Merge tag 'v5.2-rc4' into spi-5.3

Linux 5.2-rc4
author: Mark Brown <broonie@kernel.org> 2019-06-10 18:52:53 +0100
committer: Mark Brown <broonie@kernel.org> 2019-06-10 18:52:53 +0100
commit: 4343f61103cdb8ccd6f3d5dd7168f1176a1cee37 (patch)
tree: 3db0a2e099cf7feb0c2d60d2a4bf1bf10d5253db /security/selinux/hooks.c
parent: aef9752274f4045b0dab577e113da63c96832f77 (diff)
parent: d1fdb6d8f6a4109a4263176c84b899076a5f8008 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c61787b15f27..3ec702cf46ca 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4637,6 +4637,14 @@ static int selinux_socket_connect_helper(struct socket *sock,
 	err = sock_has_perm(sk, SOCKET__CONNECT);
 	if (err)
 		return err;
+	if (addrlen < offsetofend(struct sockaddr, sa_family))
+		return -EINVAL;
+
+	/* connect(AF_UNSPEC) has special handling, as it is a documented
+	 * way to disconnect the socket
+	 */
+	if (address->sa_family == AF_UNSPEC)
+		return 0;
 
 	/*
 	 * If a TCP, DCCP or SCTP socket, check name_connect permission
@@ -4657,8 +4665,6 @@ static int selinux_socket_connect_helper(struct socket *sock,
 		 * need to check address->sa_family as it is possible to have
 		 * sk->sk_family = PF_INET6 with addr->sa_family = AF_INET.
 		 */
-		if (addrlen < offsetofend(struct sockaddr, sa_family))
-			return -EINVAL;
 		switch (address->sa_family) {
 		case AF_INET:
 			addr4 = (struct sockaddr_in *)address;
author	Mark Brown <broonie@kernel.org>	2019-06-10 18:52:53 +0100
committer	Mark Brown <broonie@kernel.org>	2019-06-10 18:52:53 +0100
commit	4343f61103cdb8ccd6f3d5dd7168f1176a1cee37 (patch)
tree	3db0a2e099cf7feb0c2d60d2a4bf1bf10d5253db /security/selinux/hooks.c
parent	aef9752274f4045b0dab577e113da63c96832f77 (diff)
parent	d1fdb6d8f6a4109a4263176c84b899076a5f8008 (diff)