git: ae3d7e27abc9 - stable/14 - sctp: propagate cap rights on sctp_peeloff

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Thu, 17 Oct 2024 16:29:47 UTC
The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=ae3d7e27abc98d7325d506a55af6a3ea2e028738

commit ae3d7e27abc98d7325d506a55af6a3ea2e028738
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-10-03 11:54:44 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-10-17 16:29:21 +0000

    sctp: propagate cap rights on sctp_peeloff
    
    PR:             201052
    Reviewed by:    oshogbo, tuexen
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D46884
    
    (cherry picked from commit 91a9e4e01dab7a740b8e3b7c39c59a537e71e5d2)
---
 sys/netinet/sctp_syscalls.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sys/netinet/sctp_syscalls.c b/sys/netinet/sctp_syscalls.c
index d67e260b6f99..9d85576e2592 100644
--- a/sys/netinet/sctp_syscalls.c
+++ b/sys/netinet/sctp_syscalls.c
@@ -141,13 +141,14 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap)
 {
 	struct file *headfp, *nfp = NULL;
 	struct socket *head, *so;
+	struct filecaps fcaps;
 	cap_rights_t rights;
 	u_int fflag;
 	int error, fd;
 
 	AUDIT_ARG_FD(uap->sd);
-	error = getsock(td, uap->sd, cap_rights_init_one(&rights, CAP_PEELOFF),
-	    &headfp);
+	error = getsock_cap(td, uap->sd,
+	    cap_rights_init_one(&rights, CAP_PEELOFF), &headfp, &fcaps);
 	if (error != 0)
 		goto done2;
 	fflag = atomic_load_int(&headfp->f_flag);
@@ -165,7 +166,7 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap)
 	 * but that is ok.
 	 */
 
-	error = falloc(td, &nfp, &fd, 0);
+	error = falloc_caps(td, &nfp, &fd, 0, &fcaps);
 	if (error != 0)
 		goto done;
 	td->td_retval[0] = fd;