patches/kernel/0012-apparmor-expect-msg_namelen-0-for-recvmsg-calls.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
   3 Date: Wed, 10 Apr 2024 13:21:59 +0200
   4 Subject: [PATCH] apparmor: expect msg_namelen=0 for recvmsg calls
   5
   6 When coming from sys_recvmsg, msg->msg_namelen is explicitly set to
   7 zero early on. (see ____sys_recvmsg in net/socket.c)
   8 We still end up in 'map_addr' where the assumption is that addr !=
   9 NULL means addrlen has a valid size.
  10
  11 This is likely not a final fix, it was suggested by jjohansen on irc
  12 to get things going until this is resolved properly.
  13
  14 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  15 ---
  16  security/apparmor/af_inet.c | 2 +-
  17  1 file changed, 1 insertion(+), 1 deletion(-)
  18
  19 diff --git a/security/apparmor/af_inet.c b/security/apparmor/af_inet.c
  20 index 57b710054a76..35f905d9b960 100644
  21 --- a/security/apparmor/af_inet.c
  22 +++ b/security/apparmor/af_inet.c
  23 @@ -766,7 +766,7 @@ int aa_inet_msg_perm(const char *op, u32 request, struct socket *sock,
  24         /* do we need early bailout for !family ... */
  25         return sk_has_perm2(sock->sk, op, request, profile, ad,
  26                             map_sock_addr(sock, ADDR_LOCAL, &laddr, &ad),
  27 -                           map_addr(msg->msg_name, msg->msg_namelen, 0,
  28 +                           map_addr(msg->msg_namelen == 0 ? NULL : msg->msg_name, msg->msg_namelen, 0,
  29                                      ADDR_REMOTE, &raddr, &ad),
  30                             profile_remote_perm(profile, sock->sk, request,
  31                                                 &raddr, &laddr.maddr, &ad));