diff options
author | Gerrit Renker <gerrit@erg.abdn.ac.uk> | 2010-02-07 15:20:28 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-02-12 14:47:00 -0500 |
commit | 69a6a0b38a139ccceef32222108caca8a9b0b795 (patch) | |
tree | 04e24f2b012c14f33f5bc3d6f96f84056cf1fbbe | |
parent | 7455a76f170f794498d26081a5f15b797ef1a2aa (diff) |
dccp: allow probing of CCID-array length
This fixes a problem in the DCCP getsockopt() API: currently there is no way
for a user to a priori know the number of built-in CCIDs, other than trying
DCCP_SOCKOPT_AVAILABLE_CCIDS in a loop, incrementing the option length until
EINVAL is no longer returned.
This patch truncates the array to the user-provided length. No copy is made
when the length is <= 0.
Due to the length restriction in do_dccp_getsockopt() to sizeof(int), the
minimum array length remains 4, which is a reasonable default (only 3
CCIDs, CCID-2..4, are currently defined).
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | Documentation/networking/dccp.txt | 6 | ||||
-rw-r--r-- | net/dccp/ccid.c | 9 |
2 files changed, 8 insertions, 7 deletions
diff --git a/Documentation/networking/dccp.txt b/Documentation/networking/dccp.txt index b132e4a3cf0f..a62fdf7a6bff 100644 --- a/Documentation/networking/dccp.txt +++ b/Documentation/networking/dccp.txt | |||
@@ -58,8 +58,10 @@ DCCP_SOCKOPT_GET_CUR_MPS is read-only and retrieves the current maximum packet | |||
58 | size (application payload size) in bytes, see RFC 4340, section 14. | 58 | size (application payload size) in bytes, see RFC 4340, section 14. |
59 | 59 | ||
60 | DCCP_SOCKOPT_AVAILABLE_CCIDS is also read-only and returns the list of CCIDs | 60 | DCCP_SOCKOPT_AVAILABLE_CCIDS is also read-only and returns the list of CCIDs |
61 | supported by the endpoint (see include/linux/dccp.h for symbolic constants). | 61 | supported by the endpoint. The option value is an array of type uint8_t whose |
62 | The caller needs to provide a sufficiently large (> 2) array of type uint8_t. | 62 | size is passed as option length. The minimum array size is 4 elements, the |
63 | value returned in the optlen argument always reflects the true number of | ||
64 | built-in CCIDs. | ||
63 | 65 | ||
64 | DCCP_SOCKOPT_CCID is write-only and sets both the TX and RX CCIDs at the same | 66 | DCCP_SOCKOPT_CCID is write-only and sets both the TX and RX CCIDs at the same |
65 | time, combining the operation of the next two socket options. This option is | 67 | time, combining the operation of the next two socket options. This option is |
diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c index ff16e9df1969..49d27c556bec 100644 --- a/net/dccp/ccid.c +++ b/net/dccp/ccid.c | |||
@@ -63,14 +63,13 @@ int ccid_getsockopt_builtin_ccids(struct sock *sk, int len, | |||
63 | u8 *ccid_array, array_len; | 63 | u8 *ccid_array, array_len; |
64 | int err = 0; | 64 | int err = 0; |
65 | 65 | ||
66 | if (len < ARRAY_SIZE(ccids)) | ||
67 | return -EINVAL; | ||
68 | |||
69 | if (ccid_get_builtin_ccids(&ccid_array, &array_len)) | 66 | if (ccid_get_builtin_ccids(&ccid_array, &array_len)) |
70 | return -ENOBUFS; | 67 | return -ENOBUFS; |
71 | 68 | ||
72 | if (put_user(array_len, optlen) || | 69 | if (put_user(array_len, optlen)) |
73 | copy_to_user(optval, ccid_array, array_len)) | 70 | err = -EFAULT; |
71 | else if (len > 0 && copy_to_user(optval, ccid_array, | ||
72 | len > array_len ? array_len : len)) | ||
74 | err = -EFAULT; | 73 | err = -EFAULT; |
75 | 74 | ||
76 | kfree(ccid_array); | 75 | kfree(ccid_array); |