Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3700187ybv; Mon, 10 Feb 2020 04:58:21 -0800 (PST) X-Google-Smtp-Source: APXvYqySJQlbKmw9VEz1uU4AzO4jllOz0DiLdLLpJX62qIYiB3h/yWbAyZQX4hRD5+vI1N7McDj2 X-Received: by 2002:a9d:7999:: with SMTP id h25mr941050otm.347.1581339501358; Mon, 10 Feb 2020 04:58:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581339501; cv=none; d=google.com; s=arc-20160816; b=YLv5O+Dad86Yh2kxpS4OIdKgZ8ISLL5VhPU1LpCh+Jp7ntkA/eum4oxZMgw/fc8SGg 6qk6LOW5Mo9L/Rt0P+3Wug7d3DgT9VvJY1lLYSHqoM1BmY4lXj+DlrLTnRFc6NmgoFub t6hn+zvY1glLpjoV5VO85o2k6xoVpqY3p7iolDHHF1cx9AkB2qOkDm5qGRbwajm6NdQT yQuAtidUlcm42ChT2siRFPKtL5KA1CkAhaveeB6HYDXzgQQlsiwBVdYpAj/MFi73Q77c xj/KWVrSumigJvF+tkik4RnjJrhp55cuzcq8KyMfR5pSNaSZ1O8hc5agQI3KsJppTmvA NHZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=LB3mQsZSMOn7eNWqQiKate/JPB5o65E1ynbmSDEXibM=; b=j6JMic1eIwn9ePrO0vwm3Wq8xF1bCvtaap4CQIfPibFFVx9/z7gaeKrVXLbQHyZASO oQqzZULQyMKyzrZObzrxYevP3n7cI/gEZjhAonJkYmO2tCMmIebD6CNgMVPgymjRfSiW DqUjfwM921/Ho/hDucCToYEGx23cDAHEy8G+dzs+I3rCPhERGxr3VYwhNWfcezKo34mF KwwfazTNsvb+DB8MoPESk5NDdoRsLv01oy9O/ggsiUBf7y72CeTEaNiqCGAwRBs8AVpK LWNgIWsBCsVFsivleGU2DuDUZvmLN6GpRdmy2x7SXRSpGzl+qdcSuUb422tTxb1FDI04 F+hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MIQJqyu2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f4si143151oto.169.2020.02.10.04.58.09; Mon, 10 Feb 2020 04:58:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=MIQJqyu2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727422AbgBJM5K (ORCPT + 99 others); Mon, 10 Feb 2020 07:57:10 -0500 Received: from mail.kernel.org ([198.145.29.99]:43994 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730009AbgBJMlc (ORCPT ); Mon, 10 Feb 2020 07:41:32 -0500 Received: from localhost (unknown [209.37.97.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DD48E20733; Mon, 10 Feb 2020 12:41:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581338492; bh=MwVZA0bWr2W2YVauC7MtLgdZAa1xZxjPpV7KNM14dlA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MIQJqyu2iLek3hhlrDYfM1HG0UujkW612ojfAyiF9ieQUSTTux9O8+G+l1//m0cEv lLYZdfgxf368BkopRdmsDEb/kjNPN1PvScaPt4grYLCou2ym13o3C1RRTzNGiK8jCd toqSS/cxzNgu353t08GduO7l9DXAvXdW8T9ZoTGI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Ahern , Tetsuo Handa , Casey Schaufler Subject: [PATCH 5.5 277/367] broken ping to ipv6 linklocal addresses on debian buster Date: Mon, 10 Feb 2020 04:33:10 -0800 Message-Id: <20200210122449.705929325@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200210122423.695146547@linuxfoundation.org> References: <20200210122423.695146547@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Casey Schaufler commit 87fbfffcc89b92a4281b0aa53bd06af714087889 upstream. I am seeing ping failures to IPv6 linklocal addresses with Debian buster. Easiest example to reproduce is: $ ping -c1 -w1 ff02::1%eth1 connect: Invalid argument $ ping -c1 -w1 ff02::1%eth1 PING ff02::01%eth1(ff02::1%eth1) 56 data bytes 64 bytes from fe80::e0:f9ff:fe0c:37%eth1: icmp_seq=1 ttl=64 time=0.059 ms git bisect traced the failure to commit b9ef5513c99b ("smack: Check address length before reading address family") Arguably ping is being stupid since the buster version is not setting the address family properly (ping on stretch for example does): $ strace -e connect ping6 -c1 -w1 ff02::1%eth1 connect(5, {sa_family=AF_UNSPEC, sa_data="\4\1\0\0\0\0\377\2\0\0\0\0\0\0\0\0\0\0\0\0\0\1\3\0\0\0"}, 28) = -1 EINVAL (Invalid argument) but the command works fine on kernels prior to this commit, so this is breakage which goes against the Linux paradigm of "don't break userspace" Cc: stable@vger.kernel.org Reported-by: David Ahern Suggested-by: Tetsuo Handa Signed-off-by: Casey Schaufler Signed-off-by: Greg Kroah-Hartman  security/smack/smack_lsm.c | 41 +++++++++++++++++++---------------------- security/smack/smack_lsm.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2831,42 +2831,39 @@ static int smack_socket_connect(struct s int addrlen) { int rc = 0; -#if IS_ENABLED(CONFIG_IPV6) - struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; -#endif -#ifdef SMACK_IPV6_SECMARK_LABELING - struct smack_known *rsp; - struct socket_smack *ssp; -#endif if (sock->sk == NULL) return 0; - + if (sock->sk->sk_family != PF_INET && + (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) + return 0; + if (addrlen < offsetofend(struct sockaddr, sa_family)) + return 0; + if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { + struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; #ifdef SMACK_IPV6_SECMARK_LABELING - ssp = sock->sk->sk_security; + struct smack_known *rsp; #endif - switch (sock->sk->sk_family) { - case PF_INET: - if (addrlen < sizeof(struct sockaddr_in) || - sap->sa_family != AF_INET) - return -EINVAL; - rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); - break; - case PF_INET6: - if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6) - return -EINVAL; + if (addrlen < SIN6_LEN_RFC2133) + return 0; #ifdef SMACK_IPV6_SECMARK_LABELING rsp = smack_ipv6host_label(sip); - if (rsp != NULL) + if (rsp != NULL) { + struct socket_smack *ssp = sock->sk->sk_security; + rc = smk_ipv6_check(ssp->smk_out, rsp, sip, - SMK_CONNECTING); + SMK_CONNECTING); + } #endif #ifdef SMACK_IPV6_PORT_LABELING rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); #endif - break; + return rc; } + if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) + return 0; + rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); return rc; }