From 0178b5ec72b64bac3e6e82f48d33489b47fc6e01 Mon Sep 17 00:00:00 2001 From: Ivan Skytte Jorgensen Date: Fri, 28 Oct 2005 15:39:02 -0700 Subject: [PATCH] --- yaml --- r: 10743 b: refs/heads/master c: 64a0c1c81e300f0f56f26604c81040784e3717f0 h: refs/heads/master i: 10741: 29c1ebd0b998ec8822d04899902d84411b44e2c6 10739: 3922525eca9cee2beacfc9855db8fabbe94bcd4a 10735: b4474c52e5ef6880617c2f15b3535f4c4dc8c586 v: v3 --- [refs] | 2 +- trunk/net/sctp/socket.c | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/[refs] b/[refs] index 92e222ced146..bc60b020a05c 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 96a339985d4c6874d32909e8f1903e6e6c141399 +refs/heads/master: 64a0c1c81e300f0f56f26604c81040784e3717f0 diff --git a/trunk/net/sctp/socket.c b/trunk/net/sctp/socket.c index 97b556c1c450..b529af5e6f2a 100644 --- a/trunk/net/sctp/socket.c +++ b/trunk/net/sctp/socket.c @@ -1010,6 +1010,19 @@ static int __sctp_connect(struct sock* sk, err = -EAGAIN; goto out_free; } + } else { + /* + * If an unprivileged user inherits a 1-many + * style socket with open associations on a + * privileged port, it MAY be permitted to + * accept new associations, but it SHOULD NOT + * be permitted to open new associations. + */ + if (ep->base.bind_addr.port < PROT_SOCK && + !capable(CAP_NET_BIND_SERVICE)) { + err = -EACCES; + goto out_free; + } } scope = sctp_scope(&to); @@ -1515,6 +1528,19 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, err = -EAGAIN; goto out_unlock; } + } else { + /* + * If an unprivileged user inherits a one-to-many + * style socket with open associations on a privileged + * port, it MAY be permitted to accept new associations, + * but it SHOULD NOT be permitted to open new + * associations. + */ + if (ep->base.bind_addr.port < PROT_SOCK && + !capable(CAP_NET_BIND_SERVICE)) { + err = -EACCES; + goto out_unlock; + } } scope = sctp_scope(&to);