diff options
| author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-29 08:29:55 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-29 08:29:55 -0800 |
| commit | 219ff3ad611ecfe8a2fd29b8c50a5313c9d15383 (patch) | |
| tree | 69a9ad12ed64d0966ec63bb5c4699e3effb5490f /net/sctp/socket.c | |
| parent | 547598d3a91f11b1f802bf0b122f777c3c22f26d (diff) | |
| parent | 2335f8ec27e125208d8d2d3e257a82862c4977d6 (diff) | |
| download | op-kernel-dev-219ff3ad611ecfe8a2fd29b8c50a5313c9d15383.zip op-kernel-dev-219ff3ad611ecfe8a2fd29b8c50a5313c9d15383.tar.gz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (79 commits)
[X25]: Use proc_create() to setup ->proc_fops first
[WANROUTER]: Use proc_create() to setup ->proc_fops first
[8021Q]: Use proc_create() to setup ->proc_fops first
[IPV4]: Use proc_create() to setup ->proc_fops first
[IPV6]: Use proc_create() to setup ->proc_fops first
[SCTP]: Use proc_create() to setup ->proc_fops first
[PKTGEN]: Use proc_create() to setup ->proc_fops first
[NEIGHBOUR]: Use proc_create() to setup ->proc_fops first
[LLC]: Use proc_create() to setup ->proc_fops first
[IPX]: Use proc_create() to setup ->proc_fops first
[SUNRPC]: Use proc_create() to setup ->proc_fops first
[ATM]: Use proc_create() to setup ->proc_fops first
[SCTP]: Update AUTH structures to match declarations in draft-16.
[SCTP]: Incorrect length was used in SCTP_*_AUTH_CHUNKS socket option
[SCTP]: Clean up naming conventions of sctp protocol/address family registration
[APPLETALK]: Use proc_create() to setup ->proc_fops first
[BNX2X]: add bnx2x to MAINTAINERS
[BNX2X]: update version, remove CVS strings
[BNX2X]: Fix Xmit bugs
[BNX2X]: Prevent PCI queue overflow
...
Diffstat (limited to 'net/sctp/socket.c')
| -rw-r--r-- | net/sctp/socket.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 44797ad..9398926 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1964,7 +1964,7 @@ static int sctp_setsockopt_disable_fragments(struct sock *sk, static int sctp_setsockopt_events(struct sock *sk, char __user *optval, int optlen) { - if (optlen != sizeof(struct sctp_event_subscribe)) + if (optlen > sizeof(struct sctp_event_subscribe)) return -EINVAL; if (copy_from_user(&sctp_sk(sk)->subscribe, optval, optlen)) return -EFAULT; @@ -5070,6 +5070,7 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len, struct sctp_authchunks val; struct sctp_association *asoc; struct sctp_chunks_param *ch; + u32 num_chunks; char __user *to; if (len <= sizeof(struct sctp_authchunks)) @@ -5086,12 +5087,15 @@ static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len, ch = asoc->peer.peer_chunks; /* See if the user provided enough room for all the data */ - if (len < ntohs(ch->param_hdr.length)) + num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t); + if (len < num_chunks) return -EINVAL; - len = ntohs(ch->param_hdr.length); + len = num_chunks; if (put_user(len, optlen)) return -EFAULT; + if (put_user(num_chunks, &p->gauth_number_of_chunks)) + return -EFAULT; if (copy_to_user(to, ch->chunks, len)) return -EFAULT; @@ -5105,6 +5109,7 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len, struct sctp_authchunks val; struct sctp_association *asoc; struct sctp_chunks_param *ch; + u32 num_chunks; char __user *to; if (len <= sizeof(struct sctp_authchunks)) @@ -5123,12 +5128,15 @@ static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len, else ch = sctp_sk(sk)->ep->auth_chunk_list; - if (len < ntohs(ch->param_hdr.length)) + num_chunks = ntohs(ch->param_hdr.length) - sizeof(sctp_paramhdr_t); + if (len < num_chunks) return -EINVAL; - len = ntohs(ch->param_hdr.length); + len = num_chunks; if (put_user(len, optlen)) return -EFAULT; + if (put_user(num_chunks, &p->gauth_number_of_chunks)) + return -EFAULT; if (copy_to_user(to, ch->chunks, len)) return -EFAULT; |
