Merging upstream version 6.10.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-08-07 13:17:52 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-08-07 13:17:52 +0000
commit: 3afb00d3f86d3d924f88b56fa8285d4e9db85852 (patch)
tree: 95a985d3019522cea546b7d8df621369bc44fc6c /security/apparmor/lsm.c
parent: Adding debian version 6.9.12-1. (diff)
download: linux-3afb00d3f86d3d924f88b56fa8285d4e9db85852.tar.xz
linux-3afb00d3f86d3d924f88b56fa8285d4e9db85852.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index cef8c466af..4373b914ac 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1304,6 +1304,13 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 	if (!skb->secmark)
 		return 0;
 
+	/*
+	 * If reach here before socket_post_create hook is called, in which
+	 * case label is null, drop the packet.
+	 */
+	if (!ctx->label)
+		return -EACCES;
+
 	return apparmor_secmark_check(ctx->label, OP_RECVMSG, AA_MAY_RECEIVE,
 				      skb->secmark, sk);
 }
@@ -2064,7 +2071,6 @@ static struct ctl_table apparmor_sysctl_table[] = {
 		.mode           = 0600,
 		.proc_handler   = apparmor_dointvec,
 	},
-	{ }
 };
 
 static int __init apparmor_init_sysctl(void)
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-08-07 13:17:52 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-08-07 13:17:52 +0000
commit	3afb00d3f86d3d924f88b56fa8285d4e9db85852 (patch)
tree	95a985d3019522cea546b7d8df621369bc44fc6c /security/apparmor/lsm.c
parent	Adding debian version 6.9.12-1. (diff)
download	linux-3afb00d3f86d3d924f88b56fa8285d4e9db85852.tar.xz linux-3afb00d3f86d3d924f88b56fa8285d4e9db85852.zip