diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2011-11-14 18:56:38 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2012-05-03 06:27:21 -0400 |
commit | ae2975bc3476243b45a1e2344236d7920c268f38 (patch) | |
tree | e4b2a8472f6047734b6e7e2bdc994375b2790323 /net/ipv4 | |
parent | 22d917d80e842829d0ca0a561967d728eb1d6303 (diff) |
userns: Convert group_info values from gid_t to kgid_t.
As a first step to converting struct cred to be all kuid_t and kgid_t
values convert the group values stored in group_info to always be
kgid_t values. Unless user namespaces are used this change should
have no effect.
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/ping.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index 50009c787bcd..9d3044ff45b9 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c | |||
@@ -205,17 +205,22 @@ static int ping_init_sock(struct sock *sk) | |||
205 | gid_t range[2]; | 205 | gid_t range[2]; |
206 | struct group_info *group_info = get_current_groups(); | 206 | struct group_info *group_info = get_current_groups(); |
207 | int i, j, count = group_info->ngroups; | 207 | int i, j, count = group_info->ngroups; |
208 | kgid_t low, high; | ||
208 | 209 | ||
209 | inet_get_ping_group_range_net(net, range, range+1); | 210 | inet_get_ping_group_range_net(net, range, range+1); |
211 | low = make_kgid(&init_user_ns, range[0]); | ||
212 | high = make_kgid(&init_user_ns, range[1]); | ||
213 | if (!gid_valid(low) || !gid_valid(high) || gid_lt(high, low)) | ||
214 | return -EACCES; | ||
215 | |||
210 | if (range[0] <= group && group <= range[1]) | 216 | if (range[0] <= group && group <= range[1]) |
211 | return 0; | 217 | return 0; |
212 | 218 | ||
213 | for (i = 0; i < group_info->nblocks; i++) { | 219 | for (i = 0; i < group_info->nblocks; i++) { |
214 | int cp_count = min_t(int, NGROUPS_PER_BLOCK, count); | 220 | int cp_count = min_t(int, NGROUPS_PER_BLOCK, count); |
215 | |||
216 | for (j = 0; j < cp_count; j++) { | 221 | for (j = 0; j < cp_count; j++) { |
217 | group = group_info->blocks[i][j]; | 222 | kgid_t gid = group_info->blocks[i][j]; |
218 | if (range[0] <= group && group <= range[1]) | 223 | if (gid_lte(low, gid) && gid_lte(gid, high)) |
219 | return 0; | 224 | return 0; |
220 | } | 225 | } |
221 | 226 | ||