Smack: Safer check for a socket in file_receive

The check of S_ISSOCK() in smack_file_receive() is not appropriate if the passed descriptor is a socket. Reported-by: Stephen Smalley <sds@tyco.nsa.gov> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2017-05-31 08:53:42 -0700
committer: Casey Schaufler <casey@schaufler-ca.com> 2017-06-01 09:27:12 -0700
commit: 51d59af26fe81967e0d7ec92bd9381d3b26434f3 (patch)
tree: d43e2610710a1f4c82283120df19fe593ed77de0 /security/smack
parent: e661a58279132da0127c67705e59d12f6027858d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 658f5d8c7e76..463af86812c7 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1915,7 +1915,7 @@ static int smack_file_receive(struct file *file)
 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
 	smk_ad_setfield_u_fs_path(&ad, file->f_path);
 
-	if (S_ISSOCK(inode->i_mode)) {
+	if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
 		sock = SOCKET_I(inode);
 		ssp = sock->sk->sk_security;
 		tsp = current_security();
author	Casey Schaufler <casey@schaufler-ca.com>	2017-05-31 08:53:42 -0700
committer	Casey Schaufler <casey@schaufler-ca.com>	2017-06-01 09:27:12 -0700
commit	51d59af26fe81967e0d7ec92bd9381d3b26434f3 (patch)
tree	d43e2610710a1f4c82283120df19fe593ed77de0 /security/smack
parent	e661a58279132da0127c67705e59d12f6027858d (diff)