git.openpandora.org / pandora-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
[pandora-kernel.git] / crypto / af_alg.c
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 0ca108f..68ec1ac 100644 (file)
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -76,6 +76,8 @@ int af_alg_register_type(const struct af_alg_type *type)
                goto unlock;
 
        type->ops->owner = THIS_MODULE;
+       if (type->ops_nokey)
+               type->ops_nokey->owner = THIS_MODULE;
        node->type = type;
        list_add(&node->list, &alg_types);
        err = 0;
@@ -128,13 +130,16 @@ EXPORT_SYMBOL_GPL(af_alg_release);
 void af_alg_release_parent(struct sock *sk)
 {
        struct alg_sock *ask = alg_sk(sk);
-       bool last;
+       unsigned int nokey = ask->nokey_refcnt;
+       bool last = nokey && !ask->refcnt;
 
        sk = ask->parent;
        ask = alg_sk(sk);
 
        lock_sock(sk);
-       last = !--ask->refcnt;
+       ask->nokey_refcnt -= nokey;
+       if (!last)
+               last = !--ask->refcnt;
        release_sock(sk);
 
        if (last)
@@ -177,7 +182,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 
        err = -EBUSY;
        lock_sock(sk);
-       if (ask->refcnt)
+       if (ask->refcnt | ask->nokey_refcnt)
                goto unlock;
 
        swap(ask->type, type);
@@ -256,6 +261,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
        struct alg_sock *ask = alg_sk(sk);
        const struct af_alg_type *type;
        struct sock *sk2;
+       unsigned int nokey;
        int err;
 
        lock_sock(sk);
@@ -275,19 +281,29 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
        security_sk_clone(sk, sk2);
 
        err = type->accept(ask->private, sk2);
+
+       nokey = err == -ENOKEY;
+       if (nokey && type->accept_nokey)
+               err = type->accept_nokey(ask->private, sk2);
+
        if (err)
                goto unlock;
 
        sk2->sk_family = PF_ALG;
 
-       if (!ask->refcnt++)
+       if (nokey || !ask->refcnt++)
                sock_hold(sk);
+       ask->nokey_refcnt += nokey;
        alg_sk(sk2)->parent = sk;
        alg_sk(sk2)->type = type;
+       alg_sk(sk2)->nokey_refcnt = nokey;
 
        newsock->ops = type->ops;
        newsock->state = SS_CONNECTED;
 
+       if (nokey)
+               newsock->ops = type->ops_nokey;
+
        err = 0;
 
 unlock:
Pandora Kernel Repository