diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -153,6 +153,7 @@ #include #include +#include #include @@ -1485,6 +1486,10 @@ sbrcv_timeo = so->so_rcv.sb_timeo; sbsnd_timeo = so->so_snd.sb_timeo; +#ifdef MAC + mac_socketpeer_label_free(so->so_peerlabel); +#endif + if (!(so->so_proto->pr_flags & PR_SOCKBUF)) { sbdestroy(so, SO_SND); sbdestroy(so, SO_RCV); @@ -4170,6 +4175,10 @@ case SO_PEERLABEL: #ifdef MAC + if (SOLISTENING(so)) { + error = EINVAL; + goto bad; + } error = sooptcopyin(sopt, &extmac, sizeof(extmac), sizeof(extmac)); if (error) diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -242,6 +242,7 @@ void mac_pipe_label_free(struct label *label); struct label *mac_socket_label_alloc(int flag); void mac_socket_label_free(struct label *label); +void mac_socketpeer_label_free(struct label *label); struct label *mac_vnode_label_alloc(void); void mac_vnode_label_free(struct label *label); diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c --- a/sys/security/mac/mac_socket.c +++ b/sys/security/mac/mac_socket.c @@ -145,6 +145,7 @@ mac_socket_init(struct socket *so, int flag) { + KASSERT(!SOLISTENING(so), ("listening socket so=%p", so)); if (mac_labeled & MPC_OBJECT_SOCKET) { so->so_label = mac_socket_label_alloc(flag); if (so->so_label == NULL) @@ -170,7 +171,7 @@ mac_labelzone_free(label); } -static void +void mac_socketpeer_label_free(struct label *label) { @@ -185,8 +186,10 @@ if (so->so_label != NULL) { mac_socket_label_free(so->so_label); so->so_label = NULL; - mac_socketpeer_label_free(so->so_peerlabel); - so->so_peerlabel = NULL; + if (!SOLISTENING(so)) { + mac_socketpeer_label_free(so->so_peerlabel); + so->so_peerlabel = NULL; + } } }