diff options
| author | Mitchell Blank Jr. <mitch@sfgoth.com> | 2004-11-29 21:17:23 -0800 |
|---|---|---|
| committer | David S. Miller <davem@nuts.davemloft.net> | 2004-11-29 21:17:23 -0800 |
| commit | d21093c2d5b8d2663c7ae10499119b7cc2ae0308 (patch) | |
| tree | 1e9e6b153f80464574c551c791c69297772c6d97 | |
| parent | b0158ba46ca20d6eb09ec6fa9d3edf527b7fc0cb (diff) | |
[NET]: Missing security_*() check in net/compat.c
While looking at the SCM passing code in net/core/scm.c I noticed that there's
a 32-bit compat implementation of scm_detach_fds()'s called
scm_detach_fds_compat() living in net/compat.c. While these two functions
are mostly the same the latter does not include the call to the
security_file_receive() hook which is almost certainly a bug.
Signed-off-by: Mitchell Blank Jr <mitch@sfgoth.com>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/compat.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/compat.c b/net/compat.c index 6080b6439b96..69524b497f01 100644 --- a/net/compat.c +++ b/net/compat.c @@ -22,6 +22,7 @@ #include <linux/filter.h> #include <linux/compat.h> #include <linux/netfilter_ipv4/ip_tables.h> +#include <linux/security.h> #include <net/scm.h> #include <net/sock.h> @@ -264,6 +265,9 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) for (i = 0, cmfptr = (int __user *) CMSG_COMPAT_DATA(cm); i < fdmax; i++, cmfptr++) { int new_fd; + err = security_file_receive(fp[i]); + if (err) + break; err = get_unused_fd(); if (err < 0) break; |