is that frames sent by ip_send_unicast_reply() should be orphaned
to not fool LSM.

Note IPv6 never had this problem, as tcp_v6_send_response() doesnt use a
fake socket at all. I'll probably implement tcp_v4_send_response() to
remove these unicast_sock in linux-3.7

Reported-by: John Stultz <johnstul@us.ibm.com>
Bisected-by: John Stultz <johnstul@us.ibm.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@parisplace.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2012-08-09 20:56:08 -07:00
..
9p
802
8021q
appletalk
atm
ax25
batman-adv batman-adv: Fix mem leak in the batadv_tt_local_event() function 2012-08-08 16:04:04 -07:00
bluetooth
bridge
caif netvm: prevent a stream-specific deadlock 2012-07-31 18:42:47 -07:00
can
ceph libceph: fix crypto key null deref, memory leak 2012-08-02 09:19:20 -07:00
core net/core: Fix potential memory leak in dev_set_alias() 2012-08-08 16:06:23 -07:00
dcb
dccp
decnet ipv4: Restore old dst_free() behavior. 2012-07-31 14:41:38 -07:00
dns_resolver
dsa
ethernet
ieee802154
ipv4 ipv4: tcp: unicast_sock should not land outside of TCP stack 2012-08-09 20:56:08 -07:00
ipv6 net: ipv6: fix TCP early demux 2012-08-06 13:33:21 -07:00
ipx
irda
iucv
key
l2tp
lapb
llc llc: free the right skb 2012-08-06 13:30:01 -07:00
mac80211 Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 2012-08-02 13:49:38 -04:00
mac802154
netfilter
netlabel
netlink
netrom
nfc
openvswitch
packet af_packet: Quiet sparse noise about using plain integer as NULL pointer 2012-08-08 15:43:22 -07:00
phonet
rds
rfkill
rose
rxrpc
sched sched: add missing group change to qfq_change_class 2012-08-08 16:02:05 -07:00
sctp netvm: prevent a stream-specific deadlock 2012-07-31 18:42:47 -07:00
sunrpc Merge branch 'akpm' (Andrew's patch-bomb) 2012-07-31 19:25:39 -07:00
tipc
unix Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-08-01 10:26:23 -07:00
wanrouter
wimax
wireless cfg80211: Clear "beacon_found" on regulatory restore 2012-08-02 15:34:22 +02:00
x25
xfrm Fix unexpected SA hard expiration after changing date 2012-08-02 00:19:17 -07:00
Kconfig
Makefile
compat.c
nonet.c
socket.c
sysctl_net.c