From patchwork Mon Jan 10 23:36:37 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Rosenberg X-Patchwork-Id: 78261 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 6AAB1B70D5 for ; Tue, 11 Jan 2011 10:36:52 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754586Ab1AJXgm (ORCPT ); Mon, 10 Jan 2011 18:36:42 -0500 Received: from mx1.vsecurity.com ([209.67.252.12]:54290 "EHLO mx1.vsecurity.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754554Ab1AJXgl (ORCPT ); Mon, 10 Jan 2011 18:36:41 -0500 Received: (qmail 50421 invoked from network); 10 Jan 2011 23:36:38 -0000 Received: from c-98-229-66-118.hsd1.ma.comcast.net (HELO [192.168.1.130]) (drosenbe@[98.229.66.118]) (envelope-sender ) by mx1.vsecurity.com (qmail-ldap-1.03) with SMTP for ; 10 Jan 2011 23:36:38 -0000 Subject: [PATCH] caif: don't set connection request param size before copying data From: Dan Rosenberg To: Sjur Braendeland , "David S. Miller" Cc: netdev@vger.kernel.org Date: Mon, 10 Jan 2011 18:36:37 -0500 Message-ID: <1294702597.2125.74.camel@dan> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The size field should not be set until after the data is successfully copied in. Signed-off-by: Dan Rosenberg --- net/caif/caif_socket.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index 1bf0cf5..8184c03 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -740,12 +740,12 @@ static int setsockopt(struct socket *sock, if (cf_sk->sk.sk_protocol != CAIFPROTO_UTIL) return -ENOPROTOOPT; lock_sock(&(cf_sk->sk)); - cf_sk->conn_req.param.size = ol; if (ol > sizeof(cf_sk->conn_req.param.data) || copy_from_user(&cf_sk->conn_req.param.data, ov, ol)) { release_sock(&cf_sk->sk); return -EINVAL; } + cf_sk->conn_req.param.size = ol; release_sock(&cf_sk->sk); return 0;