diff options
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/Makefile | 8 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 7 |
2 files changed, 13 insertions, 2 deletions
diff --git a/security/selinux/Makefile b/security/selinux/Makefile index c7161f8792b2..89c67a814566 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -19,8 +19,12 @@ ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h quiet_cmd_flask = GEN $(obj)/flask.h $(obj)/av_permissions.h - cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h + cmd_flask = $< $(obj)/flask.h $(obj)/av_permissions.h targets += flask.h av_permissions.h -$(obj)/flask.h: $(src)/include/classmap.h FORCE +# once make >= 4.3 is required, we can use grouped targets in the rule below, +# which basically involves adding both headers and a '&' before the colon, see +# the example below: +# $(obj)/flask.h $(obj)/av_permissions.h &: scripts/selinux/... +$(obj)/flask.h: scripts/selinux/genheaders/genheaders FORCE $(call if_changed,flask) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 41e24df986eb..749dbf9f2cfc 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4700,6 +4700,13 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in return -EINVAL; addr4 = (struct sockaddr_in *)address; if (family_sa == AF_UNSPEC) { + if (family == PF_INET6) { + /* Length check from inet6_bind_sk() */ + if (addrlen < SIN6_LEN_RFC2133) + return -EINVAL; + /* Family check from __inet6_bind() */ + goto err_af; + } /* see __inet_bind(), we only want to allow * AF_UNSPEC if the address is INADDR_ANY */ |