Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix breakage in sctp getsockopt

Browse source 
copy_to_user() into on-stack array

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Al Viro 2007-10-14 19:21:20 +01:00 committed by Linus Torvalds
parent 47063d6b11
commit 411223c01a
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
net/sctp/socket.c
View file

@ -5058,6 +5058,7 @@ static int sctp_getsockopt_active_key(struct sock *sk, int len,
static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len, static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
char __user *optval, int __user *optlen) char __user *optval, int __user *optlen)
{ {
struct sctp_authchunks __user *p = (void __user *)optval;
struct sctp_authchunks val; struct sctp_authchunks val;
struct sctp_association *asoc; struct sctp_association *asoc;
struct sctp_chunks_param *ch; struct sctp_chunks_param *ch;
@ -5066,10 +5067,10 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
if (len <= sizeof(struct sctp_authchunks)) if (len <= sizeof(struct sctp_authchunks))
return -EINVAL; return -EINVAL;
if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) if (copy_from_user(&val, p, sizeof(struct sctp_authchunks)))
return -EFAULT; return -EFAULT;
to = val.gauth_chunks; to = p->gauth_chunks;
asoc = sctp_id2assoc(sk, val.gauth_assoc_id); asoc = sctp_id2assoc(sk, val.gauth_assoc_id);
if (!asoc) if (!asoc)
return -EINVAL; return -EINVAL;
@ -5092,6 +5093,7 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len, static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
char __user *optval, int __user *optlen) char __user *optval, int __user *optlen)
{ {
struct sctp_authchunks __user *p = (void __user *)optval;
struct sctp_authchunks val; struct sctp_authchunks val;
struct sctp_association *asoc; struct sctp_association *asoc;
struct sctp_chunks_param *ch; struct sctp_chunks_param *ch;
@ -5100,10 +5102,10 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
if (len <= sizeof(struct sctp_authchunks)) if (len <= sizeof(struct sctp_authchunks))
return -EINVAL; return -EINVAL;
if (copy_from_user(&val, optval, sizeof(struct sctp_authchunks))) if (copy_from_user(&val, p, sizeof(struct sctp_authchunks)))
return -EFAULT; return -EFAULT;
to = val.gauth_chunks; to = p->gauth_chunks;
asoc = sctp_id2assoc(sk, val.gauth_assoc_id); asoc = sctp_id2assoc(sk, val.gauth_assoc_id);
if (!asoc && val.gauth_assoc_id && sctp_style(sk, UDP)) if (!asoc && val.gauth_assoc_id && sctp_style(sk, UDP))
return -EINVAL; return -EINVAL;