[NET]: File descriptor loss while receiving SCM_RIGHTS
authorMiklos Szeredi <miklos@szeredi.hu>
Tue, 10 Oct 2006 04:42:14 +0000 (21:42 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Thu, 12 Oct 2006 06:59:48 +0000 (23:59 -0700)
If more than one file descriptor was sent with an SCM_RIGHTS message,
and on the receiving end, after installing a nonzero (but not all)
file descritpors the process runs out of fds, then the already
installed fds will be lost (userspace will have no way of knowing
about them).

The following patch makes sure, that at least the already installed
fds are sent to userspace.  It doesn't solve the issue of losing file
descriptors in case of an EFAULT on the userspace buffer.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/compat.c
net/core/scm.c

index d5d69fa15d07a65a26975797d654813e5f055568..52d32f1bc7281c6da3276ae78a0cad1e63aa4426 100644 (file)
@@ -285,8 +285,7 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
 
        if (i > 0) {
                int cmlen = CMSG_COMPAT_LEN(i * sizeof(int));
-               if (!err)
-                       err = put_user(SOL_SOCKET, &cm->cmsg_level);
+               err = put_user(SOL_SOCKET, &cm->cmsg_level);
                if (!err)
                        err = put_user(SCM_RIGHTS, &cm->cmsg_type);
                if (!err)
index 649d01ef35b6dc4dca5f3b74b593e7f5bfc272d2..271cf060ef8c69fb79f37768972af65b5457d835 100644 (file)
@@ -245,8 +245,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
        if (i > 0)
        {
                int cmlen = CMSG_LEN(i*sizeof(int));
-               if (!err)
-                       err = put_user(SOL_SOCKET, &cm->cmsg_level);
+               err = put_user(SOL_SOCKET, &cm->cmsg_level);
                if (!err)
                        err = put_user(SCM_RIGHTS, &cm->cmsg_type);
                if (!err)