Message ID | 1294702597.2125.74.camel@dan |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Dan Rosenberg <drosenberg@vsecurity.com> Date: Mon, 10 Jan 2011 18:36:37 -0500 > The size field should not be set until after the data is successfully > copied in. > > Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 1bf0cf5..8184c03 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -740,12 +740,12 @@ static int setsockopt(struct socket *sock, if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL) return -ENOPROTOOPT; lock_sock(&(cf_sk->sk)); - cf_sk->conn_req.param.size = ol; if (ol > sizeof(cf_sk->conn_req.param.data) || copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) { release_sock(&cf_sk->sk); return -EINVAL; } + cf_sk->conn_req.param.size = ol; release_sock(&cf_sk->sk); return 0;
The size field should not be set until after the data is successfully copied in. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> --- net/caif/caif_socket.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html