[NET]: Missing security_*() check in net/compat.c

While looking at the SCM passing code in net/core/scm.c I noticed that there's
a 32-bit compat implementation of scm_detach_fds()'s called
scm_detach_fds_compat() living in net/compat.c.  While these two functions
are mostly the same the latter does not include the call to the
security_file_receive() hook which is almost certainly a bug.

Signed-off-by: Mitchell Blank Jr <mitch@sfgoth.com>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/compat.c b/net/compat.c
index 6080b6439b968474163806d8f0bfa8a4546d4c21..69524b497f01661ed314f5db81df980d59528d90 100644 (file)
--- a/net/compat.c
+++ b/net/compat.c
@@ -22,6 +22,7 @@
 #include <linux/filter.h>
 #include <linux/compat.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/security.h>
 
 #include <net/scm.h>
 #include <net/sock.h>
@@ -264,6 +265,9 @@ void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
 
        for (i = 0, cmfptr = (int __user *) CMSG_COMPAT_DATA(cm); i < fdmax; i++, cmfptr++) {
                int new_fd;
+               err = security_file_receive(fp[i]);
+               if (err)
+                       break;
                err = get_unused_fd();
                if (err < 0)
                        break;