[PATCH] selinux: Fix address length checks in connect hook
This patch fixes the address length checks in the selinux_socket_connect hook to be no more restrictive than the underlying ipv4 and ipv6 code; otherwise, this hook can reject valid connect calls. This patch is in response to a bug report where an application was calling connect on an INET6 socket with an address that didn't include the optional scope id and failing due to these checks. Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov> Signed-off-by: NJames Morris <jmorris@redhat.com> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
Showing
想要评论请 注册 或 登录