This patch moves the security_netlink_send() LSM hook after the user copy,
so that LSM modules can safely examine skb payload content. For SELinux,
we need to look at the Netlink message type.
Please apply.
Signed-off-by: James Morris <[email protected]>
net/netlink/af_netlink.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff -purN -X dontdiff linux-2.6.7-rc3.p/net/netlink/af_netlink.c linux-2.6.7-rc3.w/net/netlink/af_netlink.c
--- linux-2.6.7-rc3.p/net/netlink/af_netlink.c 2004-06-07 18:54:14.000000000 -0400
+++ linux-2.6.7-rc3.w/net/netlink/af_netlink.c 2004-06-09 10:44:25.682210736 -0400
@@ -728,14 +728,14 @@ static int netlink_sendmsg(struct kiocb
to corresponding kernel module. --ANK (980802)
*/
- err = security_netlink_send(skb);
- if (err) {
+ err = -EFAULT;
+ if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
kfree_skb(skb);
goto out;
}
- err = -EFAULT;
- if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
+ err = security_netlink_send(skb);
+ if (err) {
kfree_skb(skb);
goto out;
}