Commit d21093c2 authored by Mitchell Blank Jr's avatar Mitchell Blank Jr Committed by David S. Miller

[NET]: Missing security_*() check in net/compat.c

While looking at the SCM passing code in net/core/scm.c I noticed that there's
a 32-bit compat implementation of scm_detach_fds()'s called 
scm_detach_fds_compat() living in net/compat.c.  While these two functions
are mostly the same the latter does not include the call to the
security_file_receive() hook which is almost certainly a bug.
Signed-off-by: default avatarMitchell Blank Jr <mitch@sfgoth.com>
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b0158ba4
...@@ -22,6 +22,7 @@ ...@@ -22,6 +22,7 @@
#include <linux/filter.h> #include <linux/filter.h>
#include <linux/compat.h> #include <linux/compat.h>
#include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/security.h>
#include <net/scm.h> #include <net/scm.h>
#include <net/sock.h> #include <net/sock.h>
...@@ -264,6 +265,9 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) ...@@ -264,6 +265,9 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
for (i = 0, cmfptr = (int __user *) CMSG_COMPAT_DATA(cm); i < fdmax; i++, cmfptr++) { for (i = 0, cmfptr = (int __user *) CMSG_COMPAT_DATA(cm); i < fdmax; i++, cmfptr++) {
int new_fd; int new_fd;
err = security_file_receive(fp[i]);
if (err)
break;
err = get_unused_fd(); err = get_unused_fd();
if (err < 0) if (err < 0)
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment