diff for duplicates of <1486391408.2529.1.camel@btinternet.com> diff --git a/a/1.txt b/N1/1.txt index 3b35943..6c4b87e 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,7 +1,8 @@ On Wed, 2016-12-21 at 14:09 -0200, Marcelo Ricardo Leitner wrote: > On Wed, Dec 14, 2016 at 01:39:59PM +0000, Richard Haines wrote: > > +SCTP Socket Option Permissions -> > +===============> > +The permissions consist of: "bindx_add" "bindx_rem" "connectx" +> > +=============================== +> > +The permissions consist of: "bindx_add" "bindx_rem" "connectx" > > "set_addr" and > > +"set_params" that are validated on setsockopt(2) calls, and > > "peeloff" that is @@ -174,7 +175,7 @@ can be verified. > > + * security_sk_setsockopt() calls. > > + */ > > + err = sock_has_perm(current, sk, -> > + (optname = SCTP_SOCKOPT_BINDX_ADD ? +> > + (optname == SCTP_SOCKOPT_BINDX_ADD ? > > + SCTP_SOCKET__BINDX_ADD : > > + SCTP_SOCKET__CONNECTX)); > > + if (err) @@ -201,10 +202,10 @@ can be verified. > > + } > > + > > + err = -EINVAL; -> > + if (optname = SCTP_SOCKOPT_BINDX_ADD) { +> > + if (optname == SCTP_SOCKOPT_BINDX_ADD) { > > + err = selinux_socket_bind(sock, > > + address, addrlen); -> > + } else if (optname = +> > + } else if (optname == > > SCTP_SOCKOPT_CONNECTX) { > > + err = selinux_socket_connect(sock, > > + address, addrlen); diff --git a/a/content_digest b/N1/content_digest index 607e1f4..ecab2df 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -12,7 +12,8 @@ "On Wed, 2016-12-21 at 14:09 -0200, Marcelo Ricardo Leitner wrote:\n" "> On Wed, Dec 14, 2016 at 01:39:59PM +0000, Richard Haines wrote:\n" "> > +SCTP Socket Option Permissions\n" - "> > +===============> > +The permissions consist of: \"bindx_add\" \"bindx_rem\" \"connectx\"\n" + "> > +===============================\n" + "> > +The permissions consist of: \"bindx_add\" \"bindx_rem\" \"connectx\"\n" "> > \"set_addr\" and\n" "> > +\"set_params\" that are validated on setsockopt(2) calls, and\n" "> > \"peeloff\" that is\n" @@ -185,7 +186,7 @@ "> > +\t\t\302\240* security_sk_setsockopt() calls.\n" "> > +\t\t\302\240*/\n" "> > +\t\terr = sock_has_perm(current, sk,\n" - "> > +\t\t\t\302\240\302\240\302\240\302\240(optname = SCTP_SOCKOPT_BINDX_ADD ?\n" + "> > +\t\t\t\302\240\302\240\302\240\302\240(optname == SCTP_SOCKOPT_BINDX_ADD ?\n" "> > +\t\t\t\302\240\302\240\302\240\302\240\302\240SCTP_SOCKET__BINDX_ADD :\n" "> > +\t\t\t\302\240\302\240\302\240\302\240\302\240SCTP_SOCKET__CONNECTX));\n" "> > +\t\tif (err)\n" @@ -212,10 +213,10 @@ "> > +\t\t\t}\n" "> > +\n" "> > +\t\t\terr = -EINVAL;\n" - "> > +\t\t\tif (optname = SCTP_SOCKOPT_BINDX_ADD) {\n" + "> > +\t\t\tif (optname == SCTP_SOCKOPT_BINDX_ADD) {\n" "> > +\t\t\t\terr = selinux_socket_bind(sock,\n" "> > +\t\t\t\t\t\302\240\302\240\302\240\302\240address, addrlen);\n" - "> > +\t\t\t} else if (optname =\n" + "> > +\t\t\t} else if (optname ==\n" "> > SCTP_SOCKOPT_CONNECTX) {\n" "> > +\t\t\t\terr = selinux_socket_connect(sock,\n" "> > +\t\t\t\t\t\302\240\302\240\302\240\302\240address, addrlen);\n" @@ -267,4 +268,4 @@ "> \n" > -9b6505cd5548571d33f17d582600a8ea49b2f0d59d0bbcb2b81aea9b00092aab +2eea315c70083a91b401352f4d917a371ea6c6da6f674b8f63e03479217fd372
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.