From: Alexey Kodanev <alexey.kodanev@oracle.com>
Date: Fri, 11 May 2018 17:15:13 +0000 (+0300)
Subject: selinux: correctly handle sa_family cases in selinux_sctp_bind_connect()
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=4152dc91b5932e7fe49a5afed62a068b2f31d196;p=linux.git

selinux: correctly handle sa_family cases in selinux_sctp_bind_connect()

Allow to pass the socket address structure with AF_UNSPEC family for
compatibility purposes. selinux_socket_bind() will further check it
for INADDR_ANY and selinux_socket_connect_helper() should return
EINVAL.

For a bad address family return EINVAL instead of AFNOSUPPORT error,
i.e. what is expected from SCTP protocol in such case.

Fixes: d452930fd3b9 ("selinux: Add SCTP support")
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f5f2d6a582f0a..efeb1db8f61d4 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5269,6 +5269,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
 	while (walk_size < addrlen) {
 		addr = addr_buf;
 		switch (addr->sa_family) {
+		case AF_UNSPEC:
 		case AF_INET:
 			len = sizeof(struct sockaddr_in);
 			break;
@@ -5276,7 +5277,7 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
 			len = sizeof(struct sockaddr_in6);
 			break;
 		default:
-			return -EAFNOSUPPORT;
+			return -EINVAL;
 		}
 
 		err = -EINVAL;