/*
- * Only allow a user to send credentials, that they could set with
+ * Only allow a user to send credentials, that they could set with
* setu(g)id.
*/
if (fpl->count + num > SCM_MAX_FD)
return -EINVAL;
-
+
/*
* Verify the descriptors and increment the usage count.
*/
-
+
for (i=0; i< num; i++)
{
int fd = fdp[i];
/* The first check was omitted in <= 2.2.5. The reasoning was
that parser checks cmsg_len in any case, so that
additional check would be work duplication.
- But if cmsg_level is not SOL_SOCKET, we do not check
+ But if cmsg_level is not SOL_SOCKET, we do not check
for too short ancillary data object at all! Oops.
OK, let's add it...
*/
p->fp = NULL;
}
return 0;
-
+
error:
scm_destroy(p);
return err;
int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
{
- struct cmsghdr __user *cm = (struct cmsghdr __user *)msg->msg_control;
+ struct cmsghdr __user *cm
+ = (__force struct cmsghdr __user *)msg->msg_control;
struct cmsghdr cmhdr;
int cmlen = CMSG_LEN(len);
int err;
err = -EFAULT;
if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
- goto out;
+ goto out;
if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr)))
goto out;
cmlen = CMSG_SPACE(len);
void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
{
- struct cmsghdr __user *cm = (struct cmsghdr __user*)msg->msg_control;
+ struct cmsghdr __user *cm
+ = (__force struct cmsghdr __user*)msg->msg_control;
int fdmax = 0;
int fdnum = scm->fp->count;
if (fdnum < fdmax)
fdmax = fdnum;
- for (i=0, cmfptr=(int __user *)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
+ for (i=0, cmfptr=(__force int __user *)CMSG_DATA(cm); i<fdmax;
+ i++, cmfptr++)
{
int new_fd;
err = security_file_receive(fp[i]);
if (err)
break;
- err = get_unused_fd();
+ err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & msg->msg_flags
+ ? O_CLOEXEC : 0);
if (err < 0)
break;
new_fd = err;