scm: Only support SCM_RIGHTS on unix domain sockets.

commit 76dadd76c265a0cdb5a76aa4eef03fcc9639b388 upstream.

We use scm_send and scm_recv on both unix domain and
netlink sockets, but only unix domain sockets support
everything required for file descriptor passing,
so error if someone attempts to pass file descriptors
over netlink sockets.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/net/core/scm.c b/net/core/scm.c
index b7ba91b074b33995deee5278fb54c30d100d041b..9b264634acfd6233ebfa7369cc4537638377d06d 100644 (file)
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -156,6 +156,8 @@ int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *p)
                switch (cmsg->cmsg_type)
                {
                case SCM_RIGHTS:
+                       if (!sock->ops || sock->ops->family != PF_UNIX)
+                               goto error;
                        err=scm_fp_copy(cmsg, &p->fp);
                        if (err<0)
                                goto error;