Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-05-17 06:54:10 +0200
committerJiri Slaby <jslaby@suse.cz>2019-05-17 06:54:11 +0200
commite62ec67e56f792cdb534d6246468ff838a3a7a15 (patch)
treed76caaf033ddded207fd85981e5c3728771d9943
parent8bbc2834c6f2928a8477e2a035d9402cf581202f (diff)
Revert "selinux: do not report error on connect(AF_UNSPEC)"
(git-fixes). suse-commit: 3d34296dc1f9a3ba054dcae53ad6c109b42364ad
-rw-r--r--security/selinux/hooks.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 28bff30c2f15..1d0b37af2444 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4572,7 +4572,7 @@ static int selinux_socket_connect_helper(struct socket *sock,
struct lsm_network_audit net = {0,};
struct sockaddr_in *addr4 = NULL;
struct sockaddr_in6 *addr6 = NULL;
- unsigned short snum = 0;
+ unsigned short snum;
u32 sid, perm;
/* sctp_connectx(3) calls via selinux_sctp_bind_connect()
@@ -4595,12 +4595,12 @@ static int selinux_socket_connect_helper(struct socket *sock,
break;
default:
/* Note that SCTP services expect -EINVAL, whereas
- * others must handle this at the protocol level:
- * connect(AF_UNSPEC) on a connected socket is
- * a documented way disconnect the socket.
+ * others expect -EAFNOSUPPORT.
*/
if (sksec->sclass == SECCLASS_SCTP_SOCKET)
return -EINVAL;
+ else
+ return -EAFNOSUPPORT;
}
err = sel_netport_sid(sk->sk_protocol, snum, &sid);