bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-05 23:05:25 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
e4d82cbce2258f454634307fdabf33aa46b61ab0
linux/security/landlock
History
Matthieu Buffet e4d82cbce2 landlock: Fix TCP handling of short AF_UNSPEC addresses 
current_check_access_socket() treats AF_UNSPEC addresses as
AF_INET ones, and only later adds special case handling to
allow connect(AF_UNSPEC), and on IPv4 sockets
bind(AF_UNSPEC+INADDR_ANY).
This would be fine except AF_UNSPEC addresses can be as
short as a bare AF_UNSPEC sa_family_t field, and nothing
more. The AF_INET code path incorrectly enforces a length of
sizeof(struct sockaddr_in) instead.

Move AF_UNSPEC edge case handling up inside the switch-case,
before the address is (potentially incorrectly) treated as
AF_INET.

Fixes: fff69fb03d ("landlock: Support network rules with TCP bind and connect")
Signed-off-by: Matthieu Buffet <matthieu@buffet.re>
Link: https://lore.kernel.org/r/20251027190726.626244-4-matthieu@buffet.re
Signed-off-by: Mickaël Salaün <mic@digikod.net>
2025-12-26 20:38:56 +01:00
..
errata
landlock: Fix handling of disconnected directories
2025-11-28 18:27:04 +01:00
.kunitconfig
landlock: Add unique ID generator
2025-03-26 13:59:34 +01:00
access.h
landlock: Log truncate and IOCTL denials
2025-03-26 13:59:41 +01:00
audit.c
landlock: Improve bit operations in audit code
2025-05-12 11:38:53 +02:00
audit.h
landlock: Log scoped denials
2025-03-26 13:59:42 +01:00
common.h
landlock: Add support for KUnit tests
2024-02-27 11:21:45 +01:00
cred.c
landlock: Identify domain execution crossing
2025-03-26 13:59:37 +01:00
cred.h
landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
2025-03-26 13:59:43 +01:00
domain.c
landlock: Log the TGID of the domain creator
2025-04-11 12:53:17 +02:00
domain.h
landlock: Remove incorrect warning
2025-04-08 19:18:20 +02:00
errata.h
landlock: Prepare to add second errata
2025-03-21 12:12:21 +01:00
fs.c
landlock: Fix formatting
2025-12-26 20:38:53 +01:00
fs.h
landlock: Log scoped denials
2025-03-26 13:59:42 +01:00
id.c
landlock: Fix warning from KUnit tests
2025-06-27 10:10:37 +02:00
id.h
landlock: Add unique ID generator
2025-03-26 13:59:34 +01:00
Kconfig
landlock: Add support for KUnit tests
2024-02-27 11:21:45 +01:00
limits.h
landlock: Add LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
2025-03-26 13:59:43 +01:00
Makefile
landlock: Add AUDIT_LANDLOCK_ACCESS and log ptrace denials
2025-03-26 13:59:38 +01:00
net.c
landlock: Fix TCP handling of short AF_UNSPEC addresses
2025-12-26 20:38:56 +01:00
net.h
landlock: Support network rules with TCP bind and connect
2023-10-26 21:07:15 +02:00
object.c
landlock: Format with clang-format
2022-05-09 12:31:10 +02:00
object.h
landlock: Format with clang-format
2022-05-09 12:31:10 +02:00
ruleset.c
landlock: Minor comments improvements
2025-11-26 20:20:21 +01:00
ruleset.h
landlock: Minor comments improvements
2025-11-26 20:20:21 +01:00
setup.c
lsm: replace the name field with a pointer to the lsm_id struct
2025-10-22 19:24:18 -04:00
setup.h
landlock: Add the errata interface
2025-03-21 12:12:19 +01:00
syscalls.c
landlock: opened file never has a negative dentry
2025-06-17 18:03:57 -04:00
task.c
landlock: Log scoped denials
2025-03-26 13:59:42 +01:00
task.h
landlock: Rename "ptrace" files to "task"
2024-03-08 18:22:16 +01:00