select: deal with math overflow from borderline valid userland data

[linux-2.6-omap-h63xx.git] / net / core / scm.c

diff --git a/net/core/scm.c b/net/core/scm.c
index 530bee8d9ed90448ee2b406b897ada19ec11d28c..10f5c65f6a470cc914de500b43d63990e89db1b6 100644 (file)
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -24,6 +24,8 @@
 #include <linux/interrupt.h>
 #include <linux/netdevice.h>
 #include <linux/security.h>
+#include <linux/pid.h>
+#include <linux/nsproxy.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
@@ -42,7 +44,7 @@
 
 static __inline__ int scm_check_creds(struct ucred *creds)
 {
-       if ((creds->pid == current->tgid || capable(CAP_SYS_ADMIN)) &&
+       if ((creds->pid == task_tgid_vnr(current) || capable(CAP_SYS_ADMIN)) &&
            ((creds->uid == current->uid || creds->uid == current->euid ||
              creds->uid == current->suid) || capable(CAP_SETUID)) &&
            ((creds->gid == current->gid || creds->gid == current->egid ||
@@ -194,6 +196,8 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
        if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
                goto out;
        cmlen = CMSG_SPACE(len);
+       if (msg->msg_controllen < cmlen)
+               cmlen = msg->msg_controllen;
        msg->msg_control += cmlen;
        msg->msg_controllen -= cmlen;
        err = 0;