diff options
Diffstat (limited to 'net/core/scm.c')
| -rw-r--r-- | net/core/scm.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/core/scm.c b/net/core/scm.c index 413cab89017d..4c1ef026d695 100644 --- a/net/core/scm.c +++ b/net/core/scm.c | |||
| @@ -79,10 +79,11 @@ static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) | |||
| 79 | return -ENOMEM; | 79 | return -ENOMEM; |
| 80 | *fplp = fpl; | 80 | *fplp = fpl; |
| 81 | fpl->count = 0; | 81 | fpl->count = 0; |
| 82 | fpl->max = SCM_MAX_FD; | ||
| 82 | } | 83 | } |
| 83 | fpp = &fpl->fp[fpl->count]; | 84 | fpp = &fpl->fp[fpl->count]; |
| 84 | 85 | ||
| 85 | if (fpl->count + num > SCM_MAX_FD) | 86 | if (fpl->count + num > fpl->max) |
| 86 | return -EINVAL; | 87 | return -EINVAL; |
| 87 | 88 | ||
| 88 | /* | 89 | /* |
| @@ -94,7 +95,7 @@ static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp) | |||
| 94 | int fd = fdp[i]; | 95 | int fd = fdp[i]; |
| 95 | struct file *file; | 96 | struct file *file; |
| 96 | 97 | ||
| 97 | if (fd < 0 || !(file = fget(fd))) | 98 | if (fd < 0 || !(file = fget_raw(fd))) |
| 98 | return -EBADF; | 99 | return -EBADF; |
| 99 | *fpp++ = file; | 100 | *fpp++ = file; |
| 100 | fpl->count++; | 101 | fpl->count++; |
| @@ -331,11 +332,12 @@ struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl) | |||
| 331 | if (!fpl) | 332 | if (!fpl) |
| 332 | return NULL; | 333 | return NULL; |
| 333 | 334 | ||
| 334 | new_fpl = kmalloc(sizeof(*fpl), GFP_KERNEL); | 335 | new_fpl = kmemdup(fpl, offsetof(struct scm_fp_list, fp[fpl->count]), |
| 336 | GFP_KERNEL); | ||
| 335 | if (new_fpl) { | 337 | if (new_fpl) { |
| 336 | for (i=fpl->count-1; i>=0; i--) | 338 | for (i = 0; i < fpl->count; i++) |
| 337 | get_file(fpl->fp[i]); | 339 | get_file(fpl->fp[i]); |
| 338 | memcpy(new_fpl, fpl, sizeof(*fpl)); | 340 | new_fpl->max = new_fpl->count; |
| 339 | } | 341 | } |
| 340 | return new_fpl; | 342 | return new_fpl; |
| 341 | } | 343 | } |