* [PATCH] sctp: fix the length check in sctp_getsockopt_maxburst()
@ 2009-02-20 1:51 Wei Yongjun
0 siblings, 0 replies; only message in thread
From: Wei Yongjun @ 2009-02-20 1:51 UTC (permalink / raw)
To: linux-sctp
The code in sctp_getsockopt_maxburst() doesn't allow len to be larger
then struct sctp_assoc_value, which is a common case where app writers
just pass down the sizeof(buf) or something similar.
This patch fix the problem.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
---
net/sctp/socket.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 5ab68f9..fe0b40c 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5287,7 +5287,8 @@ static int sctp_getsockopt_maxburst(struct sock *sk, int len,
printk(KERN_WARNING
"SCTP: Use struct sctp_assoc_value instead\n");
params.assoc_id = 0;
- } else if (len = sizeof (struct sctp_assoc_value)) {
+ } else if (len >= sizeof(struct sctp_assoc_value)) {
+ len = sizeof(struct sctp_assoc_value);
if (copy_from_user(¶ms, optval, len))
return -EFAULT;
} else
--
1.5.3.8
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2009-02-20 1:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-20 1:51 [PATCH] sctp: fix the length check in sctp_getsockopt_maxburst() Wei Yongjun
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.