git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Jia-Ju Bai <baijiaju1990@gmail.com>
	Tue, 23 Jul 2019 10:00:15 +0000 (18:00 +0800)
committer	Kleber Sacilotto de Souza <kleber.souza@canonical.com>
	Wed, 16 Oct 2019 09:55:44 +0000 (11:55 +0200)
commit	d2493f291d06e50a2a9d9d70634a3e1784045473
tree	aee58899e5accb871408178426ac90ddb0e55575	tree
parent	b9603ea948a1075dc0e836a5c63bbee1cb477655	commit \| diff

security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()

BugLink: https://bugs.launchpad.net/bugs/1848274
[ Upstream commit 3f4287e7d98a2954f20bf96c567fdffcd2b63eb9 ]

In smack_socket_sock_rcv_skb(), there is an if statement
on line 3920 to check whether skb is NULL:
    if (skb && skb->secmark != 0)

This check indicates skb can be NULL in some cases.

But on lines 3931 and 3932, skb is used:
    ad.a.u.net->netif = skb->skb_iif;
    ipv6_skb_to_auditdata(skb, &ad.a, NULL);

Thus, possible null-pointer dereferences may occur when skb is NULL.

To fix these possible bugs, an if statement is added to check skb.

These bugs are found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>