upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-18 18:20:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

sctp: propagate cap rights on sctp_peeloff

Browse source 
PR:		201052
Reviewed by:	oshogbo, tuexen
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46884

(cherry picked from commit 91a9e4e01dab7a740b8e3b7c39c59a537e71e5d2)
This commit is contained in:
Ed Maste 2024-10-03 07:54:44 -04:00
parent 4601b3e04d
commit ae3d7e27ab
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
sys/netinet/sctp_syscalls.c
View file

@ -141,13 +141,14 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap)
{
struct file *headfp, *nfp = NULL;
struct socket *head, *so;
struct filecaps fcaps;
cap_rights_t rights;
u_int fflag;
int error, fd;
AUDIT_ARG_FD(uap->sd);
error = getsock(td, uap->sd, cap_rights_init_one(&rights, CAP_PEELOFF),
&headfp);
error = getsock_cap(td, uap->sd,
cap_rights_init_one(&rights, CAP_PEELOFF), &headfp, &fcaps);
if (error != 0)
goto done2;
fflag = atomic_load_int(&headfp->f_flag);
@ -165,7 +166,7 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap)
* but that is ok.
*/
error = falloc(td, &nfp, &fd, 0);
error = falloc_caps(td, &nfp, &fd, 0, &fcaps);
if (error != 0)
goto done;
td->td_retval[0] = fd;