summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-05-13 15:15:00 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2019-05-13 15:15:00 -0700
commita3958f5e13e23f6e68c3cc1210639f63728a950f (patch)
treec88df779ca89ef1ba3d8f533f15f3e53166b178b /security
parentd4c608115c6203efbab14befab90a6d1b61177d8 (diff)
parentd4c26eb6e721683a0f93e346ce55bc8dc3cbb175 (diff)
downloadlinux-a3958f5e13e23f6e68c3cc1210639f63728a950f.tar.gz
linux-a3958f5e13e23f6e68c3cc1210639f63728a950f.tar.bz2
linux-a3958f5e13e23f6e68c3cc1210639f63728a950f.zip
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: "Fixes all over: 1) Netdev refcnt leak in nf_flow_table, from Taehee Yoo. 2) Fix RCU usage in nf_tables, from Florian Westphal. 3) Fix DSA build when NET_DSA_TAG_BRCM_PREPEND is not set, from Yue Haibing. 4) Add missing page read/write ops to realtek driver, from Heiner Kallweit. 5) Endianness fix in qrtr code, from Nicholas Mc Guire. 6) Fix various bugs in DSA_SKB_* macros, from Vladimir Oltean. 7) Several BPF documentation cures, from Quentin Monnet. 8) Fix undefined behavior in narrow load handling of BPF verifier, from Krzesimir Nowak. 9) DMA ops crash in SGI Seeq driver due to not set netdev parent device pointer, from Thomas Bogendoerfer. 10) Flow dissector has to disable preemption when invoking BPF program, from Eric Dumazet" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (48 commits) net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering net: ethernet: ti: netcp_ethss: fix build flow_dissector: disable preemption around BPF calls bonding: fix arp_validate toggling in active-backup mode net: meson: fixup g12a glue ephy id net: phy: realtek: Replace phy functions with non-locked version in rtl8211e_config_init() net: seeq: fix crash caused by not set dev.parent of_net: Fix missing of_find_device_by_node ref count drop net: mvpp2: cls: Add missing NETIF_F_NTUPLE flag bpf: fix undefined behavior in narrow load handling libbpf: detect supported kernel BTF features and sanitize BTF selftests: bpf: Add files generated after build to .gitignore tools: bpf: synchronise BPF UAPI header with tools bpf: fix minor issues in documentation for BPF helpers. bpf: fix recurring typo in documentation for BPF helpers bpf: fix script for generating man page on BPF helpers bpf: add various test cases for backward jumps net: dccp : proto: remove Unneeded variable "err" net: dsa: Remove the now unused DSA_SKB_CB_COPY() macro net: dsa: Remove dangerous DSA_SKB_CLONE() macro ...
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d82b87c16b0a..c61787b15f27 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4649,7 +4649,7 @@ static int selinux_socket_connect_helper(struct socket *sock,
struct lsm_network_audit net = {0,};
struct sockaddr_in *addr4 = NULL;
struct sockaddr_in6 *addr6 = NULL;
- unsigned short snum = 0;
+ unsigned short snum;
u32 sid, perm;
/* sctp_connectx(3) calls via selinux_sctp_bind_connect()
@@ -4674,12 +4674,12 @@ static int selinux_socket_connect_helper(struct socket *sock,
break;
default:
/* Note that SCTP services expect -EINVAL, whereas
- * others must handle this at the protocol level:
- * connect(AF_UNSPEC) on a connected socket is
- * a documented way disconnect the socket.
+ * others expect -EAFNOSUPPORT.
*/
if (sksec->sclass == SECCLASS_SCTP_SOCKET)
return -EINVAL;
+ else
+ return -EAFNOSUPPORT;
}
err = sel_netport_sid(sk->sk_protocol, snum, &sid);