selinux: Fix a panic in selinux_netlbl_inode_permission()

commit d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02 upstream. Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission() caused by a certain sequence of SUNRPC operations. The problem appears to be due to the lack of NULL pointer checking in the function; this patch adds the pointer checks so the function will exit safely in the cases where the socket is not completely initialized. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Paul Moore <paul.moore@hp.com> 2009-02-27 15:00:03 -0500
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-03-16 17:52:57 -0700
commit: 480f51ace44e212fb825903c57d1535a9b01c1f5 (patch)
tree: 784b2535034c38aec1f36066cf441840c3fae9fd /security
parent: b4604897bc55cc5caffee43cc62e1da174b9e3e4 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 89b418392f11..81919012230a 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -236,11 +236,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
 	if (!S_ISSOCK(inode->i_mode) ||
 	    ((mask & (MAY_WRITE | MAY_APPEND)) == 0))
 		return 0;
-
 	sock = SOCKET_I(inode);
 	sk = sock->sk;
+	if (sk == NULL)
+		return 0;
 	sksec = sk->sk_security;
-	if (sksec->nlbl_state != NLBL_REQUIRE)
+	if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE)
 		return 0;
 
 	local_bh_disable();
author	Paul Moore <paul.moore@hp.com>	2009-02-27 15:00:03 -0500
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-03-16 17:52:57 -0700
commit	480f51ace44e212fb825903c57d1535a9b01c1f5 (patch)
tree	784b2535034c38aec1f36066cf441840c3fae9fd /security
parent	b4604897bc55cc5caffee43cc62e1da174b9e3e4 (diff)