patch-2_6_7-vs1_9_1_12

[linux-2.6.git] / net / core / scm.c

diff --git a/net/core/scm.c b/net/core/scm.c
index bba5c58..3699df3 100644 (file)
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -169,7 +169,7 @@ error:
 
 int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
 {
-       struct cmsghdr *cm = (struct cmsghdr*)msg->msg_control;
+       struct cmsghdr __user *cm = (struct cmsghdr __user *)msg->msg_control;
        struct cmsghdr cmhdr;
        int cmlen = CMSG_LEN(len);
        int err;
@@ -204,16 +204,18 @@ out:
 
 void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
 {
-       struct cmsghdr *cm = (struct cmsghdr*)msg->msg_control;
+       struct cmsghdr __user *cm = (struct cmsghdr __user*)msg->msg_control;
 
        int fdmax = 0;
        int fdnum = scm->fp->count;
        struct file **fp = scm->fp->fp;
-       int *cmfptr;
+       int __user *cmfptr;
        int err = 0, i;
 
-       if (MSG_CMSG_COMPAT & msg->msg_flags)
-               return scm_detach_fds_compat(msg, scm);
+       if (MSG_CMSG_COMPAT & msg->msg_flags) {
+               scm_detach_fds_compat(msg, scm);
+               return;
+       }
 
        if (msg->msg_controllen > sizeof(struct cmsghdr))
                fdmax = ((msg->msg_controllen - sizeof(struct cmsghdr))
@@ -222,7 +224,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
        if (fdnum < fdmax)
                fdmax = fdnum;
 
-       for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
+       for (i=0, cmfptr=(int __user *)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
        {
                int new_fd;
                err = security_file_receive(fp[i]);