int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
{
- struct cmsghdr *cm = (struct cmsghdr*)msg->msg_control;
+ struct cmsghdr __user *cm = (struct cmsghdr __user *)msg->msg_control;
struct cmsghdr cmhdr;
int cmlen = CMSG_LEN(len);
int err;
void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
{
- struct cmsghdr *cm = (struct cmsghdr*)msg->msg_control;
+ struct cmsghdr __user *cm = (struct cmsghdr __user*)msg->msg_control;
int fdmax = 0;
int fdnum = scm->fp->count;
struct file **fp = scm->fp->fp;
- int *cmfptr;
+ int __user *cmfptr;
int err = 0, i;
- if (MSG_CMSG_COMPAT & msg->msg_flags)
- return scm_detach_fds_compat(msg, scm);
+ if (MSG_CMSG_COMPAT & msg->msg_flags) {
+ scm_detach_fds_compat(msg, scm);
+ return;
+ }
if (msg->msg_controllen > sizeof(struct cmsghdr))
fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr))
if (fdnum < fdmax)
fdmax = fdnum;
- for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
+ for (i=0, cmfptr=(int __user *)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
{
int new_fd;
err = security_file_receive(fp[i]);