diff options
author | David Herrmann <dh.herrmann@gmail.com> | 2016-02-02 18:17:54 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-02-07 14:06:26 -0500 |
commit | 3575dbf2cbbc8e598f17ec441aed526dbea0e1bd (patch) | |
tree | 8dac5377390bc6c58d30abf40b2eeb51573549a5 | |
parent | 67eb03318bc5fe170ae832423fda7a23b0d801cf (diff) | |
download | linux-3575dbf2cbbc8e598f17ec441aed526dbea0e1bd.tar.bz2 |
net: drop write-only stack variable
Remove a write-only stack variable from unix_attach_fds(). This is a
left-over from the security fix in:
commit 712f4aad406bb1ed67f3f98d04c044191f0ff593
Author: willy tarreau <w@1wt.eu>
Date: Sun Jan 10 07:54:56 2016 +0100
unix: properly account for FDs passed over unix sockets
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/unix/af_unix.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 49d5093eb055..b3745557fc89 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1534,7 +1534,6 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) { int i; unsigned char max_level = 0; - int unix_sock_count = 0; if (too_many_unix_fds(current)) return -ETOOMANYREFS; @@ -1542,11 +1541,9 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb) for (i = scm->fp->count - 1; i >= 0; i--) { struct sock *sk = unix_get_socket(scm->fp->fp[i]); - if (sk) { - unix_sock_count++; + if (sk) max_level = max(max_level, unix_sk(sk)->recursion_level); - } } if (unlikely(max_level > MAX_RECURSION_LEVEL)) return -ETOOMANYREFS; |