diff options
Diffstat (limited to 'nscd/connections.c')
-rw-r--r-- | nscd/connections.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nscd/connections.c b/nscd/connections.c index fe33c76bcf..164fdfbc84 100644 --- a/nscd/connections.c +++ b/nscd/connections.c @@ -41,6 +41,7 @@ #include "nscd.h" #include "dbg_log.h" +#include "selinux.h" /* Number of bytes of data we initially reserve for each hash table bucket. */ @@ -592,6 +593,15 @@ cannot handle old request version %d; current version is %d"), return; } + /* Make the SELinux check before we go on to the standard checks. We + need to verify that the request type is valid, since it has not + yet been checked at this point. */ + if (selinux_enabled + && __builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME + && __builtin_expect (req->type, LASTREQ) < LASTREQ + && nscd_request_avc_has_perm (fd, req->type) != 0) + return; + struct database_dyn *db = serv2db[req->type]; if ((__builtin_expect (req->type, GETPWBYNAME) >= GETPWBYNAME |