diff options
author | Gerrit Renker <gerrit@erg.abdn.ac.uk> | 2010-02-07 20:20:28 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-02-12 11:47:00 -0800 |
commit | 69a6a0b38a139ccceef32222108caca8a9b0b795 (patch) | |
tree | 04e24f2b012c14f33f5bc3d6f96f84056cf1fbbe /net | |
parent | 7455a76f170f794498d26081a5f15b797ef1a2aa (diff) | |
download | op-kernel-dev-69a6a0b38a139ccceef32222108caca8a9b0b795.zip op-kernel-dev-69a6a0b38a139ccceef32222108caca8a9b0b795.tar.gz |
dccp: allow probing of CCID-array length
This fixes a problem in the DCCP getsockopt() API: currently there is no way
for a user to a priori know the number of built-in CCIDs, other than trying
DCCP_SOCKOPT_AVAILABLE_CCIDS in a loop, incrementing the option length until
EINVAL is no longer returned.
This patch truncates the array to the user-provided length. No copy is made
when the length is <= 0.
Due to the length restriction in do_dccp_getsockopt() to sizeof(int), the
minimum array length remains 4, which is a reasonable default (only 3
CCIDs, CCID-2..4, are currently defined).
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/dccp/ccid.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c index ff16e9d..49d27c5 100644 --- a/net/dccp/ccid.c +++ b/net/dccp/ccid.c @@ -63,14 +63,13 @@ int ccid_getsockopt_builtin_ccids(struct sock *sk, int len, u8 *ccid_array, array_len; int err = 0; - if (len < ARRAY_SIZE(ccids)) - return -EINVAL; - if (ccid_get_builtin_ccids(&ccid_array, &array_len)) return -ENOBUFS; - if (put_user(array_len, optlen) || - copy_to_user(optval, ccid_array, array_len)) + if (put_user(array_len, optlen)) + err = -EFAULT; + else if (len > 0 && copy_to_user(optval, ccid_array, + len > array_len ? array_len : len)) err = -EFAULT; kfree(ccid_array); |