linux-hardened/net/netlabel
Sean Tranchetti f88b4c01b9 netlabel: check for IPV4MASK in addrinfo_get
netlbl_unlabel_addrinfo_get() assumes that if it finds the
NLBL_UNLABEL_A_IPV4ADDR attribute, it must also have the
NLBL_UNLABEL_A_IPV4MASK attribute as well. However, this is
not necessarily the case as the current checks in
netlbl_unlabel_staticadd() and friends are not sufficent to
enforce this.

If passed a netlink message with NLBL_UNLABEL_A_IPV4ADDR,
NLBL_UNLABEL_A_IPV6ADDR, and NLBL_UNLABEL_A_IPV6MASK attributes,
these functions will all call netlbl_unlabel_addrinfo_get() which
will then attempt dereference NULL when fetching the non-existent
NLBL_UNLABEL_A_IPV4MASK attribute:

Unable to handle kernel NULL pointer dereference at virtual address 0
Process unlab (pid: 31762, stack limit = 0xffffff80502d8000)
Call trace:
	netlbl_unlabel_addrinfo_get+0x44/0xd8
	netlbl_unlabel_staticremovedef+0x98/0xe0
	genl_rcv_msg+0x354/0x388
	netlink_rcv_skb+0xac/0x118
	genl_rcv+0x34/0x48
	netlink_unicast+0x158/0x1f0
	netlink_sendmsg+0x32c/0x338
	sock_sendmsg+0x44/0x60
	___sys_sendmsg+0x1d0/0x2a8
	__sys_sendmsg+0x64/0xb4
	SyS_sendmsg+0x34/0x4c
	el0_svc_naked+0x34/0x38
Code: 51001149 7100113f 540000a0 f9401508 (79400108)
---[ end trace f6438a488e737143 ]---
Kernel panic - not syncing: Fatal exception

Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-09-21 18:58:34 -07:00
..
Kconfig calipso: Set the calipso socket label to match the secattr. 2016-06-27 15:02:51 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netlabel_addrlist.c netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlabel_addrlist.h net/netlabel: Add list_next_rcu() in rcu_dereference(). 2017-11-18 10:32:41 +09:00
netlabel_calipso.c locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() 2017-10-25 11:01:08 +02:00
netlabel_calipso.h calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
netlabel_cipso_v4.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
netlabel_cipso_v4.h netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlabel_domainhash.c netlabel: Implement CALIPSO config functions for SMACK. 2016-06-27 15:06:18 -04:00
netlabel_domainhash.h netlabel: Implement CALIPSO config functions for SMACK. 2016-06-27 15:06:18 -04:00
netlabel_kapi.c netlabel: add CALIPSO to the list of built-in protocols 2017-01-06 22:20:45 -05:00
netlabel_mgmt.c genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
netlabel_mgmt.h netlabel: Add support for creating a CALIPSO protocol domain mapping. 2016-06-27 15:02:49 -04:00
netlabel_unlabeled.c netlabel: check for IPV4MASK in addrinfo_get 2018-09-21 18:58:34 -07:00
netlabel_unlabeled.h netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
netlabel_user.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
netlabel_user.h netlabel: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00