diff options
author | David S. Miller <davem@davemloft.net> | 2009-02-06 00:49:55 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-02-06 00:49:55 -0800 |
commit | 684de409acff8b1fe8bf188d75ff2f99c624387d (patch) | |
tree | f8792653579a6a6a88634c7d73e794943c3a38d4 /net/ipv6 | |
parent | a23f4bbd8d27ac8ddc5d71ace1f91bb503f0469a (diff) | |
download | op-kernel-dev-684de409acff8b1fe8bf188d75ff2f99c624387d.zip op-kernel-dev-684de409acff8b1fe8bf188d75ff2f99c624387d.tar.gz |
ipv6: Disallow rediculious flowlabel option sizes.
Just like PKTINFO, limit the options area to 64K.
Based upon report by Eric Sesterhenn and analysis by
Roland Dreier.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/ip6_flowlabel.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index c62dd24..7712578 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -323,17 +323,21 @@ static struct ip6_flowlabel * fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval, int optlen, int *err_p) { - struct ip6_flowlabel *fl; + struct ip6_flowlabel *fl = NULL; int olen; int addr_type; int err; + olen = optlen - CMSG_ALIGN(sizeof(*freq)); + err = -EINVAL; + if (olen > 64 * 1024) + goto done; + err = -ENOMEM; fl = kzalloc(sizeof(*fl), GFP_KERNEL); if (fl == NULL) goto done; - olen = optlen - CMSG_ALIGN(sizeof(*freq)); if (olen > 0) { struct msghdr msg; struct flowi flowi; |