| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1236023174-18314-4-git-send-email-vladislav.yasevich@hp.com>
Date: Mon, 2 Mar 2009 14:46:12 -0500
From: Vlad Yasevich <vladislav.yasevich@...com>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, linux-sctp@...r.kernel.org,
Wei Yongjun <yjwei@...fujitsu.com>,
Vlad Yasevich <vladislav.yasevich@...com>
Subject: [PATCH net-next 3/5] sctp: fix the length check in sctp_getsockopt_maxburst()
From: Wei Yongjun <yjwei@...fujitsu.com>
The code in sctp_getsockopt_maxburst() doesn't allow len to be larger
then struct sctp_assoc_value, which is a common case where app writers
just pass down the sizeof(buf) or something similar.
This patch fix the problem.
Signed-off-by: Wei Yongjun <yjwei@...fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@...com>
---
net/sctp/socket.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 4bc558c..bbd3cd2 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5286,7 +5286,8 @@ static int sctp_getsockopt_maxburst(struct sock *sk, int len,
printk(KERN_WARNING
"SCTP: Use struct sctp_assoc_value instead\n");
params.assoc_id = 0;
- } else if (len == sizeof (struct sctp_assoc_value)) {
+ } else if (len >= sizeof(struct sctp_assoc_value)) {
+ len = sizeof(struct sctp_assoc_value);
if (copy_from_user(¶ms, optval, len))
return -EFAULT;
} else
--
1.5.4.3
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists